profile
viewpoint

berkshelf/berkshelf 1085

A Chef Cookbook manager

cncf/sig-contributor-strategy 24

CNCF Special Interest Group on Contributor Strategy -- maintainer relations, building up contributors, governance, graduation, and more.

eeyun/crc_chefconf 0

Development repo for building the crc_chefconf workstations

iennae/about 0

Sourcegraph blog, feature announcements, and website (about.sourcegraph.com)

iennae/activemq 0

Development repository for Opscode Cookbook activemq

iennae/ama 0

Ask Jennifer Anything

iennae/arcgis-cookbook 0

Chef cookbook for ArcGIS

issue closeddeislabs/porter

Update docs to not set the docker tag in the manifest bundle tag

Our documentation has lines like this:

name: hello
version: 0.1.0
tag: getporter/porter-hello:v0.1.0

We now have a feature where the docker tag of the bundle automatically for you, including the v prefix. Let's encourage people to take advantage of this in our docs by updating them to look like this:

name: hello
version: 0.1.0
tag: getporter/porter-hello

Only update the documentation (*.md and porter.yaml files) in the following directories:

  • /examples - the examples can be previewed in github only, or in a markdown editor
  • /docs/content - See our contributing guide for how to preview our website
  • /workshop - this can be previewed in github or in a markdown editor

closed time in 4 days

carolynvs

issue commentdeislabs/porter

Update docs to not set the docker tag in the manifest bundle tag

all the documentation got updated with pull request #1173.

carolynvs

comment created time in 4 days

Pull request review commentcncf/sig-contributor-strategy

adding resources page

+# Useful resources, research, and quick links++## Purpose  +Serve as a quick resource for the sig to grab links that we work with at high frequency, reference, other orgs research. This is not official guidance. ++### CNCF Quick Links++- [TOC repo](https://github.com/cncf/toc)+  - [Principles](https://github.com/cncf/toc/blob/master/PRINCIPLES.md)+  - [What type of goverance is my project expected to follow?](https://github.com/cncf/toc/blob/master/FAQ.md#what-type-of-governance-is-my-cncf-project-expected-to-follow)+- [Due Diligence guidelines](https://github.com/cncf/toc/blob/master/process/due-diligence-guidelines.md#project)+- [Due Diligence Template](https://github.com/cncf/toc/blob/master/process/dd-review-template.md#project)+- [Graduation Requirements](https://github.com/cncf/toc/blob/master/process/graduation_criteria.adoc#graduation-stage)+- [Sandbox->Incubation Requirements](https://github.com/cncf/toc/blob/master/process/graduation_criteria.adoc#incubating-stage)+[Sandbox Annual Review has related questions](https://github.com/cncf/toc/blob/master/process/sandbox-annual-review.md#annual-review-contents)++### Governance +- https://sustainers.github.io/governance-readiness/  +//governance checklist for oss projects +- [velero governance](https://github.com/vmware-tanzu/velero/blob/master/GOVERNANCE.md#velero-governance)+- [jupyterhub project governance](https://jupyterhub-team-compass.readthedocs.io/en/latest/governance.html#jupyterhub-project-governance)  +- [selenium project governance](https://www.selenium.dev/governance/)+- [Debian Constitution](https://www.debian.org/devel/constitution)++### New Contributor Recruiting, Growth of Current Contributors, Succession++- https://softdev4research.github.io/4OSS-lesson/04-contributions/

is this missing a [TEXT]

parispittman

comment created time in 6 days

Pull request review commentcncf/sig-contributor-strategy

adding resources page

+# Useful resources, research, and quick links++## Purpose  +Serve as a quick resource for the sig to grab links that we work with at high frequency, reference, other orgs research. This is not official guidance. ++### CNCF Quick Links++- [TOC repo](https://github.com/cncf/toc)+  - [Principles](https://github.com/cncf/toc/blob/master/PRINCIPLES.md)+  - [What type of goverance is my project expected to follow?](https://github.com/cncf/toc/blob/master/FAQ.md#what-type-of-governance-is-my-cncf-project-expected-to-follow)+- [Due Diligence guidelines](https://github.com/cncf/toc/blob/master/process/due-diligence-guidelines.md#project)+- [Due Diligence Template](https://github.com/cncf/toc/blob/master/process/dd-review-template.md#project)+- [Graduation Requirements](https://github.com/cncf/toc/blob/master/process/graduation_criteria.adoc#graduation-stage)+- [Sandbox->Incubation Requirements](https://github.com/cncf/toc/blob/master/process/graduation_criteria.adoc#incubating-stage)+[Sandbox Annual Review has related questions](https://github.com/cncf/toc/blob/master/process/sandbox-annual-review.md#annual-review-contents)++### Governance +- https://sustainers.github.io/governance-readiness/  

is this missing a [TEXT] to refer to it

parispittman

comment created time in 6 days

Pull request review commentdeislabs/porter

yaml for bundle to set up discourse

+# This is the configuration for Porter+# You must define steps for each action, but the rest is optional+# See https://porter.sh/author-bundles for documentation on how to configure your bundle+# Uncomment out the sections below to take full advantage of what Porter can do!++name: discourse-azure+version: 0.1.0+description: "A Porter bundle for Discourse"+# TODO: update the registry to your own, e.g. myregistry/porter-hello:v0.1.0+tag: getporter/discourse-azure:v0.1.0++# Uncomment the line below to use a template Dockerfile for your invocation image+#dockerfile: Dockerfile.tmpl++mixins:+  - az+  - exec++credentials:+  - name: sp_client_id+    env: AZURE_SP_CLIENT_ID++  - name: sp_password+    env: AZURE_SP_PASSWORD++  - name: tenant+    env: AZURE_TENANT_ID++  - name: client_secret+    env: AZURE_CLIENT_SECRET++  - name: client_id+    env: AZURE_CLIENT_ID++  - name: client_secret+    env: AZURE_CLIENT_SECRET++  - name: storage_key+    env: AZURE_STORAGE_KEY++  - name: storage_connection_string+    env: AZURE_STORAGE_CONNECTION_STRING++parameters:+  - name: location+    type: string+    default: "EastUS"++  - name: resource_group_name+    type: string+    default: "porter-discourse"++  - name: storage_account_name+    type: string+    default: "porterstorage"++  - name: storage_container_name+    type: string+    default: "porterdiscourse"++  - name: database-name+    type: string+    default: "porter-discourse"++  - name: discourse_hostname+    type: string+    default: ""++  - name: admin_email+    type: string++  - name: SMTP_server_address+    type: string++  - name: SMTP_port+    type: string++  - name: SMTP_user_name+    type: string++  - name: SMTP_password+    type: string++install:+  - az:+      description: "Azure ClI login"

