From 1f3be98c209e589805759acf1c1422108d82b6d7 Mon Sep 17 00:00:00 2001
From: kelvinqian00 <kelvinqian2@gmail.com>
Date: Wed, 27 Nov 2024 16:21:09 -0500
Subject: [PATCH 1/8] Update maven-dependency-submission-action to v4

---
 .github/workflows/deps.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deps.yml b/.github/workflows/deps.yml
index b97edca7..79b524d8 100644
--- a/.github/workflows/deps.yml
+++ b/.github/workflows/deps.yml
@@ -29,4 +29,4 @@ jobs:
         run: make clean pom.xml
 
       - name: Submit Dependency Snapshot
-        uses: advanced-security/maven-dependency-submission-action@v3
+        uses: advanced-security/maven-dependency-submission-action@v4

From 9aeef3168c8405e63a18c951bfb85347c526c1c8 Mon Sep 17 00:00:00 2001
From: kelvinqian00 <kelvinqian2@gmail.com>
Date: Wed, 27 Nov 2024 16:39:50 -0500
Subject: [PATCH 2/8] Remove periodic NVD scanning

---
 .github/workflows/nvd.yml | 16 ----------------
 1 file changed, 16 deletions(-)
 delete mode 100644 .github/workflows/nvd.yml

diff --git a/.github/workflows/nvd.yml b/.github/workflows/nvd.yml
deleted file mode 100644
index 7453d0bf..00000000
--- a/.github/workflows/nvd.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-name: Periodic NVD Scan
-
-on:
-  schedule:
-    - cron: "0 8 * * 1-5" # Every weekday at 8:00 AM
-
-jobs:
-  nvd_scan:
-    uses: yetanalytics/workflow-nvd/.github/workflows/nvd-scan.yml@v2
-    with:
-      nvd-clojure-version: "3.3.0"
-      classpath-command: "clojure -Spath -Adb-sqlite:db-postgres"
-      nvd-config-filename: ".nvd/config.json"
-      notify-slack: true
-    secrets:
-      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

From 1c68ba9d0c0ff7962fefbc9714116859268a2515 Mon Sep 17 00:00:00 2001
From: kelvinqian00 <kelvinqian2@gmail.com>
Date: Wed, 27 Nov 2024 16:40:10 -0500
Subject: [PATCH 3/8] Remove nvd-scanning as part of CI

---
 .github/workflows/test.yml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index aac59d39..9c7e2293 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -3,13 +3,6 @@ name: CI
 on: push
 
 jobs:
-  nvd_scan:
-    uses: yetanalytics/workflow-nvd/.github/workflows/nvd-scan.yml@v2
-    with:
-      nvd-clojure-version: "3.3.0"
-      classpath-command: "clojure -Spath -Adb-sqlite:db-postgres"
-      nvd-config-filename: ".nvd/config.json"
-
   lint:
     uses: yetanalytics/workflow-linter/.github/workflows/linter.yml@v2024.08.01
     with:

From 41d9f967e34a5e8bf124f38cab4147c2ae69e0ee Mon Sep 17 00:00:00 2001
From: kelvinqian00 <kelvinqian2@gmail.com>
Date: Wed, 27 Nov 2024 16:42:01 -0500
Subject: [PATCH 4/8] Remove :nvd alias and check-vuln make target

---
 Makefile | 13 +++++--------
 deps.edn |  3 ---
 2 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/Makefile b/Makefile
index f69b5432..ff35239d 100644
--- a/Makefile
+++ b/Makefile
@@ -23,7 +23,7 @@ resources/public/admin:
 # All other phony targets run lrsql instances that can be used and tested
 # during development. All start up with fixed DB properties and seed creds.
 
-.phony: clean-dev, ci, ephemeral, ephemeral-prod, sqlite, postgres, bench, bench-async, check-vuln, keycloak-demo, ephemeral-oidc, superset-demo, clamav-demo, test-sqlite, test-postgres, test-postgres-11, test-postgres-12, test-postgres-13, test-postgres-14, test-postgres-15
+.phony: clean-dev, ci, ephemeral, ephemeral-prod, sqlite, postgres, bench, bench-async, keycloak-demo, ephemeral-oidc, superset-demo, clamav-demo, test-sqlite, test-postgres, test-postgres-11, test-postgres-12, test-postgres-13, test-postgres-14, test-postgres-15
 
 clean-dev:
 	rm -rf *.db *.log resources/public tmp target/nvd
@@ -95,13 +95,6 @@ bench-async:
 		-a true \
 		-u username -p password
 
-# Vulnerability check
-
-target/nvd:
-	clojure -Xnvd check :classpath '"'"$$(clojure -Spath -A:db-sqlite:db-postgres)"'"' :config-filename '".nvd/config.json"'
-
-check-vuln: target/nvd
-
 # Demo instance of Keycloak used for interactive development
 
 keycloak-demo:
@@ -298,3 +291,7 @@ run-jar-postgres: target/bundle
 
 pom.xml:
 	clojure -Adb-sqlite:db-postgres -Spom
+
+# TODO: Add a local vulnerability checker.
+# Note that we removed our previous one that used nvd-clojure as that app was
+# becoming too unreliable; perhaps look into clj-watson?
diff --git a/deps.edn b/deps.edn
index f1e81ffe..f37b9d45 100644
--- a/deps.edn
+++ b/deps.edn
@@ -140,9 +140,6 @@
   {:extra-deps  {io.github.clojure/tools.build {:git/tag "v0.10.0"
                                                 :git/sha "3a2c484"}}
    :extra-paths ["src/build"]}
-  :nvd
-  {:replace-deps {nvd-clojure/nvd-clojure {:mvn/version "2.6.0"}}
-   :ns-default   nvd.task}
   :doc
   {:replace-deps {com.yetanalytics/markdoc {:git/url "https://github.com/yetanalytics/markdoc"
                                             :git/tag "v0.0.1"

