-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Limit jitpack use #11938
Limit jitpack use #11938
Conversation
Dependency Review✅ No vulnerabilities or license issues found.Scanned Manifest Files |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that the work to remove mock-fuel
entirely has been ticketed as #11928.
@mkalish, @victor-chaparro, @arnejduranovic review please |
Kudos, SonarCloud Quality Gate passed! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍🏻
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
all fuel references are currently being removed from the code, so I would expect this to get removed once that is done. You can find more info in this ticket: #11928
This PR limits the use of jitpack.io packages to the explicitly included list.
Jitpack risks
Repository content filtering
If you are suggesting a fix for a currently exploitable issue, please disclose the issue to the prime-reportstream team directly outside of GitHub instead of filing a PR, so we may immediately patch the affected systems before a disclosure. See SECURITY.md/Reporting a Vulnerability for more information.
Test Steps:
Changes
Checklist
Testing
./prime test
or./gradlew testSmoke
against local Docker ReportStream container?npm run lint:write
?Process
Linked Issues
To Be Done
Create GitHub issues to track the work remaining, if any
Specific Security-related subjects a reviewer should pay specific attention to
If you answered 'yes' to any of the questions above, conduct a detailed Review that addresses at least: