Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Newtonsoft and Layout Changes #142

Merged
merged 14 commits into from
Aug 9, 2022
Merged

Newtonsoft and Layout Changes #142

merged 14 commits into from
Aug 9, 2022

Conversation

marmegh
Copy link
Contributor

@marmegh marmegh commented Jul 26, 2022
edited
Loading

Updates

  • Added images for Sonar and For All Secure to the contributor list
    image
  • Replaced WhiteSource contributor image with Mend.png reflecting name change
  • Layout updates and added java-sarif link
  • Newtonsoft.Json update to address Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json. This includes updating Sarif.Multitool.Library to v3.0.0-beta1 (which directly implements the mitigation without updating to Newtonsoft 13.0) and Microsoft.ApplicationInsights.AspNetCore to 2.21.0.

Sarif.sdk

SARIF Package Release History (SDK, Driver, Converters, and Multitool)

3.0.0-beta1 Sdk | Driver | Converters | Multitool | Multitool Library

  • BUGFIX: Loosen Newtonsoft.JSON minimum version requirement to 6.0.8 (for .NET framework) or 9.0.1 (for all other compilations) for Sarif.Sdk. Sarif.Converts requires 8.0.1, minimally, for .NET framework compilations.
  • BUGFIX: Broaden set of supported .NET frameworks for compatibility reasons. Sarif.Sdk now supports net45 forward. Sarif.Driver and Sarif.WorkItems requires net461 due to other dependencies.
  • BUGFIX: Set default stack limit in Newtonsoft.JSON utilization (if JsonConvert.Defaults is not already configured) to address GitHub advisory GHSA-5crp-9r3c-p9vr.

v2.4.16 Sdk | Driver | Converters | Multitool | Multitool Library

@marmegh marmegh changed the title Users/marmegh/june updates Newtonsoft and Layout Changes Jul 26, 2022
marmegh
marmegh commented Jul 26, 2022
View reviewed changes
src/SarifWeb/SarifWeb.csproj Outdated
<PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.20.0" />
<PackageReference Include="Sarif.Multitool.Library" Version="2.4.14" />
<PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.21.0" />
<PackageReference Include="Sarif.Multitool.Library" Version="2.4.16" />
Copy link
Contributor Author

@marmegh marmegh Jul 26, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@EasyRhinoMSFT, do we need something other than this to update the Multitool package? #Resolved

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope this should be it.
Note: using the Package Manager is the best way to go and ensures that everything is updated correctly.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately, this approach doesn't work in most of the repos for this particular update. :(

Copy link
Collaborator

@EasyRhinoMSFT EasyRhinoMSFT Jul 27, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the issue? I made the same change and it worked fine.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issue, this thread started in a Teams chat. I think some of the context got lost.

EasyRhinoMSFT
EasyRhinoMSFT reviewed Jul 26, 2022
View reviewed changes
src/SarifWeb/Views/Home/Index.cshtml Outdated
<img role="listitem" aria-label="Sonar" src="~/Images/Logos/Sonar.png" alt="Sonar" />
</a>
<a href="https://forallsecure.com/" target="_blank">
<img role="listitem" aria-label="For All Secure" src="~/Images/Logos/ForAllSecure.png" alt="For All Secure" />
Copy link
Collaborator

@EasyRhinoMSFT EasyRhinoMSFT Jul 26, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For All Secure

This is one word, ForAllSecure #Closed

EasyRhinoMSFT
EasyRhinoMSFT reviewed Jul 26, 2022
View reviewed changes
src/SarifWeb/Views/Home/Index.cshtml Outdated
<div class="tools-item-description tools-other-item-description"><a href="https://github.com/microsoft/sarif-js-sdk">Code and supporting files</a> for working with SARIF in JavaScript applications.</div>
<div class="tools-item-description tools-other-item-description">
<a href="https://github.com/microsoft/sarif-js-sdk">Code and supporting files</a> for working with SARIF in JavaScript applications.
</div>
Copy link
Collaborator

@EasyRhinoMSFT EasyRhinoMSFT Jul 26, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

[](http://example.com/codeflow?start=16&length=4)

Remove #Closed

EasyRhinoMSFT
EasyRhinoMSFT approved these changes Jul 27, 2022
View reviewed changes
Copy link
Collaborator

@EasyRhinoMSFT EasyRhinoMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

michaelcfanning
michaelcfanning reviewed Aug 4, 2022
View reviewed changes
.github/CODEOWNERS Outdated
* @michaelcfanning @EasyRhinoMSFT @marmegh
Copy link
Member

@michaelcfanning michaelcfanning Aug 4, 2022
edited by marmegh
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

michaelcfanning

might want to add cfaucon as a defensive measure. :) #Resolved

michaelcfanning
michaelcfanning reviewed Aug 4, 2022
View reviewed changes
src/ReleaseHistory.md
@@ -1,5 +1,8 @@
# SARIF Website Release History

## **v1.0.1**
- Updating contributors list/images, bump Sarif.Multitool.Library from 2.4.14 to 2.4.16, add link to java-sarif documentation. [#142](https://github.com/microsoft/sarif-website/pull/142)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

contributors

Just curious, didn't we hear from Contrast Security that they'd be willing to be badged on the site?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Possibly, but to my knowledge they have not submitted the graphic for inclusion at this time. @EasyRhinoMSFT, have you heard from them at all?

michaelcfanning
michaelcfanning approved these changes Aug 4, 2022
View reviewed changes
Copy link
Member

@michaelcfanning michaelcfanning left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@marmegh marmegh merged commit c203753 into main Aug 9, 2022
@marmegh marmegh deleted the users/marmegh/JuneUpdates branch August 9, 2022 17:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaelcfanning michaelcfanning michaelcfanning approved these changes

@EasyRhinoMSFT EasyRhinoMSFT EasyRhinoMSFT approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@marmegh @michaelcfanning @EasyRhinoMSFT