ClI -> CLI

gaurimadhok

comment created time in 6 days

pull request commentdeislabs/porter

Update porter.yaml template and clean up documentation and test data that use manifest template

I touched the template to provide some updates to the comments and I'm not entirely sure how I managed to break the build. It doesn't look like a "too many characters on this line".

carolynvs

comment created time in 7 days

push eventcarolynvs/porter

Jennifer Davis

commit sha b08c6fe7e2b2cc89368e3567790d32fe06961331

Update porter.yaml cleaning up comments

view details

push time in 7 days

Pull request review commentdeislabs/porter

Clean up documentation that includes sample porter.yaml template

 To create a new CNAB with Porter, you first run `porter create`. The generated ` name: HELLO version: 0.1.0 description: "An example Porter configuration"-# TODO: update the registry to your own, e.g. myregistry/porter-hello:v0.1.0-tag: getporter/porter-hello:v0.1.0+# TODO: update the registry to your own, e.g. myregistry/porter-hello+tag: getporter/porter-hello -# Uncomment the line below to use a template Dockerfile for your invocation image+# Uncomment the line below to customize the Dockerfile, see https://porter.sh/custom-dockerfile/

Would recommend not including the comments in the build-image.md documentation to limit what needs to get updated when changes to the base template are made.

carolynvs

comment created time in 7 days

push eventiennae/porter

Simon Davies

commit sha 35942a905079d12ffc5f536454489e9322821d73

update to check for GOPATH/bin

view details

Carolyn Van Slyck

commit sha ceeb620f5b22d811bd5117c3788c3a778e2fbfc1

Add new contributors to Porter team Automatically add new contributors to our Porters team so that they can have issues assigned to them and generally interact with our repos/org later.

view details

Carolyn Van Slyck

commit sha 4171444d2fff0e70e45a0a741faaddc29a6bf1e7

Merge pull request #1168 from carolynvs/invite-contribs Add new contributors to Porter team

view details

Carolyn Van Slyck

commit sha 0335546638139654aa89ca2435d37382f583cdb6

Merge pull request #1156 from simongdavies/update-makefile updates Makefile

view details

Carolyn Van Slyck

commit sha cad03081f589379991e8530e4da37eb641abd682

Claims Release (#1145) * List all pages in a section The template was assuming a paginator, but our template doesn't use one, so print all pages * Put release branches in a "directory" structure We are using release/VERSION instead of release-VERSION, to take advantage of tooling that collapses releases. Allow for triggering tests against other gitflow named branches as well. * Rename instances to installations (#1102) * fixes to install scripts for path set up * fixes to install scripts for path set up * instances to installations change * updates * Update show.go Accidentally changed showInstallations to showInstances but now changed it back * claim to installation fixes * claim to installation change in invoke_test.go and parameters_test.go * Use latest claims code in cnab-go (#1065) * Use latest claims code in cnab-go This gets porter using the latest claims spec that is now supported in cnab-go. It doesn't take advantage yet of new features that we could do with the additional data, just ensures that we still build and work. * Apply suggestions from code review Co-authored-by: Vaughn Dice <vadice@microsoft.com> * Fix test-cli * Set PORTER_HOME in integration tests on plugins The integration tests don't use the PORTER_HOME env var, they programmatically set the porter home directory on the porter app. So when Porter creates a plugin, we need to explicitly set the home dir on the plugin when it's instantiated since it won't get PORTER_HOME automatically. * Fix show instance status Bump cnab-go to get fix for displaying instance status. We need the entire installation history so that we have the installation time (the first claim), and ReadInstallation needs to read claims AND results. * Update slide reference to claim file * Resolve merge conflicts with paramset feature * Incorporate review feedback * Change error handling when we can't find the install time * Move definition of common runtime functions * Remove accidental early return * Consolidate logic for cnab provider ONE FUNCTION TO RULE THEM ALL! * Move UseFilesystem onto TestContext * bump cnab-go * Final cnab-go bump v0.13.0-beta1 Co-authored-by: Vaughn Dice <vadice@microsoft.com> * Fix TestDependencySolver_ResolveDependencies Flake We were relying on an array order that was generated from iterating upon a map. So it was unreliable in our tests. This ensures that we are looking at the correct elements when evaluating the test results. * Claim data migration (#1090) * Migrate to new claim layout on read/list When we request claim data, detect if it's the old layout and automatically migrate all the claim data to the new layout. At the same time detect older schema (e.g. when claim.Installation was claim.Name) and handle that migration too. When we cut to v1.0 we will stop supporting older claim data stores. * Use a schema file at the root of home Place a schema file at the root of home, schema.json, that says the layout of the files used so we can detect if we should migrate. { "claims": "CLAIM SCHEMA" } * Fill in the credentials spec version * Param source (#1129) * Refactor before parameter sources feature * Add action to ActionArguments * Replace cnab Install/Upgrade/Invoke/Uninstall with Execute * Use claim.Action* from cnab-go instead of our own definition with manifest.Action* * Fix loadParameters to apply string -> type conversions for all parameters, not just those supplied on the command-line. * Apply parameter sources when executing a bundle When executing a bundle, look for the parameter sources extension and apply any defined (we only support outputs as sources for now) and use them as parameter values. The precedence order is: 0. user defined overrides on command-line 1. parameter sets 2. parameter sources 3. bundle defaults * Use CreateClaim helper to shorten tests * Incorporate review feedback * Show installation history Print out the history of what has happened to a bundle installation, instead of just the last action when you run `porter show`. I've added a new printer method that prints out a table section and I'll follow up and redo other sections so that they use it too. * Hold open plugin connection during schema migration (#1155) * Hold open plugin connection during schema migration * Make sure we don't open/close the plugin connection during the schema migration check. * Bubble through the Connect call to the wrapped backing store. * Add failing test for panic during migration * Reuse backing store during claims migration Use the same backing store for manual access and for the claim store itself so that we can better manage the connection, i.e. connecting one connects the other. * Trigger build all branches (#1157) * Fix running integration tests for any branch The * only matches a single directory deep. Removing the pr configuration entirely triggers builds for all branches. * Fix failing test The test setup should ignore removing a directory that doesn't exist on the CI server. * Generate and resolve parameter sources from templating (#1158) * Refactor before adding parameter sources * Determine required extensions based on what has been populated in the bundle.json, not by what is in the manifest. We know it is required because we have already populated data for that extension. * Some additional bundle.bundle pointer to value cleanup. * Added extension.HasDependencies and extension.HasParameterSources functions so we can check if we should attempt to read extension data or not from a bundle. * Generate parameter sources from porter templating * Directly connect outputs to parameters in the manifest * Consolidate logic in manifest Consolidate logic for the wiring name or identifying outputs in the manifest so that we can reuse it between the bundle adapter and the runtime. * Document parameter source in manifest * Handle file type parameters in parameter sources Test out the change in our exec-outputs example * Simplify tests * Update exec-outputs example to modify parameter-source Have the exec-outputs example consume an ouput as a parameter then modify it, similar to how terraform will do so with tfstate. * Incorporate review feedback Co-authored-by: gaurimadhok <gmadhok@usc.edu> Co-authored-by: Vaughn Dice <vadice@microsoft.com>

