From 6a10135f8155b0128a0019d451bc9673a0c463ee Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 27 Oct 2021 21:50:51 -0400 Subject: [PATCH 1/5] Update ansible-lint configuration Remove the manual exclusion of the `converge.yml` file in the default molecule scenario. With the changes in cisagov/skeleton-ansible-role#88 this exclusion is no longer necessary. --- .ansible-lint | 3 --- 1 file changed, 3 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index bc8e0e5..08c1ae7 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -13,9 +13,6 @@ exclude_paths: - .cache # Seems wise to ignore this too - .github - # ansible-lint doesn't like the role name in this playbook, but it's - # what molecule requires - - molecule/default/converge.yml # These two are Molecule configuration files, not Ansible playbooks - molecule/default/molecule-no-systemd.yml - molecule/default/molecule-with-systemd.yml From 4b912fe7caf317793606afc626d19a4b840d4f2e Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 27 Oct 2021 21:53:10 -0400 Subject: [PATCH 2/5] Update ansible-lint configuration Instead of excluding molecule configurations for systemd individually we instead direct ansible-lint to process any of these configurations in scenario directories as plain yaml files. This mirrors how ansible-lint handles `molecule.yml` files in scenario directories by default. --- .ansible-lint | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 08c1ae7..0e80b05 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -13,7 +13,10 @@ exclude_paths: - .cache # Seems wise to ignore this too - .github - # These two are Molecule configuration files, not Ansible playbooks - - molecule/default/molecule-no-systemd.yml - - molecule/default/molecule-with-systemd.yml +kinds: + # This will force our systemd specific molecule configurations to be treated + # as plain yaml files by ansible-lint. This mirrors the default kind + # configuration in ansible-lint for molecule configurations: + # yaml: "**/molecule/*/{base,molecule}.{yaml,yml}" + - yaml: "**/molecule/*/molecule-{no,with}-systemd.yml" use_default_rules: true From 67870561e9b43c50c99e1bb1d24817623184bee8 Mon Sep 17 00:00:00 2001 From: Bryns Jones Date: Tue, 11 Jan 2022 14:49:52 +0000 Subject: [PATCH 3/5] Update SOFTWARE-LIST.md --- SOFTWARE-LIST.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index ff61b48..71aa3e1 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1959,7 +1959,7 @@ This list was initially populated using information from the following sources: | MariaDB | | | | | [MariaDB Statement](https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/) | | | | | MathWorks | All MathWorks general release desktop or server products | | Not Affected | No | [MathWorks statement regarding CVE-2021-44228](https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time) | | | | | MathWorks | MATLAB | All | Not Affected | No | [MathWorks MATLAB Statement](https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf) | | | 12/29/2021 | -| Matillion | | | | | [Matillion Security Advisory](https://documentation.matillion.com/docs/security-advisory-14th-december-2021) | | | | +| Matillion | Matillion ETL | 1.59.10+ | Fixed | | [Matillion Security Advisory](https://documentation.matillion.com/docs/security-advisory-14th-december-2021) | | | 11/01/2022 | | Matomo | | | | | [Matomo Statement](https://forum.matomo.org/t/matomo-is-not-concerned-by-the-log4j-security-breach-cve-2021-44228-discovered-on-december-2021-the-9th/44089) | | | | | Mattermost FocalBoard | | | | | [Mattermost FocalBoard Concern](https://forum.mattermost.org/t/log4j-vulnerability-concern/12676) | | | | | McAfee | Data Exchange Layer (DXL) Client | | Not Affected | | | | | 12/20/2021 | From 3f370ebddeb80461a609e0ac1c51e4c1dfb04652 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 17 Nov 2021 12:22:15 -0500 Subject: [PATCH 4/5] Update pre-commit hooks Update pre-commit hooks using `pre-commit autoupdate`. --- .pre-commit-config.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d83fdbc..b8dcbe0 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -5,7 +5,7 @@ default_language_version: repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.0.1 + rev: v4.1.0 hooks: - id: check-case-conflict - id: check-executables-have-shebangs @@ -31,13 +31,13 @@ repos: # Text file hooks - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.29.0 + rev: v0.30.0 hooks: - id: markdownlint args: - --config=.mdl_config.yaml - repo: https://github.com/pre-commit/mirrors-prettier - rev: v2.4.1 + rev: v2.5.1 hooks: - id: prettier - repo: https://github.com/adrienverge/yamllint @@ -49,7 +49,7 @@ repos: # pre-commit hooks - repo: https://github.com/pre-commit/pre-commit - rev: v2.15.0 + rev: v2.16.0 hooks: - id: validate_manifest @@ -75,13 +75,13 @@ repos: # Python hooks - repo: https://github.com/PyCQA/bandit - rev: 1.7.0 + rev: 1.7.1 hooks: - id: bandit args: - --config=.bandit.yml - repo: https://github.com/psf/black - rev: 21.9b0 + rev: 21.12b0 hooks: - id: black - repo: https://gitlab.com/pycqa/flake8 @@ -91,28 +91,28 @@ repos: additional_dependencies: - flake8-docstrings - repo: https://github.com/PyCQA/isort - rev: 5.9.3 + rev: 5.10.1 hooks: - id: isort - repo: https://github.com/pre-commit/mirrors-mypy - rev: v0.910-1 + rev: v0.931 hooks: - id: mypy - repo: https://github.com/asottile/pyupgrade - rev: v2.29.0 + rev: v2.31.0 hooks: - id: pyupgrade # Ansible hooks - repo: https://github.com/ansible-community/ansible-lint - rev: v5.2.1 + rev: v5.3.2 hooks: - id: ansible-lint # files: molecule/default/playbook.yml # Terraform hooks - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.52.0 + rev: v1.62.3 hooks: - id: terraform_fmt - id: terraform_validate From 93411319c98987a86d29af2342827eee99f8399c Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 11 Jan 2022 14:50:44 -0500 Subject: [PATCH 5/5] Add missing cisagov/action-lineage configuration This configuration will allow testing configuration updates to flow down automatically. --- .github/lineage.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .github/lineage.yml diff --git a/.github/lineage.yml b/.github/lineage.yml new file mode 100644 index 0000000..49f9c4f --- /dev/null +++ b/.github/lineage.yml @@ -0,0 +1,5 @@ +--- +lineage: + skeleton: + remote-url: https://github.com/cisagov/skeleton-generic.git +version: '1'