cacti GitHub
| PR #2353 | fix(interopcc): build failing after golang.org/x/crypto bump to v0.1.0 |
| Upgraded all go modules to go v1.20 Closes #2348 |
Created At 2023-03-28 18:21:33 +0000 UTC
| PR #2351 | fix(relay): rust build fails after tokio bump from 0.2.25 to 1.18.5 |
| Additionally: - upgrade other dependencies for relay - added tls based unit test in relay Closes #2349 |
Created At 2023-03-28 16:46:17 +0000 UTC
| PR #2350 | chore(release): publish v1.2.0 |
| Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com> |
Created At 2023-03-28 05:52:37 +0000 UTC
| PR #2347 | refactor: package name for weaver cordapps |
| Update package name for weaver cordapps to prefix with `org.hyperledger.cacti.weaver` |
Created At 2023-03-27 07:17:29 +0000 UTC
| PR #2346 | fix(security): upgrade express-jwt to v8.4.1 |
| Fixes/changes that needed to be done in order to make the upgrade work: 1. The HTTP verbs for exempted endpoints are now specified both as lowercase and uppercase meaning that if a specific endpoint is configured to be exempt from JWT authorization then it's method will be specified twice, once as 'POST' and once as 'post' because the underlying library (which is called express-unless) does not have the ability to handle verbs in a case insensitive way. 2. In the registerWebServiceEndpoint function, the configuration of the express-jwt-authz library had to be changed because the scope enforcement was broken due to express-jwt changing the default request property where it places the decoded JWT payload from `"user"` to `"auth"` and this made it incompatible by default with the behavior of express-jwt-authz Luckily there is a parameter to set the request property name and that is now being specified explicitly as `"auth"` so that they are playing nice with each other once again and the authorization's scope based access control works just fine. Fixes #2231 |
Created At 2023-03-25 03:57:57 +0000 UTC
| PR #2345 | build(deps): bump openssl from 0.10.41 to 0.10.48 in /weaver/core/relay |
| dependenciesrust | Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.41 to 0.10.48. Release notesSourced from openssl's releases.
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and optionsYou can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperledger/cacti/network/alerts). |
Created At 2023-03-25 00:57:11 +0000 UTC
| PR #2344 | build(deps): bump openssl from 0.10.32 to 0.10.48 in /packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/rust/gen |
| dependenciesrust | Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.32 to 0.10.48. Release notesSourced from openssl's releases.
... (truncated) Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and optionsYou can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperledger/cacti/network/alerts). |
Created At 2023-03-25 00:11:59 +0000 UTC
| PR #2342 | test(connector-fabric): fix v2-2-x/deploy-lock-asset.test.ts |
| Telling the typescript compiler to skip the library code check so that auto-updating dependencies don't break the test fixture chain code compilation. The root cause and the fix are equivalent as they were for: https://github.com/hyperledger/cacti/issues/2322 https://github.com/hyperledger/cacti/pull/2323 Commit SHA: dfb727861b5e26a15dbef0729a2a14dd26b4655f Fixes #2341 Also sneaking in a .gitignore change with this: there is a VSCode extension that stores local editing history of files in a .history/ sub-folder and that needs to be ignored in git otherwise it just keeps popping up in the git index which is annoying sometimes. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com> |
Created At 2023-03-24 16:42:38 +0000 UTC
| PR #2340 | chore(tools): script to bump openapi spec dependency versions |
| Fixes #2206 |
Created At 2023-03-24 07:20:33 +0000 UTC
| PR #2339 | build(plugin-keychain-vault): fix CVE-2021-32810 - upgrade vault crate |
| Verified that these changes are okay by recompiling the rust code and executing the manual steps from the readme that launch the containers and then uses cURL to send a couple of requests in. Fixes #2338 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com> |
Created At 2023-03-23 23:54:42 +0000 UTC
| PR #2337 | docs(release): add RELEASE_MANAGEMENT.md file |
| Fixes #2336 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com> |
Created At 2023-03-23 03:01:01 +0000 UTC