From 056f401c67024d5540257435429920bedcb024f4 Mon Sep 17 00:00:00 2001
From: kelvinqian00 <kelvinqian2@gmail.com>
Date: Wed, 27 Nov 2024 16:42:34 -0500
Subject: [PATCH 5/8] Remove .nvd folder

---
 .nvd/config.json     |  3 ---
 .nvd/suppression.xml | 29 -----------------------------
 2 files changed, 32 deletions(-)
 delete mode 100644 .nvd/config.json
 delete mode 100644 .nvd/suppression.xml

diff --git a/.nvd/config.json b/.nvd/config.json
deleted file mode 100644
index 03177f3e..00000000
--- a/.nvd/config.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  "nvd": {"suppression-file": ".nvd/suppression.xml"}
-}
diff --git a/.nvd/suppression.xml b/.nvd/suppression.xml
deleted file mode 100644
index 6bae67cf..00000000
--- a/.nvd/suppression.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-    <!-- This CVE affects a single version of Postgres Server itself, not the driver at all and cannot be patched in this project -->
-    <suppress base="true">
-        <notes><![CDATA[
-        FP per issue #5899
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.postgresql/postgresql@.*$</packageUrl>
-        <cpe>cpe:/a:postgresql:postgresql_jdbc_driver</cpe>
-        <cve>CVE-2020-21469</cve>
-    </suppress>
-    <!-- This CVE does affect Clojure before 1.9.0, but all other flags are false positives -->
-    <suppress>
-        <notes><![CDATA[
-            all packages except for org.clojure/clojure
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven\/(?!org\.clojure\/clojure).*$</packageUrl>
-        <cpe>cpe:/a:clojure:clojure</cpe>
-        <cve>CVE-2017-20189</cve>
-    </suppress>
-    <!-- TODO: Remove suppression once we update to Jetty 12 -->
-    <suppress>
-        <notes><![CDATA[
-        file names: [jetty-http|http2-common|http2-server|jetty-io|jetty-server|websocket-client|websocket-server]-9.4.54.v20240208.jar
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty.*$</packageUrl>
-        <vulnerabilityName>CVE-2024-6763</vulnerabilityName>
-    </suppress>
-</suppressions>

From ea9b7dd453432303049b4414c35c2006c2aa7b23 Mon Sep 17 00:00:00 2001
From: kelvinqian00 <kelvinqian2@gmail.com>
Date: Wed, 27 Nov 2024 16:43:39 -0500
Subject: [PATCH 6/8] Revert "Update maven-dependency-submission-action to v4"

This reverts commit 1f3be98c209e589805759acf1c1422108d82b6d7.
---
 .github/workflows/deps.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deps.yml b/.github/workflows/deps.yml
index 79b524d8..b97edca7 100644
--- a/.github/workflows/deps.yml
+++ b/.github/workflows/deps.yml
@@ -29,4 +29,4 @@ jobs:
         run: make clean pom.xml
 
       - name: Submit Dependency Snapshot
-        uses: advanced-security/maven-dependency-submission-action@v4
+        uses: advanced-security/maven-dependency-submission-action@v3

From 5368bb9803430a53f9ad4fef0c6a7bd39f2cdfe4 Mon Sep 17 00:00:00 2001
From: kelvinqian00 <kelvinqian2@gmail.com>
Date: Wed, 27 Nov 2024 16:45:25 -0500
Subject: [PATCH 7/8] Remove nvd folder from make clean

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index ff35239d..fb1d109e 100644
--- a/Makefile
+++ b/Makefile
@@ -26,7 +26,7 @@ resources/public/admin:
 .phony: clean-dev, ci, ephemeral, ephemeral-prod, sqlite, postgres, bench, bench-async, keycloak-demo, ephemeral-oidc, superset-demo, clamav-demo, test-sqlite, test-postgres, test-postgres-11, test-postgres-12, test-postgres-13, test-postgres-14, test-postgres-15
 
 clean-dev:
-	rm -rf *.db *.log resources/public tmp target/nvd
+	rm -rf *.db *.log resources/public tmp
 
 # Tests
 

From be4f4f2cf4cfa4768187eee5e3ce788c569a6374 Mon Sep 17 00:00:00 2001
From: kelvinqian00 <kelvinqian2@gmail.com>
Date: Wed, 27 Nov 2024 16:45:34 -0500
Subject: [PATCH 8/8] Remove check-vuln from docs

---
 doc/dev.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/doc/dev.md b/doc/dev.md
index 9ec93177..990b448f 100644
--- a/doc/dev.md
+++ b/doc/dev.md
@@ -23,7 +23,6 @@ The SQL LRS can be built or run with the following Makefile targets. They can be
 | `bundle`           | Build a complete distribution of the SQL LRS including the user interface and native runtimes for multiple operating systems.                                                                                |
 | `bench`            | Run a load test and benchmark performance, returning performance metrics on predefined test data. Requires a running SQL LRS instance to test against. This test sends requests synchronously on one thread. |
 | `bench-async`      | Same as `bench` but it runs with concurrent requests on multiple threads.                                                                                                                                    |
-| `check-vuln`       | Run the [nvd-clojure](https://github.com/rm-hull/nvd-clojure) tool, which checks for vulnerabilities against the [National Vulnerability Database](https://nvd.nist.gov/).                                   |
 
 #### Run Targets
 
@@ -118,4 +117,3 @@ java -cp bench.jar lrsql.bench [arguments]
 Sample insert and query inputs can be found in the distribution at `bench/`
 
 [<- Back to Index](index.md)
-