This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2024-03-02
Channels
- # ai (5)
- # announcements (1)
- # babashka (8)
- # beginners (16)
- # clojure (21)
- # clojure-europe (3)
- # clojure-norway (6)
- # clojure-uk (1)
- # datomic (3)
- # events (4)
- # figwheel-main (5)
- # fulcro (10)
- # jobs (1)
- # lsp (26)
- # missionary (5)
- # pedestal (1)
- # polylith (3)
- # portal (28)
- # practicalli (1)
- # reagent (37)
- # reitit (1)
- # scittle (24)
- # tools-deps (7)
Practicalli Project Templates commit (updated to a targeted approach for specific CVE's)
• https://github.com/practicalli/project-templates/commit/27a7e328153aacd59c923869bf0ed958630e7ff3
I've added
• https://github.com/practicalli/project-templates/commit/caf2e3b7157b7384fcfbcd8c9e37dbeecabf6d7e
Added a trivyignore file to the GitHub configuration for workflows, instructing Trivy to ingnore specific CVE reports, specifically CVE-2024-22871
Due to the CVE-2024-22871 report that uses deserialisation in a way that goes against the warning in the Clojure documentation, the Trivy reports are now warnings.
According to https://clojurians.slack.com/archives/C03S1KBA2/p1709276646647669?thread_ts=1707205549.345089&cid=C03S1KBA2, the CVE-2024-22871 report can be ignored/suppressed and treated as a reminder not to deserialise data from sources that are not trusted (should such a reminder not be already completely obvious).REPOSITORY_TRIVY_DISABLE_ERRORS: true # Errors only as warnings
in the .github/config/megalinter.yaml