view details

Carolyn Van Slyck

commit sha 76151d55c9882d44c44edd9b9cc0160b3eb47ef2

Bump cnab-go to v0.13.2

view details

Carolyn Van Slyck

commit sha cdfedca26b9a759b5aae3fdeaaf403b46bc2245d

Do not hard-code version in manifest tag Take advantage of the defaulting, don't give people a bad example and make it easier to maintain the bundle.

view details

Carolyn Van Slyck

commit sha fc07629286d10ae80cb9ac8dbf28fd49c19ea28e

Merge pull request #1176 from carolynvs/bump-cnab Bump cnab-go to v0.13.2

view details

Vaughn Dice

commit sha d9806a3239bca5887ec21bd5a6d15b166c820a34

feat(.github): add proposal template (#1165) * feat(.github): add proposal template Signed-off-by: Vaughn Dice <vadice@microsoft.com> * revise design proposal template Signed-off-by: Vaughn Dice <vadice@microsoft.com> * update wording to 'at least one week' Signed-off-by: Vaughn Dice <vadice@microsoft.com> * add checklist mentioning mailing list Signed-off-by: Vaughn Dice <vadice@microsoft.com>

view details

Carolyn Van Slyck

commit sha 129a7b1e28cddf322b3410a148cfe21f789d8a24

Improve plugin connection handling * Use json formatted plugin logging so that we can log just the plugin message and not the raw unformatted message * Add --debug-plugin flag so that we can selectively see the logs from the plugin

view details

Vaughn Dice

commit sha 06de77f121bc8414f63bd9cae731d131fa59c109

fix(archive.go): return error if parent dir of dest file does not exist Signed-off-by: Vaughn Dice <vadice@microsoft.com>

view details

Carolyn Van Slyck

commit sha e700d76ffcfa38fa2f665e904e25a969400e9a7d

Merge pull request #1178 from carolynvs/oops-i-dropped-a-commit Improve plugin connection handling

view details

Carolyn Van Slyck

commit sha 915689e2fc1cafd5094c6066d5212b55269cc63d

Merge pull request #1179 from vdice/fix/archive-folder fix(archive.go): return error if parent dir of dest file does not exist

view details

Carolyn Van Slyck

commit sha b949dd766a88a1dac162f0234512ca2454596fe6

Merge pull request #1172 from carolynvs/default-tag Do not hard-code version in manifest tag

view details

Jennifer Davis

commit sha bd605cd722fd333ead993b2b105d3bffb550649d

Merge branch 'main' into issue_1082_b

view details

push time in 7 days

Pull request review commentdeislabs/porter

[WIP] Quickstart Documentation updates

+---+title: QuickStart Guide+descriptions: Get started building bundles with Porter+---++## Pre-requisites++Docker is currently a prerequisite for using Porter. Docker is used to package up the bundle. ++If you do not have Docker installed, go ahead and [get Docker](https://docs.docker.com/get-docker/). ++## Getting Porter++Next, you need Porter. Follow the Porter [installation instructions](/install/).++## Create a new bundle++Use the `porter create` command to start a new project:++```+mkdir -p my-bundle/ && cd my-bundle/+porter create+```++This will create a file called **porter.yaml** which contains the configuration+for your bundle. This will be the file that you modify and customize for your application's needs.++## Examine the Porter YAML configuration++Let's look more closely at the bundle manifest, [porter.yaml](porter-yaml). 

That's the plan. I'm focusing on the content versus updating the navigation right now as it's easy for me to get distracted :)

iennae

comment created time in 8 days

PR opened deislabs/porter

Reviewers
Clean up the build image documentation.

What does this change

Currently the build image documentation refers to a flag that isn't available (verbose). Instead, folks can use debug. The output is slightly different. There are a few other changes I think this document could use for clarity, but I wanted to make sure we get this updated.

What issue does it fix

This doesn't close an issue, but is one part of the bigger documentation update (Issue #1082 )

Notes for the reviewer

I'm not sure if I should remove my home directory or leave it as is in the command. It provides some small context but that might be better served being documented clearly.

Checklist

  • [ ] Unit Tests
  • [x ] Documentation
  • [ ] Schema (porter.yaml)
+103 -47

0 comment

1 changed file

pr created time in 8 days

create barnchiennae/porter

branch : issue_1082_b

created branch time in 8 days

push eventiennae/porter

Jennifer Davis

commit sha fb02e16933d2ddfdb7716afa48a9095090cd093d

Fix the relative links for the documentation Signed-off-by: Jennifer Davis <iennae@gmail.com>

view details

push time in 8 days

push eventiennae/porter

Jennifer Davis

commit sha f8e262fbf00116c7494f8e611b67e4ce11a227b2

Need a new quickstart index since I added a quickstart directory to hold all the relevant files Signed-off-by: Jennifer Davis <iennae@gmail.com>

view details

push time in 8 days

create barnchiennae/porter

branch : main

created branch time in 8 days

Pull request review commentdeislabs/porter

[WIP] Quickstart Documentation updates

+---+title: Examine porter.yaml+description: Examining the Porter YAML configuration+---++Let's look at one of the key components of a bundle - the manifest file that is created with `porter create` in `porter.yaml`.++```yaml++name: HELLO+version: 0.1.0+description: "An example Porter configuration"+tag: getporter/porter-hello:v0.1.0++mixins:+  - exec++install:+  - exec:+      description: "Install Hello World"+      command: ./helpers.sh+      arguments:+        - install++upgrade:+  - exec:+      description: "World 2.0"+      command: ./helpers.sh+      arguments:+        - upgrade++uninstall:+  - exec:+      description: "Uninstall Hello World"+      command: ./helpers.sh+      arguments:+        - uninstall+```++This example is directly after running `porter create` and should be modified and customized for your needs. These are not the only configuration options, but let's talk through this example.  ++At the top, specific bundle metadata is defined:++```yaml++name: HELLO+version: 0.1.0+description: "An example Porter configuration"+tag: getporter/porter-hello:v0.1.0+```++The name configuration is the name of the bundle. This bundle is "HELLO" as in a hello world example. ++The version configuration follows [Semantic Versioning](https://semver.org). A specific version of a bundle provides a set of functionality. ++The description configuration provides addiitonal information about the bundle and its functionality. ++The tag configuration is used when the bundle is published to a registry in the format of `REGISTRY/IMAGE` or `REGISTRY/IMAGE:TAG`.++There are 3 actions defined: install, upgrade, and uninstall.  The functionality of each action is implemented separately through mixins. ++Mixins are the building blocks for authoring bundles. There are a number of mixins included by default and you can create new ones as well. In this example, the `exec` mixin is included:++```yaml++mixins:+  - exec+  ```++  and then invoked within the action, for example for install++  ```yaml++  install:+  - exec:+  ```++The `exec` mixin is used when you want to run shell scripts and commands. ++Each action may have one or more steps to accomplish that action. For the install action:++```yaml++install:+  - exec:+      description: "Install Hello World"+      command: ./helpers.sh+      arguments:+        - install+```++there is one step that uses the exec mixin to run the `helpers.sh` script with the argument `install`. Within your project directory, you will see the helpers.sh bash script.++Inside the `helpers.sh` file, install is a bash function:++```bash++install() {+  echo Hello World+}+```++This runs the echo built-in command with the arguments "Hello World". 

Great suggestion, added to the update.

iennae

comment created time in 8 days

push eventiennae/porter

Jennifer Davis

commit sha 42563e71077d022c52b309c8577b1b61999bbe3a

Feedback fixes and additional content This is still a work in progress. Signed-off-by: Jennifer Davis <iennae@gmail.com>

view details

push time in 8 days

push eventosscda/cloud-native-stream

Jennifer Davis

commit sha 38d0b98fca4b61a5af7f7ccc01e36078e4ca266c

Update schedule.md

view details

push time in 14 days

issue closedosscda/cloud-native-stream

July 15, 2020

Last week:

We talked a little about Go as a language for newbies and language choices for beginners.

We figured out what was going on with our ports invocation at the commandline, filed https://github.com/dapr/samples/issues/254 to improve the documentation around the Hello World sample.

We started talking about how to store more than one order. Aaron started coding this, and updated project

This week:

  • Review project so far, revisit Dapr concepts of service invocation and state management
  • Review storing more than one order code, get it working..
  • TIL/ICYMI

closed time in 14 days

iennae

issue openedosscda/cloud-native-stream

July 22, 2020

Last Week Review project so far, revisit Dapr concepts of service invocation and state management Review storing more than one order code, get it working..

This week

created time in 14 days

issue closedosscda/cloud-native-stream

July 8, 2020

Pick up where we left off

We walked through the hello world sample and got to step 4 of the tutorial. We examined the node app and talked through what is happening and our expectations. We tried running the dapr command without port flags and didn't see what we expected to happen (which is that the application would just work with the different port).

  • We got the getting started to work!
  • But we also ran the dapr run command without the port flags, and it failed

Today

  • Let's start with running the dapr run command without the port flags, talk through what is happening to figure out why it failed. Is port actually required rather than optional?

  • Go through the rest of the hello world walk through.

  • ICYMI/TIL

closed time in 14 days

arschles

issue commentcncf/sig-contributor-strategy

WG Governance Content Tracking

Cultivating project leadership - assessing your current team and migrating to a governance model

jberkus

comment created time in 14 days

push eventCoffeeOps/coffeeops.github.io

dependabot[bot]

commit sha af656c733151160fb661176510196252e833a745

Bump ffi from 1.9.6 to 1.12.2 Bumps [ffi](https://github.com/ffi/ffi) from 1.9.6 to 1.12.2. - [Release notes](https://github.com/ffi/ffi/releases) - [Changelog](https://github.com/ffi/ffi/blob/master/CHANGELOG.md) - [Commits](https://github.com/ffi/ffi/compare/v1.9.6...1.12.2) Signed-off-by: dependabot[bot] <support@github.com>

view details

Jennifer Davis

commit sha 9ade72ef9f9bafc0fba865e21c0adc9e0f99d081

Merge pull request #41 from CoffeeOps/dependabot/bundler/ffi-1.12.2 Bump ffi from 1.9.6 to 1.12.2

