Merge branch 'refactoring' into pathetic-rules

yetanalytics · Jun 27, 2023 · a8e361d · a8e361d
2 parents 1d8752e + 39e4501
commit a8e361d
Show file tree

Hide file tree

Showing 4 changed files with 960 additions and 33 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,22 +1,61 @@
 # Change Log
 
-## [0.1.14] - 2023-05-08
+## [0.1.16] - 2023-06-27
+- Update dependencies to address CVEs:
+  - Update Pedestal dependencies to `0.6.0`
+  - Update BouncyCastle and Buddy security lib deps:
+    - Update buddy-auth to `3.0.323`
+    - Update buddy-sign to `3.5.346`
+    - Change BC lib from bcprov-jdk15on to bcprov-18on and update to `1.75`
+
+## [0.1.15] - 2023-05-08
 - Update dependencies to address CVEs:
   - Update Jetty dependencies to `9.4.51.v20230217`
   - Update Cheshire to `5.11.0`
   - Update Apache Commons Fileupload to `1.5`
   - Update Apache Jena to `4.8.0`
 - Update NVD scanning to use the stand-alone [workflow-nvd](https://github.com/yetanalytics/workflow-nvd)
 
+## [0.1.14] - 2022-11-16
+- Exclude msgpack dependency to clear CVE-2022-41719
+
 ## [0.1.13] - 2022-11-03
-- Update CI and CD pipelines to remove GitHub Action deprecation warnings.
+- Update CI and CD pipelines to remove GitHub Action deprecation warnings. 
+
+Note that this update does not affect the API/application.
 
 ## [0.1.12] - 2022-10-24
 - Updated Jackson dependencies to address CVE-2022-42004 and CVE-2022-42003.
 
+## [0.1.11] - 2022-07-15
+- Apply suppression to NVD scanning for the false positives CVE-2022-23172 and CVE-2022-23173.
+
+Note that this update does not affect the API/application.
+
+## [0.1.10] - 2022-07-11
+- Fix CVEs CVE-2022-2048 and CVE-2022-2047.
+- Apply suppression to NVD scanning for the false positive CVE-2022-2191.
+
 ## [0.1.9] - 2022-07-06
 - Removed Import by URL functionality (GET /api/v1/download-url) from API (see [here](https://github.com/yetanalytics/datasim/pull/80))
 
+## [0.1.8] - 2022-07-01
+- Add `gen-profiles` and `gen-patterns` parameters to only generate based on the specified Profiles and primary patterns, respectively.
+- Add corresponding `--gen-profile` and `--gen-pattern` CLI arguments.
+
+## [0.1.7] - 2022-06-06
+- Fix broken Profile error printing. ([#76](https://github.com/yetanalytics/datasim/pull/76))
+
+## [0.1.6] - 2022-06-03
+- Fix bug where reading in large inputs fails. ([#74](https://github.com/yetanalytics/datasim/pull/74))
+
+## [0.1.5] - 2022-05-24
+- Add environment variables for webserver configuration.
+- Add public Docker image.
+
+## [0.1.4] - 2022-05-16
+- Update Apache Jena to `4.5.0`.
+
 ## [0.1.3] - 2022-04-26
 - Add GitHub Actions CI and CD for testing, bundle building, and vulnerability scanning.
 - Update dependencies to patch vulnerabilities (see [here](https://github.com/yetanalytics/datasim/pull/67) for more information).

diff --git a/Makefile b/Makefile
@@ -2,7 +2,7 @@
 
 GROUP_ID ?= com.yetanalytics
 ARTIFACT_ID ?= datasim
-VERSION ?= 0.1.5
+VERSION ?= 0.1.15
 MAIN_NS ?= com.yetanalytics.datasim.main
 
 clean:

diff --git a/deps.edn b/deps.edn
@@ -36,35 +36,18 @@
   :server
   {:extra-paths ["src/server"]
    :extra-deps
-   {io.pedestal/pedestal.service
-    {:mvn/version "0.5.10"
-     ;; exclude msgpack (via tools.analyzer)
-     ;; clears CVE-2022-41719
-     :exclusions [org.msgpack/msgpack]}
-    io.pedestal/pedestal.jetty
-    {:mvn/version "0.5.10"
-     :exclusions
-     [commons-fileupload/commons-fileupload
-      org.eclipse.jetty/jetty-server
-      org.eclipse.jetty/jetty-servlet
-      org.eclipse.jetty.alpn/alpn-api
-      org.eclipse.jetty/jetty-alpn-server
-      org.eclipse.jetty.http2/http2-server
-      org.eclipse.jetty.websocket/websocket-api
-      org.eclipse.jetty.websocket/websocket-servlet
-      org.eclipse.jetty.websocket/websocket-server]}
-    commons-fileupload/commons-fileupload    {:mvn/version "1.5"}
-    org.eclipse.jetty/jetty-server           {:mvn/version "9.4.51.v20230217"}
-    org.eclipse.jetty/jetty-servlet          {:mvn/version "9.4.51.v20230217"}
-    org.eclipse.jetty.alpn/alpn-api          {:mvn/version "1.1.3.v20160715"}
-    org.eclipse.jetty/jetty-alpn-server      {:mvn/version "9.4.51.v20230217"}
-    org.eclipse.jetty/jetty-alpn-java-server {:mvn/version "9.4.51.v20230217"}
-    org.eclipse.jetty.http2/http2-server     {:mvn/version "9.4.51.v20230217"}
-    org.slf4j/slf4j-simple                   {:mvn/version "1.7.28"}
-    clj-http/clj-http                        {:mvn/version "3.12.3"}
-    buddy/buddy-auth                         {:mvn/version "3.0.323"
-                                              :exclusions  [cheshire/cheshire]}
-    environ/environ                          {:mvn/version "1.1.0"}}
+   {io.pedestal/pedestal.service {:mvn/version "0.6.0"}
+    io.pedestal/pedestal.jetty   {:mvn/version "0.6.0"}
+    org.slf4j/slf4j-simple       {:mvn/version "1.7.28"}
+    clj-http/clj-http            {:mvn/version "3.12.3"}
+    environ/environ              {:mvn/version "1.1.0"}
+    ;; Buddy/BouncyCastle deps
+    buddy/buddy-auth {:mvn/version "3.0.323"
+                      :exclusions  [cheshire/cheshire
+                                    buddy/buddy-sign]}
+    buddy/buddy-sign {:mvn/version "3.5.346"
+                      :exclusions  [org.bouncycastle/bcprov-jdk18on]}
+    org.bouncycastle/bcprov-jdk18on {:mvn/version "1.75"}}
    :main-opts   ["-m" "com.yetanalytics.datasim.server"]}
   :onyx
   {:extra-paths ["onyx-resources" "src/onyx"]