Tom Clegg [Tue, 30 Apr 2024 18:02:23 +0000 (14:02 -0400)]
21717: Fix incorrect header.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Tom Clegg [Thu, 25 Apr 2024 13:59:54 +0000 (09:59 -0400)]
21717: Allow cross-origin keepstore requests.
Also add some missing Allow-Header and Expose-Header entries to
keepproxy CORS headers.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Tom Clegg [Tue, 23 Apr 2024 19:53:32 +0000 (15:53 -0400)]
Merge branch '21697-slow-client-blocking'
fixes #21697
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Tom Clegg [Tue, 23 Apr 2024 18:10:30 +0000 (14:10 -0400)]
21697: Fix typo.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Tom Clegg [Tue, 23 Apr 2024 18:09:34 +0000 (14:09 -0400)]
21697: Comment why releaseSession func exists.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Tom Clegg [Tue, 23 Apr 2024 15:36:26 +0000 (11:36 -0400)]
Merge branch '21696-slow-propfind'
fixes #21696
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Tom Clegg [Tue, 23 Apr 2024 13:51:38 +0000 (09:51 -0400)]
21697: Don't hold session lock while processing read requests.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Lisa Knox [Mon, 22 Apr 2024 18:36:10 +0000 (14:36 -0400)]
Merge branch '21037-upgrade-react-scripts'
closes #21307
Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Lisa Knox [Mon, 22 Apr 2024 18:09:27 +0000 (14:09 -0400)]
21037: added eslintrc to gitignore Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Tom Clegg [Sun, 21 Apr 2024 22:35:27 +0000 (18:35 -0400)]
21696: Comment optimized PortableDataHash func.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Tom Clegg [Sun, 21 Apr 2024 22:16:45 +0000 (18:16 -0400)]
21696: Update test case & timing results for ill-packed manifests.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Tom Clegg [Sun, 21 Apr 2024 22:09:22 +0000 (18:09 -0400)]
21696: Cache subpath->fnode lookups.
Avoids extra locks/lookups when loading non-contiguous chunks.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Tom Clegg [Sun, 21 Apr 2024 22:08:48 +0000 (18:08 -0400)]
21696: Speed up PortableDataHash by not using regexp.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Tom Clegg [Sat, 20 Apr 2024 17:50:45 +0000 (13:50 -0400)]
21696: Add test for non-contiguous file data segments.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Tom Clegg [Sat, 20 Apr 2024 17:03:17 +0000 (13:03 -0400)]
21696: Fix slow loading of non-contiguous file data segments.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Tom Clegg [Fri, 19 Apr 2024 18:11:30 +0000 (14:11 -0400)]
Merge branch '21606-keep-web-output-buffer'
closes #21606
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Brett Smith [Fri, 19 Apr 2024 18:08:11 +0000 (14:08 -0400)]
Merge branch '21383-salt-debian12'
Closes #21524, #21583, #21661.
Refs #21383.
Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith@curii.com>
Tom Clegg [Fri, 19 Apr 2024 18:07:16 +0000 (14:07 -0400)]
21606: Document units for WebDAVOutputBuffer config.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Lisa Knox [Fri, 19 Apr 2024 14:55:27 +0000 (10:55 -0400)]
21037: moved entire beforeall into beforeeach in auto-logaout spec Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Lisa Knox [Fri, 19 Apr 2024 14:48:28 +0000 (10:48 -0400)]
21037: fixed timers in auto-logout spec Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Lisa Knox [Fri, 19 Apr 2024 14:46:47 +0000 (10:46 -0400)]
21037: fixed search-input spec Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Lisa Knox [Fri, 19 Apr 2024 13:45:03 +0000 (09:45 -0400)]
21037: removed stray whitespace in xml example Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Lisa Knox [Fri, 19 Apr 2024 13:28:07 +0000 (09:28 -0400)]
21037: fixed auth-middleware test Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Lisa Knox [Thu, 18 Apr 2024 18:29:24 +0000 (14:29 -0400)]
Revert "21037: changed jest timer mocks to settimeouts Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>"
Reverting due to false positives in search-input spec
This reverts commit
515f96c411358b45a978b6b7c93da860b09ee7d0.
Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Brett Smith [Thu, 18 Apr 2024 15:11:31 +0000 (11:11 -0400)]
21254: Add workaround for Bundler zlib bug
See comments for discussion.
Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith@curii.com>
Brett Smith [Thu, 7 Mar 2024 19:36:01 +0000 (14:36 -0500)]
21383: Salt provisioner installs systemd-cron
See comments for rationale.
Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith@curii.com>
Brett Smith [Wed, 6 Mar 2024 14:31:25 +0000 (09:31 -0500)]
21383: Reconfigure Salt logrotate service
See comments for rationale.
Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith@curii.com>
Brett Smith [Tue, 5 Mar 2024 19:17:15 +0000 (14:17 -0500)]
21383: Remove docker-ce version pin
Now that we've removed support for older distros, all the distros we
currently support have the minimum version of docker-ce
available. Meanwhile, that older version is not available for some newer
distros we want to support. Remove the pin accordingly.
Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith@curii.com>
Brett Smith [Tue, 5 Mar 2024 19:16:06 +0000 (14:16 -0500)]
21383: Standardize on os-release variables
This script was getting this information three different ways: by
reading /etc/os-release, calling lsb_release, and using its own internal
lookup tables. This is silly. Just read /etc/os-release and use those
variables throughout.
Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith@curii.com>
Brett Smith [Tue, 16 Jan 2024 14:17:04 +0000 (09:17 -0500)]
21383: Update Salt installer formulas
I'm not aware of any specific reason we need this, but it's good
maintenance since I'm in here anyway.
letsencrypt 3.0.0 does introduce a backwards incompatible change because
it no longer installs the Apache plugin by default. Since we never
wanted that plugin and always specify the pkgs we want anyway, this
shouldn't affect us.
https://github.com/saltstack-formulas/letsencrypt-formula/blob/master/CHANGELOG.md#300-2021-07-02
Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith@curii.com>
Brett Smith [Mon, 15 Jan 2024 20:29:34 +0000 (15:29 -0500)]
21383: Use postgres formula with support for Debian 12
Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith@curii.com>
Brett Smith [Mon, 15 Jan 2024 18:39:34 +0000 (13:39 -0500)]
21383: Upgrade Salt installer to Salt 3006
Salt 3006 is the first version to support Python 3.11, included with
Debian 12.
Because 3006 is the current stable, we have to update the bootstrap
invocation to match. I guess we'll have to make another change after it
becomes old-stable.
Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith@curii.com>
Brett Smith [Fri, 5 Apr 2024 19:06:12 +0000 (15:06 -0400)]
21583: Configure Passenger with passenger_preload_bundler
This helps avoid situations where Passenger loads gems that create
a conflict with our bundle. We're currently seeing this with the base64
gem, where Passenger on Ruby 3.[0-3] can load the version shipped with
that Ruby before our RailsAPI bundle gets loaded. This causes an error:
[ E 2024-03-12 15:12:44.8347 907382/Tf age/Cor/App/Implementation.cpp:221 ]:
Could not spawn process for application /var/www/arvados-api/current:
The application encountered the following error: You have already
activated base64 0.1.1, but your Gemfile requires base64 0.2.0. Since
base64 is a default gem, you can either remove your dependency on it or
try updating to a newer version of bundler that supports base64 as a
default gem. (Gem::LoadError)
Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith@curii.com>
Brett Smith [Fri, 5 Apr 2024 19:00:54 +0000 (15:00 -0400)]
21583: Update link for Phusion Passenger install guide
Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith@curii.com>
Lisa Knox [Wed, 17 Apr 2024 18:24:31 +0000 (14:24 -0400)]
21037: changed jest timer mocks to settimeouts Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Tom Clegg [Wed, 17 Apr 2024 15:37:11 +0000 (11:37 -0400)]
Merge branch '21644-flaky-test'
fixes #21644
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Tom Clegg [Tue, 16 Apr 2024 18:18:03 +0000 (14:18 -0400)]
21696: Fix unnecessary copy-by-value.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Tom Clegg [Tue, 16 Apr 2024 18:07:43 +0000 (14:07 -0400)]
21696: Exercise less efficient code path by mixing up block order.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Brett Smith [Tue, 16 Apr 2024 15:12:47 +0000 (11:12 -0400)]
Merge branch '21692-go-packages-no-build-id'
Refs #21692. Closes #21694.
Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith@curii.com>
Lisa Knox [Tue, 16 Apr 2024 14:31:50 +0000 (10:31 -0400)]
21037: removed jszip mock in spec Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Lisa Knox [Mon, 15 Apr 2024 15:34:46 +0000 (11:34 -0400)]
21037: fixed sharingdialog import in spec Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Tom Clegg [Mon, 15 Apr 2024 14:15:57 +0000 (10:15 -0400)]
21696: Add "large collection" test with large files.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Lisa Knox [Mon, 15 Apr 2024 13:23:31 +0000 (09:23 -0400)]
21037: renamed a few "require" functions to adapt to webpack now reserving that word Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Brett Smith [Fri, 12 Apr 2024 18:56:45 +0000 (14:56 -0400)]
21692: Test RPM packages for build id conflicts
Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith@curii.com>
Brett Smith [Fri, 12 Apr 2024 18:21:20 +0000 (14:21 -0400)]
21692: Don't include build id links in Go packages
See comment for rationale.
Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith@curii.com>
Tom Clegg [Fri, 12 Apr 2024 18:52:07 +0000 (14:52 -0400)]
21644: Fix unreliable test.