view details

push time in 15 days

PR merged CoffeeOps/coffeeops.github.io

Bump ffi from 1.9.6 to 1.12.2 dependencies

Bumps ffi from 1.9.6 to 1.12.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ffi/ffi/blob/master/CHANGELOG.md">ffi's changelog</a>.</em></p> <blockquote> <h2>1.12.2 / 2020-02-01</h2> <ul> <li>Fix possible segfault at FFI::Struct#[] and []= after GC.compact . <a href="https://github-redirect.dependabot.com/ffi/ffi/issues/742">#742</a></li> </ul> <h2>1.12.1 / 2020-01-14</h2> <p>Added:</p> <ul> <li>Add binary gem support for ruby-2.7 on Windows</li> </ul> <h2>1.12.0 / 2020-01-14</h2> <p>Added:</p> <ul> <li>FFI::VERSION is defined as part of <code>require 'ffi'</code> now. It is no longer necessary to <code>require 'ffi/version'</code> .</li> </ul> <p>Changed:</p> <ul> <li>Update libffi to latest master.</li> </ul> <p>Deprecated:</p> <ul> <li>Overwriting struct layouts is now warned and will be disallowed in ffi-2.0. <a href="https://github-redirect.dependabot.com/ffi/ffi/issues/734">#734</a>, <a href="https://github-redirect.dependabot.com/ffi/ffi/issues/735">#735</a></li> </ul> <h2>1.11.3 / 2019-11-25</h2> <p>Removed:</p> <ul> <li>Remove support for tainted objects which cause deprecation warnings in ruby-2.7. <a href="https://github-redirect.dependabot.com/ffi/ffi/issues/730">#730</a></li> </ul> <h2>1.11.2 / 2019-11-11</h2> <p>Added:</p> <ul> <li>Add DragonFlyBSD as a platform. <a href="https://github-redirect.dependabot.com/ffi/ffi/issues/724">#724</a></li> </ul> <p>Changed:</p> <ul> <li>Sort all types.conf files, so that files and changes are easier to compare.</li> <li>Regenerated type conf for freebsd12 and x86_64-linux targets. <a href="https://github-redirect.dependabot.com/ffi/ffi/issues/722">#722</a></li> <li>Remove MACOSX_DEPLOYMENT_TARGET that was targeting very old version 10.4. <a href="https://github-redirect.dependabot.com/ffi/ffi/issues/647">#647</a></li> <li>Fix library name mangling for non glibc Linux/UNIX. <a href="https://github-redirect.dependabot.com/ffi/ffi/issues/727">#727</a></li> <li>Fix compiler warnings raised by ruby-2.7</li> <li>Update libffi to latest master.</li> </ul> <p>1.11.1 / 2019-05-20</p> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ffi/ffi/commit/ad524cb016fc788861d76e43a5067b8d441a76bc"><code>ad524cb</code></a> Bump VERSION to 1.12.2</li> <li><a href="https://github.com/ffi/ffi/commit/01cbd061bbbc80f24a682b872a80a08e5951efa6"><code>01cbd06</code></a> Update CHANGELOG for 1.12.2</li> <li><a href="https://github.com/ffi/ffi/commit/6662bccd0bff2f64b79380e23850548af76637b7"><code>6662bcc</code></a> Replace st_table with simple cache and fix segfault after GC.compact</li> <li><a href="https://github.com/ffi/ffi/commit/68453146decaf7be79d16a0c34f3fc8fd536935e"><code>6845314</code></a> Remove old references to ruby-1.9</li> <li><a href="https://github.com/ffi/ffi/commit/b54e735b11abef310c58b0f33dfc1af8f78f007e"><code>b54e735</code></a> Bump VERSION to 1.12.1</li> <li><a href="https://github.com/ffi/ffi/commit/ee13af16bd290e9d5c9d74eecfc563017284b6f5"><code>ee13af1</code></a> Do parallel builds in CI docker containers</li> <li><a href="https://github.com/ffi/ffi/commit/2c81c6b48bd9fe7bb0790e850b6e68b70f036b5d"><code>2c81c6b</code></a> Respect MAKE environment variable for libtest build</li> <li><a href="https://github.com/ffi/ffi/commit/b2793a362f95a64ba4b99d1984e6d3fbe91d417d"><code>b2793a3</code></a> Better document enable/disable libffi switches in the README</li> <li><a href="https://github.com/ffi/ffi/commit/8169aef7e0bd65eefa49ae626bf6b61012ef470a"><code>8169aef</code></a> Bump VERSION to 1.12.0</li> <li><a href="https://github.com/ffi/ffi/commit/62c0c9712acb0b94c15cd22d316149e71bcf9658"><code>62c0c97</code></a> Update CHANGELOG for version 1.12.0</li> <li>Additional commits viewable in <a href="https://github.com/ffi/ffi/compare/v1.9.6...1.12.2">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in 15 days

push eventCoffeeOps/coffeeops.github.io

dependabot[bot]

commit sha 65207e40dc61ccac0b072c15bfc31867f94a11ca

Bump activesupport from 4.2.0 to 6.0.3 Bumps [activesupport](https://github.com/rails/rails) from 4.2.0 to 6.0.3. - [Release notes](https://github.com/rails/rails/releases) - [Changelog](https://github.com/rails/rails/blob/v6.0.3/activesupport/CHANGELOG.md) - [Commits](https://github.com/rails/rails/compare/v4.2.0...v6.0.3) Signed-off-by: dependabot[bot] <support@github.com>

view details

Jennifer Davis

commit sha 8b7bc76326e7b394974bcb73f37b31ee07e5d481

Merge pull request #42 from CoffeeOps/dependabot/bundler/activesupport-6.0.3 Bump activesupport from 4.2.0 to 6.0.3

view details

push time in 15 days

PR merged CoffeeOps/coffeeops.github.io

Bump activesupport from 4.2.0 to 6.0.3 dependencies

Bumps activesupport from 4.2.0 to 6.0.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rails/rails/releases">activesupport's releases</a>.</em></p> <blockquote> <h2>6.0.3</h2> <p>In this version, we fixed warnings when used with Ruby 2.7 across the entire framework.</p> <p>Following are the list of other changes, per-framework.</p> <h2>Active Support</h2> <ul> <li> <p><code>Array#to_sentence</code> no longer returns a frozen string.</p> <p>Before:</p> <pre><code>['one', 'two'].to_sentence.frozen?

=> true

</code></pre> <p>After:</p> <pre><code>['one', 'two'].to_sentence.frozen?

