Date
Call-in Information
Time: 10:00 am, Eastern Standard Time, or 4:00 pm, Central European Time
Join Zoom Meeting
https://lyrasis.zoom.us/j/81398228834?pwd=SE0wdFN3NnFVbEhYVUhuM3BtQmVUQT09Meeting ID: 813 9822 8834
Passcode: 728426- calendar invitation - ics
Attendees
Indicating note-taker
Agenda
- M1 mac chip and VIVO
- I forgot my password
- Audit tool
- Avoid lock on graph uri update in RdfServiceSparql
- ABAC
- Vulnerability
Notes
Georgy and Dragan discussed transcribing audio to text and receiving Zoom AI summaries via email.
Mac M1 chip
The team touched on a technical issue concerning the use of different Java virtual machines for building and running VIVO applications. Dragan also proposed creation of PR to update the Argon library that seemed to resolve some issues, but the specifics remained unclear. The team also discussed potential security implications of mutable Assembly at runtime. The cause of the problem was unclear, but Georgy suggested it might be related to Apple's Java implementation on Mac, and Dragan expressed hope for a resolution in future releases. The team also discussed the issue of the test failing due to the use of the argon library and considered updating the continuous integration test. In addition, Dragan and William, explored the possibility of creating a Github action to simulate running VIVO on a Mac machine and other OS (windows, linux).
Audit tool
Georgy considered a remote triple store to store data, suggested by Brian, but deemed it too costly. Dragan suggested involving more members of the team, including Milos and Ivan, besides committers, to speed up the review process. Georgy agreed, noting that it would provide valuable experience. The task of reviewing Audit tool PR is assigned to Milos.
Avoid lock on graph uri update in RdfServiceSparql
This PR is basically refactoring of a previous PR reviewed by Brian. It would be great if Brian can review this PR.
ABAC
Dragan and Georgy discussed the performance of a page with researchers. Dragan had tried the live instance and found no dropping in performance. Georgy mentioned that he had implemented some efficient methods for advanced role management and that he had not noticed any performance issues. Dragan suggested further testing on the researcher profile page. They also discussed the computational cost and order of checking the rules, with Georgy explaining the comparator in the implementation of the checks.
Vulnerabilities
Dragan identified potential vulnerabilities and discussed the outdated dependency with the team. Dragan also pointed out high and critical severity vulnerabilities related to dependenbot alerts for Jena and the ORCID client API. The team decided to document the critical vulnerability and advise against using SDB in Jena. Georgy concluded that the vulnerability could not be exploited if SDB was not used. Jena should be updated to Jena 5 (probably in VIVO 1.16.0).
Actions
Previous actions
- Dragan Ivanovic to review extended search PR and Avoid lock on graph uri update in RdfServiceSparql PR
- William Welling will continue working on vivo-solr upgrade branch
- Ivan Mrsulja will consider adding a configuration flag for turning on/off the "I forgot my password" feature
- Dragan Ivanovic to talk with Ivan Mrsulja about improvements of https://github.com/vivo-project/Vitro/pull/421 in accordance with committers' discussion
- Dragan Ivanovic to inform Miloš Popović that bootstrap javascript functions are used in the extended search
- Georgy Litvinov to continue working on ABAC PR and inform us back when it is completed and ready for testing and reviewing
- Dragan Ivanovic to open a GitHub ticket for Mac M1 chip issue
- Dragan Ivanovic to create a PR for upgrading slf4j-log4j12 - https://github.com/vivo-project/Vitro/blob/main/dependencies/pom.xml#L215
- All will review assigned PRs
- Dragan Ivanovic will open a GitHub ticket for Log4j vulnerability
- Dragan Ivanovic will open a GitHub ticket for Removing trash icon for some specific types
- Dragan Ivanovic will further investigate mirroring GitHub repositories to a self-managed instance of a GitLab platform
- Georgy Litvinov will upgrade https://github.com/vivo-project/Vitro/pull/398
- Dragan Ivanovic should investigate https://github.com/marketplace?category=backup-utilities
- Dragan Ivanovic to prepare VIVO 1.14.0 release
- Dragan Ivanovic to prepare release candidate 4
- Georgy Litvinov to align https://vivo.tib.eu/vivorc/ with release candidate 4
- Dragan Ivanovic to respond to slack messages
- Dragan Ivanovic will try to collect wiki pages where strategy, vision and roadmap for development of VIVO were discussed in the past
- Georgy Litvinov will try to address the issue https://github.com/vivo-project/VIVO/issues/3871
- Dragan Ivanovic will ask Michael to open a GitHub ticket for the issue about UF performance during login (https://vivo-project.slack.com/archives/C8RL9L98A/p1684174222986709), Brian Lowe and others can continue discussion about this issue once a ticket is open