Test the bucket that doesn't depend on actual test speed.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Lisa Knox [Fri, 12 Apr 2024 18:11:20 +0000 (14:11 -0400)]
21037: fixed all linter warnings Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Lisa Knox [Fri, 12 Apr 2024 17:59:58 +0000 (13:59 -0400)]
21037: added eslintcache to gitignore Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Lisa Knox [Fri, 12 Apr 2024 17:55:59 +0000 (13:55 -0400)]
21037: added eslintcache to gitignore Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Lisa Knox [Fri, 12 Apr 2024 17:54:17 +0000 (13:54 -0400)]
21037: fixed most of the linter warnings Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Lisa Knox [Fri, 12 Apr 2024 15:52:27 +0000 (11:52 -0400)]
21037: app compiles Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Stephen Smith [Fri, 12 Apr 2024 14:50:31 +0000 (10:50 -0400)]
Merge branch '21691-wb2-dependency-upgrades' into main. Closes #21691
Arvados-DCO-1.1-Signed-off-by: Stephen Smith <stephen@curii.com>
Stephen Smith [Fri, 12 Apr 2024 13:22:25 +0000 (09:22 -0400)]
Merge branch '21688-io-panel-style-fixes' into main. Closes #21688
Arvados-DCO-1.1-Signed-off-by: Stephen Smith <stephen@curii.com>
Stephen Smith [Fri, 12 Apr 2024 13:10:04 +0000 (09:10 -0400)]
21691: Update tar to 6.2.1
Arvados-DCO-1.1-Signed-off-by: Stephen Smith <stephen@curii.com>
Stephen Smith [Fri, 12 Apr 2024 00:30:42 +0000 (20:30 -0400)]
21691: Add minor improvements to test reliability
Arvados-DCO-1.1-Signed-off-by: Stephen Smith <stephen@curii.com>
Stephen Smith [Fri, 12 Apr 2024 00:29:04 +0000 (20:29 -0400)]
21691: Add types to replace files methods for differing parameter/result types
Arvados-DCO-1.1-Signed-off-by: Stephen Smith <stephen@curii.com>
Stephen Smith [Fri, 12 Apr 2024 00:27:50 +0000 (20:27 -0400)]
21691: Add type to login method to satisfy result type
Arvados-DCO-1.1-Signed-off-by: Stephen Smith <stephen@curii.com>
Stephen Smith [Fri, 12 Apr 2024 00:27:01 +0000 (20:27 -0400)]
21691: Avoid error by changing method of clearing token
Arvados-DCO-1.1-Signed-off-by: Stephen Smith <stephen@curii.com>
Stephen Smith [Fri, 12 Apr 2024 00:26:15 +0000 (20:26 -0400)]
21691: Update axios to 0.28.1
Arvados-DCO-1.1-Signed-off-by: Stephen Smith <stephen@curii.com>
Tom Clegg [Thu, 28 Mar 2024 14:40:12 +0000 (10:40 -0400)]
21606: Change default output buffer size to 0.
See https://dev.arvados.org/issues/21606#note-8.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Tom Clegg [Thu, 28 Mar 2024 14:39:34 +0000 (10:39 -0400)]
21606: Improve code comments.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Tom Clegg [Thu, 21 Mar 2024 15:01:46 +0000 (11:01 -0400)]
21606: Update config comment.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Tom Clegg [Tue, 19 Mar 2024 19:37:32 +0000 (15:37 -0400)]
21606: Add output buffer for webdav downloads.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Tom Clegg [Thu, 11 Apr 2024 19:01:22 +0000 (15:01 -0400)]
Merge branch '21657-diag-docker-format'
fixes #21657
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Stephen Smith [Thu, 11 Apr 2024 17:57:26 +0000 (13:57 -0400)]
Merge branch '21659-gh-workflow-tests' into main. Closes #21659
Arvados-DCO-1.1-Signed-off-by: Stephen Smith <stephen@curii.com>
Stephen Smith [Thu, 11 Apr 2024 17:48:50 +0000 (13:48 -0400)]
21688: Move json out of tableWrapper and add flexbox stretch to collection tab
Arvados-DCO-1.1-Signed-off-by: Stephen Smith <stephen@curii.com>
Lucas Di Pentima [Thu, 11 Apr 2024 15:17:08 +0000 (12:17 -0300)]
Merge branch '21654-net-imap-downgrade'. Refs #21654
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lucas Di Pentima [Thu, 11 Apr 2024 14:42:28 +0000 (11:42 -0300)]
21654: Reverts net-imap to a previous version to keep ruby compatibility.