=> false

</code></pre> <p><em>Nicolas Dular</em></p> </li> <li> <p>Update <code>ActiveSupport::Messages::Metadata#fresh?</code> to work for cookies with expiry set when <code>ActiveSupport.parse_json_times = true</code>.</p> <p><em>Christian Gregg</em></p> </li> </ul> <h2>Active Model</h2> <ul> <li>No changes.</li> </ul> <h2>Active Record</h2> <ul> <li> <p>Recommend applications don't use the <code>database</code> kwarg in <code>connected_to</code></p> <p>The database kwarg in <code>connected_to</code> was meant to be used for one-off scripts but is often used in requests. This is really dangerous because it re-establishes a connection every time. It's deprecated in 6.1 and will be removed in 6.2 without replacement. This change soft deprecates it in 6.0 by removing documentation.</p> <p><em>Eileen M. Uchitelle</em></p> </li> <li> <p>Fix support for PostgreSQL 11+ partitioned indexes.</p> <p><em>Sebastián Palma</em></p> </li> <li> <p>Add support for beginless ranges, introduced in Ruby 2.7.</p> <p><em>Josh Goodall</em></p> </li> </ul> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rails/rails/blob/v6.0.3/activesupport/CHANGELOG.md">activesupport's changelog</a>.</em></p> <blockquote> <h2>Rails 6.0.3 (May 06, 2020)</h2> <ul> <li> <p><code>Array#to_sentence</code> no longer returns a frozen string.</p> <p>Before:</p> <pre><code>['one', 'two'].to_sentence.frozen?

=> true

</code></pre> <p>After:</p> <pre><code>['one', 'two'].to_sentence.frozen?

=> false

</code></pre> <p><em>Nicolas Dular</em></p> </li> <li> <p>Update <code>ActiveSupport::Messages::Metadata#fresh?</code> to work for cookies with expiry set when <code>ActiveSupport.parse_json_times = true</code>.</p> <p><em>Christian Gregg</em></p> </li> </ul> <h2>Rails 6.0.2.2 (March 19, 2020)</h2> <ul> <li>No changes.</li> </ul> <h2>Rails 6.0.2.1 (December 18, 2019)</h2> <ul> <li>No changes.</li> </ul> <h2>Rails 6.0.2 (December 13, 2019)</h2> <ul> <li> <p>Eager load translations during initialization.</p> <p><em>Diego Plentz</em></p> </li> <li> <p>Use per-thread CPU time clock on <code>ActiveSupport::Notifications</code>.</p> <p><em>George Claghorn</em></p> </li> </ul> <h2>Rails 6.0.1 (November 5, 2019)</h2> <ul> <li> <p><code>ActiveSupport::SafeBuffer</code> supports <code>Enumerator</code> methods.</p> <p><em>Shugo Maeda</em></p> </li> <li> <p>The Redis cache store fails gracefully when the server returns a "max number</p> </li> </ul> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rails/rails/commit/b738f1930f3c82f51741ef7241c1fee691d7deb2"><code>b738f19</code></a> Preparing for 6.0.3 release</li> <li><a href="https://github.com/rails/rails/commit/509b9da209a8481fef8310bc14d6c6cd27c629dc"><code>509b9da</code></a> Preparing for 6.0.3.rc1 release</li> <li><a href="https://github.com/rails/rails/commit/02d07cccb736506b3dd6d465c8017c9010e74b28"><code>02d07cc</code></a> adds missing require [Fixes <a href="https://github-redirect.dependabot.com/rails/rails/issues/39042">#39042</a>]</li> <li><a href="https://github.com/rails/rails/commit/f2f7bcc047fa42344742e508016c65ed54419ade"><code>f2f7bcc</code></a> Fix Builder::XmlMarkup lazy load in Array#to_xml</li> <li><a href="https://github.com/rails/rails/commit/320734ea8a2cc518fe8f20b326d5c508afb40502"><code>320734e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/rails/rails/issues/36941">#36941</a> from ts-3156/master</li> <li><a href="https://github.com/rails/rails/commit/da8f6318f7960cb3fe1a1d2e4219e4922c535591"><code>da8f631</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/rails/rails/issues/38939">#38939</a> from hammerdr/38937</li> <li><a href="https://github.com/rails/rails/commit/b60571ea8efc4d6c8d0e1d90e0b29e5eb9de186e"><code>b60571e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/rails/rails/issues/38864">#38864</a> from abhaynikam/replace-mailing-list-url</li> <li><a href="https://github.com/rails/rails/commit/639e646a9d6815f3e4367174bbee807403f73cfb"><code>639e646</code></a> Add CHANGELOG entry to 6.0.2.2</li> <li><a href="https://github.com/rails/rails/commit/5665d0867bb34b941db778630d558c7694bb1506"><code>5665d08</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/rails/rails/issues/38810">#38810</a> from kamipo/restore_compatibility_for_lookup_store</li> <li><a href="https://github.com/rails/rails/commit/7d11f6e4ef6be389df0e82911f649f8fcdf61052"><code>7d11f6e</code></a> Fix configuring a cache store with ActiveSupport::OrderedOptions</li> <li>Additional commits viewable in <a href="https://github.com/rails/rails/compare/v4.2.0...v6.0.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+11 -9

0 comment

1 changed file

dependabot[bot]

pr closed time in 15 days

push eventCoffeeOps/coffeeops.github.io

Tom Withers

commit sha f49f59202ce6698175e47eadaf0c6cadb3999e79

Added Birmingham UK to the list of meetups

view details

Jennifer Davis

commit sha 5fd2a38b1b20bbfeb848aff549d49a82153ec345

Merge pull request #43 from TomTucka/add-birmingham-uk Add Birmingham UK to the list of meetups

view details

push time in 16 days

PR merged CoffeeOps/coffeeops.github.io

Add Birmingham UK to the list of meetups

Hey 👋,

After attending the CoffeeOps session at DevOpsDays London, we started one up every Tuesday In Birmingham, Just thought I'd get us added to the list!

+9 -0

1 comment

1 changed file

TomTucka

pr closed time in 16 days

issue commentcloud-actions/golang-actions-functions

Error on creating service principal name with docs as listed

Also make sure to add to the DEPLOY-LINUX.sh so that it reflects the new service principal if it's changed.

iennae

comment created time in 22 days

issue openedcloud-actions/golang-actions-functions

Error on creating service principal name with docs as listed

Update documentation https://github.com/cloud-actions/golang-actions-functions/tree/master/azure to be clear that the RESOURCE_GROUP needs to change as the service principal is being called the same as the resource group (not the problem) but you can't have multiple service principals with the same name.

created time in 22 days

fork iennae/Moodle

Tooling and guidance on deploying Scalable Moodle Clusters on Azure.

fork in 25 days

push eventiennae/sig-contributor-strategy

Jennifer Davis

commit sha bf7afdb519ba9cbb0f7789a95abe461296d23ac4

updating to remove Aaron Signed-off-by: Jennifer Davis <iennae@gmail.com>

view details

push time in a month

PR opened cncf/sig-contributor-strategy

adding a couple of folks to the group and meeting times for Contributor Growth Working Group

Documentation update to the Contributor Growth Working Group readme.

