xenon8:xenon8/puppet-8-upgrade #827
Conversation
…ve legacy :: referencing. Changes for Puppet 8
… prettied the code.
…g no check for empty strings
… bcrypt_pbkdf 1.1 fails to install with Ruby 3.2.5
…ersionning not strings
![datadog-datadog-prod-us1[bot]](https://avatars.githubusercontent.com/u/365230?s=60&v=4){kind=small}
|
|
||
| # Ensures that a module is defined | ||
| # @param module_name Name of the module | ||
| def ensure_module_defined(module_name) |
There was a problem hiding this comment.
🔵 Code Quality Violation
Avoid top-level methods definition. Organize methods in modules/classes. (...read more)
This rule emphasizes the importance of organizing methods within modules or classes in Ruby. In Ruby, it's considered a best practice to wrap methods within classes or modules. This is because it helps in grouping related methods together, which in turn makes the code easier to understand, maintain, and reuse.
Not adhering to this rule can lead to a disorganized codebase, making it hard for other developers to understand and maintain the code. It can also lead to potential name clashes if a method is defined in the global scope.
To avoid violating this rule, always define your methods within a class or a module. For example, instead of writing def some_method; end, you should write class SomeClass def some_method; end end. This not only adheres to the rule but also improves the readability and maintainability of your code.
| 'full' => (RSpec::Support::OS.windows? ? '2019 SP1' : '14.04'), | ||
| }, | ||
| # Get parameters from catalogue. | ||
| def get_from_catalogue(type, name, parameter) |
There was a problem hiding this comment.
🔵 Code Quality Violation
Avoid top-level methods definition. Organize methods in modules/classes. (...read more)
This rule emphasizes the importance of organizing methods within modules or classes in Ruby. In Ruby, it's considered a best practice to wrap methods within classes or modules. This is because it helps in grouping related methods together, which in turn makes the code easier to understand, maintain, and reuse.
Not adhering to this rule can lead to a disorganized codebase, making it hard for other developers to understand and maintain the code. It can also lead to potential name clashes if a method is defined in the global scope.
To avoid violating this rule, always define your methods within a class or a module. For example, instead of writing def some_method; end, you should write class SomeClass def some_method; end end. This not only adheres to the rule but also improves the readability and maintainability of your code.
| gem "kitchen-puppet" | ||
| gem "kitchen-docker" | ||
| gem "kitchen-verifier-serverspec" | ||
| gem "rexml", '>= 3.0.0', '< 3.2.7', require: false |
There was a problem hiding this comment.
🔴 Library Vulnerability
rexml → 3.2.6
REXML ReDoS vulnerability (...read more)
| gem "kitchen-puppet" | ||
| gem "kitchen-docker" | ||
| gem "kitchen-verifier-serverspec" | ||
| gem "rexml", '>= 3.0.0', '< 3.2.7', require: false |
There was a problem hiding this comment.
🔴 Library Vulnerability
rexml → 3.2.6
REXML DoS vulnerability (...read more)
Impact
The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, >] and ]>.
If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.
Patches
The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
Workarounds
Don't parse untrusted XMLs.
References
- GHSA-vg3r-rm7w-2xgh : This is a similar vulnerability
- GHSA-4xqq-m2hx-25v8 : This is a similar vulnerability
- https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123/: An announce on www.ruby-lang.org
…ss docs due to space between class declaration and docs
fanny-jiang
force-pushed
the
fanny/CECO-1954/puppet8
branch
from
78a4cce to
cc59363
Compare
…to fanny/CECO-1954/puppet8
What does this PR do?
Motivation
Additional Notes
Describe your test plan