Bundler upgraded this gem when upgrading rails to 7.0.8.1, making it
incompatible with ruby 2.7.2, but rails doesn't explicitly asks a new
net-imap version.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Tom Clegg [Thu, 11 Apr 2024 14:35:17 +0000 (10:35 -0400)]
21657: Update docker archive ID introspection code for OCIv2.
Also, when not using the built-in image, we already rely on having
docker tools available, so use `docker inspect` instead of trying to
read the tarball.
This way the introspection code now only needs to work on the built-in
image. And now there's a test for that.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
Lucas Di Pentima [Thu, 11 Apr 2024 13:52:43 +0000 (10:52 -0300)]
Reverts nokogiri upgrade to a ruby-2.7 supported version.
Refs #21654
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lisa Knox [Wed, 10 Apr 2024 18:52:16 +0000 (14:52 -0400)]
Merge branch '21313-share-dialog-warning'
closes #21313
Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Lisa Knox [Wed, 10 Apr 2024 14:27:17 +0000 (10:27 -0400)]
21313: aligned share button styles with edit button styles Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Lisa Knox [Wed, 10 Apr 2024 14:18:53 +0000 (10:18 -0400)]
21313: removed vestigial saveEnabled prop Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 21:40:28 +0000 (18:40 -0300)]
Merge branch '21654-wb2-deps-upgrades'. Refs #21654
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Peter Amstutz [Tue, 9 Apr 2024 19:30:15 +0000 (15:30 -0400)]
Merge branch '21639-prefetch' refs #21639
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
Lisa Knox [Tue, 9 Apr 2024 18:35:24 +0000 (14:35 -0400)]
21313: moved items so that all rows align properly Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Lisa Knox [Tue, 9 Apr 2024 17:37:29 +0000 (13:37 -0400)]
21313: moved data-cy to new button Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Lisa Knox [Tue, 9 Apr 2024 17:10:27 +0000 (13:10 -0400)]
21313: removed underline from permissions select Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 16:08:12 +0000 (13:08 -0300)]
Merge branch '21654-protobuf-upgrade'. Refs #21654
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 15:31:21 +0000 (12:31 -0300)]
Merge branch '21654-docker-upgrade'. Refs #21654
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 15:21:50 +0000 (12:21 -0300)]
21654: Upgrades ex5-ext to address CVE-2024-27088
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 15:18:10 +0000 (12:18 -0300)]
Merge branch '21654-express-upgrade'. Refs #21654
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 15:17:17 +0000 (12:17 -0300)]
21654: Upgrades ip packages to address CVE-2023-42282.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 15:08:03 +0000 (12:08 -0300)]
Merge branch '21654-follow-redirects-upgrade'. Refs #21654
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 14:57:24 +0000 (11:57 -0300)]
21654: Upgrades github.com/docker/docker to address CVE-2024-24557
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 14:51:19 +0000 (11:51 -0300)]
21654: Upgrades google.golang.org/protobuf to address CVE-2024-24786
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lisa Knox [Tue, 9 Apr 2024 14:47:55 +0000 (10:47 -0400)]
21313: moved save button to bottom of share dialog Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 14:45:23 +0000 (11:45 -0300)]
Merge branch '21654-rails-upgrade'. Refs #21654
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 14:41:40 +0000 (11:41 -0300)]
21654: Upgrades follow-redirects addressing CVE-2024-28849 & CVE-2023-26159
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 14:24:01 +0000 (11:24 -0300)]
21654: Upgrades express to address CVE-2024-29041
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 14:15:45 +0000 (11:15 -0300)]
21654: Upgrades rails to 7.0.8.1 to address CVE-2024-26143
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 14:12:01 +0000 (11:12 -0300)]
21654: Upgrades rack to address several vulnerabilities.
* CVE-2024-26141
* CVE-2024-26146
* CVE-2024-25126
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 14:08:58 +0000 (11:08 -0300)]
Merge branch '21654-go-jose-upgrade'. Refs #21654
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 13:37:20 +0000 (10:37 -0300)]
21654: Upgrades github.com/go-jose/go-jose/v3 to address CVE-2024-28180
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 13:29:26 +0000 (10:29 -0300)]
Merge branch '21654-browserify-sign-upgrade'. Refs #21654
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 13:28:38 +0000 (10:28 -0300)]
Merge branch '21654-nokogiri-upgrade'. Refs #21654
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 01:12:06 +0000 (22:12 -0300)]
21654: Upgrades nokogiri to address CVE-2024-25062
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 00:55:25 +0000 (21:55 -0300)]
21654: Upgrades browserify-sign to address CVE-2023-46234
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lucas Di Pentima [Tue, 9 Apr 2024 00:24:06 +0000 (21:24 -0300)]
Updates yarn.lock to unblock CI. Refs #21654
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
Lucas Di Pentima [Mon, 8 Apr 2024 21:00:17 +0000 (18:00 -0300)]
Merge branch '21654-deps-updates'. Closes #21654
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>