+6 -4

0 comment

1 changed file

pr created time in a month

push eventiennae/sig-contributor-strategy

Jennifer Davis

commit sha 0f71c045d849230125349f99ca83102162fb8d9e

adding a couple of folks to the group and meeting times Signed-off-by: Jennifer Davis <iennae@gmail.com>

view details

push time in a month

fork iennae/sig-contributor-strategy

CNCF Special Interest Group on Contributor Strategy -- maintainer relations, building up contributors, governance, graduation, and more.

https://cncf.io/projects

fork in a month

issue openedosscda/cloud-native-stream

July 15, 2020

Last week:

We talked a little about Go as a language for newbies and language choices for beginners.

We figured out what was going on with our ports invocation at the commandline, filed https://github.com/dapr/samples/issues/254 to improve the documentation around the Hello World sample.

We started talking about how to store more than one order. Aaron started coding this, and will update a new project in this organization. (edit this to update)

This week:

created time in a month

issue commentcncf/sig-contributor-strategy

WG Governance Content Tracking

I think there needs to be a archive or hand-off process to think through what happens when there are not enough active maintainers and graceful closure rather than just abandoning projects.

jberkus

comment created time in a month

Pull request review commentdeislabs/porter

Refresh contribute page

 reach out to a maintainer on [Slack][slack]. [skeletor]: https://github.com/deislabs/porter-skeletor [mixin-dev-guide]: /mixin-dev-guide/ [roadmap]: /roadmap+[existing-mixins]: https://github.com/deislabs/porter-packages/blob/main/mixins/index.json+[mixin-ideas]: https://github.com/deislabs/porter/issues?q=is%3Aissue+is%3Aopen+label%3A%22mixin+idea%22+[twitter]: https://github.com/

This twitter link looks like it's dangling.

carolynvs

comment created time in a month

Pull request review commentdeislabs/porter

Refresh contribute page

 do: * Project management or other skillsets would be amazing as well! Contact   Carolyn and let's coordiante. 🙌

I know it's been around but coordinate

carolynvs

comment created time in a month

issue openedosscda/lets-go-stream

Potential Topic: Testing part 2

we didn't get too far into writing unit tests. We should return to that and also talk about unit test enforcement.

created time in a month

issue openedosscda/lets-go-stream

Potential Topic: Table Tests

created time in a month

issue openedosscda/lets-go-stream

Potential topic: Pointers in Go

created time in a month

issue commentosscda/cloud-native-stream

July 1, 2020

So for the notes should include Cecil’s upcoming talk https://palmbeachtech.org/calendar/coders-cafe-adding-a-little-dapr-to-your-net-microservices-cecil-phillip/ Coders Cafe – Adding a little DAPR to your .NET Microservices – Cecil Phillip Cecil - https://twitter.com/cecilphillip

Abhi - https://twitter.com/abhi_tweeter https://dev.to/abhirockzz/dapr-qna-34m5

Siva’s https://twitter.com/ksivamuthu https://www.meetup.com/ONETUG/events/271474664/

Slack incident: https://slack.engineering/a-terrible-horrible-no-good-very-bad-day-at-slack-dfe05b485f82?gi=6c04d8eccffc

arschles

comment created time in a month

issue commentosscda/cloud-native-stream

What should our name be???

C-n (seeing AND Cloud Native) U Wednesdays

arschles

comment created time in a month

issue openedosscda/lets-go-stream

Agenda: July 13

Azure Functions and Go

created time in a month

issue openedosscda/lets-go-stream

Potential Topic: Go Modules

Digging into go modules

created time in a month

issue openedosscda/lets-go-stream

Write up the "glue" things to do

  • Tweets - schedule tweets automatically?
  • Follow-up posts
  • Stream Notes with URLs
  • Captioning

created time in a month

Pull request review commentdeislabs/porter

[WIP] Quickstart Documentation updates

 curl https://cdn.porter.sh/latest/install-linux.sh | bash ```  ## Latest Windows-You will need to create a [PowerShell Profile][ps-link] if you do not have one.++You need to run this command from PowerShell. You will also need a [PowerShell Profile][ps-link] if you do not have one. The PowerShell Profile customizes your environment each time you start up PowerShell.   ``` iwr "https://cdn.porter.sh/latest/install-windows.ps1" -UseBasicParsing | iex

valid in powershell, not in a regular command prompt.

iennae

comment created time in a month

PR opened deislabs/porter

Reviewers
[WIP] Documentation updates

What does this change

Based on feedback provided in Issue #1082, I've started some changed to add/update the porter documentation.

I've added a porter-yaml.md page which I think of as a page 2 for the quickstart. It's not linked in yet, I wanted to make sure to get feedback (maybe updating quickstart.md instead is the right thing?)

What issue does it fix

Helps to resolve #1082 but isn't complete yet.

Checklist

  • [ ] Unit Tests
  • [x] Documentation
  • [ ] Schema (porter.yaml)
+112 -5

0 comment

3 changed files

pr created time in a month

create barnchiennae/porter

branch : issue_1082

created branch time in a month

push eventosscda/cloud-native-stream

Jennifer Davis

commit sha 7b0619ff01072c38040a02fbb5ea3a635b66196f

Update README.md

view details

push time in a month

push eventosscda/cloud-native-stream

Jennifer Davis

commit sha ac82b7a40ba21cbaa525211a58ea20ae85ad4c21

Update README.md

view details

push time in a month

issue openedosscda/cloud-native-stream

Potential Topic: Porter Overview

Much like the dapr overview, it would be cool to do a porter overview.

created time in a month

push eventosscda/cloud-native-stream

Jennifer Davis

commit sha a18f651f35621554a0d240b7eef69cf76a5349af

Create schedule.md

view details

push time in a month

create barnchosscda/cloud-native-stream

branch : master

created branch time in a month

created repositoryosscda/cloud-native-stream

Cloud Native Stream

created time in a month

issue closedredguide/nodejs

Release request

Can I request a release bump to the supermarket? Prefer that to using a git source.

closed time in 2 months

inopinatus

issue commentredguide/nodejs

Release request

Apologies, I did get the privs but it took me a while and missed coming back to this. It looks like it's been updated on supermarket now though!

inopinatus

comment created time in 2 months

issue openeddeislabs/porter

Documentation issue with good first issues on CONTRIBUTING

Bug with Documentation

On the CONTRIBUTING doc, the link to good first issues takes you to the project board which has a single first issue. This may not be as helpful to new people to the project.

Additionally,

  • A great first issue "What is Porter" is missing from the project board.
  • Maybe remove the link to the project board from the "Find an Issue" section, or modify where it clicks to, or add a "See good examples below" example.

Collaborating on bug report with @jacciboggs, @cjthune, and @alynch-code

Expected behavior

Clear and concise information about what a good first issue is, and more comprehensive options.

created time in 3 months

push eventCoffeeOps/coffeeops.github.io

dependabot[bot]

commit sha 5b10aad95dd3688bdd30fbc3b9b2882180f35a20

Bump nokogiri from 1.6.6.2 to 1.10.8 Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.6.6.2 to 1.10.8. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.6.6.2...v1.10.8) Signed-off-by: dependabot[bot] <support@github.com>

view details

Jennifer Davis

commit sha 057b1fc407ee22e622b92d2f96de6ffcf01f35ff

Merge pull request #40 from CoffeeOps/dependabot/bundler/nokogiri-1.10.8 Bump nokogiri from 1.6.6.2 to 1.10.8

view details

push time in 3 months

PR merged CoffeeOps/coffeeops.github.io

Bump nokogiri from 1.6.6.2 to 1.10.8 dependencies

Bumps nokogiri from 1.6.6.2 to 1.10.8. <details> <summary>Release notes</summary>

Sourced from nokogiri's releases.

1.10.8 / 2020-02-10

Security

[MRI] Pulled in upstream patch from libxml that addresses CVE-2020-7595. Full details are available in #1992. Note that this patch is not yet (as of 2020-02-10) in an upstream release of libxml.

1.10.7 / 2019-12-03

Bug

  • [MRI] Ensure the patch applied in v1.10.6 works with GNU patch. #1954

1.10.6 / 2019-12-03

Bug

  • [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, #1953] (Thanks, @​nurse!)

1.10.5 / 2019-10-31

Dependencies

  • [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
  • [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34

1.10.4 / 2019-08-11

Security

Address CVE-2019-5477 (#1915)

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

This CVE's public notice is sparklemotion/nokogiri#1915

1.10.3 / 2019-04-22

Security Notes

</tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from nokogiri's changelog.

1.10.8 / 2020-02-10

Security

[MRI] Pulled in upstream patch from libxml that addresses CVE-2020-7595. Full details are available in #1992. Note that this patch is not yet (as of 2020-02-10) in an upstream release of libxml.

1.10.7 / 2019-12-03

Fixed

  • [MRI] Ensure the patch applied in v1.10.6 works with GNU patch. [#1954]

1.10.6 / 2019-12-03

Fixed

1.10.5 / 2019-10-31

Security

[MRI] Vendored libxslt upgraded to v1.1.34 which addresses three CVEs for libxslt:

  • CVE-2019-13117
  • CVE-2019-13118
  • CVE-2019-18197
  • CVE-2019-19956

More details are available at #1943.

Dependencies

  • [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
  • [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34

1.10.4 / 2019-08-11

Security

Address CVE-2019-5477 (#1915).

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4. </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

  • 6ce10d1 version bump to v1.10.8
  • 2320f5b update CHANGELOG for v1.10.8
  • 4a77fdb remove patches from the hoe Manifest
  • 570b6cb update to use rake-compiler ~1.1.0
  • 2cdb68e backport libxml2 patch for CVE-2020-7595
  • e6b3229 version bump to v1.10.7
  • 4f9d443 update CHANGELOG
  • 80e67ef Fix the patch from #1953 to work with both git and patch
  • 7cf1b85 Fix typo in generated metadata
  • d76180d add gem metadata
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in 3 months

issue closeddeislabs/porter

`porter mixins list` feels slow on Windows

Describe the bug

When I run porter mixins list on Windows, it takes about 6 seconds (for the 8 default mixins I have installed).

To Reproduce

  1. Install Windows on a PC that is admittedly a few years old but is still decently grunty
  2. Run porter mixins list
  3. Start counting under your breath
  4. Wait for output to appear
  5. Stop counting and go "gosh that felt a bit slow"

Expected behavior

Expected output to appear within a second or so.

Porter Command and Output

D:\GitHub\vscode-mock-debug [master ≡]> C:\Users\itowlson\.porter\porter.exe mixins list
Name         Version          Author
aws          v0.1.2-beta.1    DeisLabs
az           v0.3.1-beta.1    DeisLabs
azure        v0.7.1-beta.1    DeisLabs
exec         v0.17.0-beta.1   DeisLabs
gcloud       v0.2.1-beta.1    DeisLabs
helm         v0.8.0-beta.1    DeisLabs
kubernetes   v0.17.0-beta.1   DeisLabs
terraform    v0.4.1-beta.1    DeisLabs

Version

Copy the output of porter version below

porter v0.17.0-beta.1 (1a5ae4b)

closed time in 3 months

itowlson

issue commentdeislabs/porter

`porter mixins list` feels slow on Windows

Thanks for getting back about your current experience. This sounds like the code refactor to execute in parallel has improved the subsequent runs. At this time, we aren't going to be able to fix the cold start latency. Please do reopen if there is more that we need to address in this issue. Thanks!

itowlson

comment created time in 3 months

pull request commentdeislabs/porter

Cleaned up documentation for initial setup for developer tasks.

set PORTER_HOME and modify how they call from so folks don't have to install and override system installed porter. Example:

$ ./bin/porter list
NAME                     CREATED      MODIFIED     LAST ACTION   LAST STATUS
porter-wordpress         2019-11-11   2019-11-11   install       success
porter-wordpress-mysql   2019-11-11   2019-11-11   install       success
iennae

comment created time in 3 months

issue openeddeislabs/porter

Update the meta documentation for Porter Roadmap

Roadmap column descriptions have been updated, add more details.

created time in 3 months

more