-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
updating dependencies with open security vulnerebilities #996
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we want to completely remove the documentation and openapi files or just comment them out?
@@ -93,8 +94,12 @@ func ImportCCLFPackage(acoSize, environment string, fileType models.CCLFFileType | |||
var archiveName string | |||
|
|||
now := time.Now() | |||
rand.Seed(now.UnixNano()) | |||
jitter := rand.Intn(100) // #nosec G404 Need seed for random generator | |||
jitterBytes := make([]byte, 1) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Curious on the name here jitterBytes
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The previous seed was not good enough and had a G404 gosec issue. I updated it to using a random byte. Name change is simply reflecting the type of jitter. I am indifferent, it could stay jitter
or jitterByte
The plan is not to generate these automatically but to utilize a static JSON file we manually create. Secondly, I would rely on Git history rather than commented code—just preference. |
🎫 Ticket
https://jira.cms.gov/browse/BCDA-8306
🛠 Changes
Updated docker engine, retryablehttp
ℹ️ Context
https://jira.cms.gov/browse/BCDA-8245
🧪 Validation
Build the project locally