Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve add missing workflow, update CVE checks #31

Merged

Conversation

@lightswitch05
Copy link
Contributor

lightswitch05 commented Aug 29, 2019

The 'missing' command is great for updates, but needs some TLC to make it easier to use.

  • Added option 'save-results' to allow the results to be automatically added to the checks.json
  • Enforce sorting of the checks.json file every time the missing command is ran
  • Save the timestamp to checks.json as 'updatedAt' to give a reference period for how old the checks are
  • Add php7 changelog to the missing checker
  • 'sunra/php-simple-html-dom-parser' is dead and throwing a ton of errors for newer versions of PHP. Replace it with an updated fork 'kub-at/php-simple-html-dom-parser'
  • Bump min php version since the array syntax is not avaliable before php 5.4
  • Add ext-json as a dependency
  • Fix unit tests (broken in master branch)
  • Add travis tests for php 7.3

Finally, I ran the 'missing' command with the changes I made and committed the updated checks.

The 'missing' command is great for updates, but needs some TLC to make it easier to use.

* Added option 'save-results' to allow the results to be automatically added to the checks.json
* Enforce sorting of the checks.json file every time the missing command is ran
* Save the timestamp to checks.json as 'updatedAt' to give a reference period for how old the checks are
* Add php7 changelog to the missing checker
* 'sunra/php-simple-html-dom-parser' is dead and throwing a ton of errors for newer versions of PHP. Replace it with an updated fork 'kub-at/php-simple-html-dom-parser'
* Bump min php version since the array syntax is not avaliable before php 5.4
* Add ext-json as a dependency
… new CVEs found
@lightswitch05 lightswitch05 force-pushed the lightswitch05:feature/improve-add-missing-workflow branch from 078535a to 5af2463 Aug 29, 2019
@lightswitch05

This comment has been minimized.

Copy link
Contributor Author

lightswitch05 commented Aug 29, 2019

With the improved workflow - I think there might be a path forward to have an automated run of the 'missing' command in travis ci. Automation could be done on a separate branch, with a manual review of the results before merging into master.

@lightswitch05

This comment has been minimized.

Copy link
Contributor Author

lightswitch05 commented Aug 29, 2019

@enygma I wouldn't mind setting up the automation if that is something you are interested in.

I also would be interested in helping you maintain this project if you need assistance. Automation with travis-ci would certainly require maintenance and more review work. Having more people with merge ability would help get the CVE updates out faster. Just for reference, there was a new release today - 7.3.9 - that fixes a CVE in 7.3.8. I didn't even know about it until I was testing my updates here.

Copy link
Collaborator

colinodell left a comment

I have not tested this out myself, but I do like the proposed approach here.

src/Psecio/Versionscan/Command/MissingCommand.php Outdated Show resolved Hide resolved
@lightswitch05

This comment has been minimized.

Copy link
Contributor Author

lightswitch05 commented Sep 3, 2019

It would be nice if more then one person had pull permissions on this repo

@lightswitch05

This comment has been minimized.

Copy link
Contributor Author

lightswitch05 commented Sep 4, 2019

@enygma is this tool abandoned?

Copy link
Collaborator

colinodell left a comment

I have permissions on this repo and would be happy to merge this :)

I was hoping for @enygma to weigh in here, since I generally only help with updating checks.json and minor bugfixes, leaving the larger things (plus releasing new versions) up to him. But I feel this change isn't too massive and is obviously beneficial so let's merge it :)

@colinodell colinodell merged commit 8c4324e into psecio:master Sep 4, 2019
1 check passed
1 check passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@lightswitch05

This comment has been minimized.

Copy link
Contributor Author

lightswitch05 commented Sep 4, 2019

Thanks @colinodell! Do you also have access to packagist?

@colinodell

This comment has been minimized.

Copy link
Collaborator

colinodell commented Sep 4, 2019

I do not, just the Github repo.

@enygma

This comment has been minimized.

Copy link
Member

enygma commented Oct 24, 2019

Er, the version on Packagist updates when a new release is tagged here, not manually on the service. I can definitely push a new tag if that's needed!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.