- Dragan Ivanovic will ask Rodrigo to open a GitHub ticket for the issue about custom theme and VIVO Docker (https://vivo-project.slack.com/archives/C8RL9L98A/p1684962021101889), William Welling and others can continue discussion about this issue once a ticket is open
- Brian Lowe to open a GitHub issue for index page exception
- https://github.com/vivo-project/VIVO/issues/3867
- add sample (minimal RDF to reproduce the issue)
- Miloš Popović or Ivan Mrsulja to review (https://github.com/vivo-project/VIVO/issues/3862)
- Georgy Litvinov to review (https://github.com/vivo-project/VIVO/issues/3847)
- Review (https://github.com/vivo-project/VIVO/issues/3865)
- Review (https://github.com/vivo-project/VIVO/issues/3864)
- Review (https://github.com/vivo-project/VIVO/issues/3858)
- Review (https://github.com/vivo-project/VIVO/issues/3859)
- Review (https://github.com/vivo-project/VIVO/issues/3855)
- Review (https://github.com/vivo-project/VIVO/security/dependabot/3)
- Brian Lowe and William Welling to review https://github.com/vivo-project/VIVO/pull/3853
- William Welling to review https://github.com/vivo-project/VIVO/pull/3861
- All to think how to organize scripts for VIVO (at the moment for dump and restore) - https://github.com/vivo-project/Vitro/pull/380
- Dragan Ivanovic to make consultation with the VIVO ontology group and Lyrasis system administrators about non-resolvable VIVO ontology links
- Committers to take part in the sprint PR review process
- Dragan Ivanovic to make a PR for fixing privileges for adding grant collaborators
- Brian Lowe to make a PR for fixing ordering of instances with multilingual properties
- Georgy Litvinov will investigate the problem of searching instances with multilingual properties
- Ralph O'Flinn to help with Preparing Documentation for Release by coping space VIVO 1.12.x Documentation to the space VIVO 1.13.x Documentation (or to grant Dragan Ivanovic permissions to do that)
- Dragan Ivanovic to work on documenting new features for VIVO 1.13.x Documentation
- Dragan Ivanovic to create the third one google form for reporting the testing results, that form should be used for testing new features introduced in VIVO 1.13.0
- Everyone to review https://docs.google.com/forms/d/13W2vynR6OmavoV2Px_kJ-k-dlQDv3ERWG0PnXX7ekQA/edit?usp=sharing and https://docs.google.com/forms/d/1dks3b3sJsmM7Q33bwHW_1iVem5VRjg3fqpx8UTFKIfI/edit?usp=sharing
- Brian Lowe to work on removing spring dependencies (https://github.com/vivo-project/VIVO/issues/3686)
- Georgy Litvinov to work on PR for merging back a lost fix he noticed
- Everyone to review spreadsheet for defining requirements for JS and CSS framework selection - https://docs.google.com/spreadsheets/d/1p-86FdqQR2SpFIsK5Xa-k6Dgm5ORg6Lrc7eeOEetm8g/edit?usp=sharing
- Benjamin Gross to review https://github.com/vivo-project/Vitro/pull/251
- Dragan Ivanovic to review https://github.com/vivo-project/Vitro/pull/251
- Georgy Litvinov to fix the issue with GitHub action https://github.com/vivo-project/Vitro/pull/269
- Ralph O'Flinn to review https://github.com/vivo-project/Vitro/pull/269
- William Welling to review https://github.com/vivo-project/Vitro/pull/269
- Georgy Litvinov to update pom versions in https://github.com/vivo-project/VIVO-languages/pull/104 and https://github.com/vivo-project/Vitro-languages/pull/54
- Dragan Ivanovic to review and merge https://github.com/vivo-project/VIVO-languages/pull/104 and https://github.com/vivo-project/Vitro-languages/pull/54
- Georgy Litvinov to review https://github.com/vivo-project/VIVO/pull/3613
- Dragan Ivanovic to review https://github.com/vivo-project/Vitro/pull/240
- Brian Lowe to review https://github.com/vivo-project/Vitro/pull/240
- Ralph O'Flinn to publish orcid-api-client 0.6.4 and update version of this library at https://github.com/vivo-project/VIVO/blob/main/api/pom.xml#L62
- Dragan Ivanovic to create announcement for the demo meeting and to spread it
- Dragan Ivanovic to reorganize code of https://github.com/vivo-project/Vitro/pull/287 and to get rid of enumerations for data types
- Dragan Ivanovic to investigate organizational (management) aspects of DSpace community and to prepare discussion for the next meeting what might be adopted from there (GitHub actions, labels for issues, template for issue, template for PR)
- William Welling Georgy Litvinov to review sprint PRs (there should be three PRs)
- Brian Lowe to review N3Template operation PR (https://github.com/vivo-project/Vitro/pull/286)
- Georgy Litvinov to review/test https://github.com/vivo-project/orcid-api-client/pull/12
- Ralph O'Flinn to merge https://github.com/vivo-project/orcid-api-client/pull/12 and publish orcid-api-client 0.6.4
- Georgy Litvinov to complete https://github.com/vivo-project/Vitro/pull/251
- Ralph O'Flinn to merge https://github.com/vivo-project/VIVO/pull/3611, after that Georgy Litvinov will create a branch for the sprint and move the code from his fork to there
- Ralph O'Flinn to resolve missing i18n directory issue in VIVO 1.12.2 release
- Georgy Litvinov to work on specification for Dynamic API, Dragan Ivanovic to help Georgy on request
- Ralph O'Flinn to resolve missing i18n directory issue in VIVO 1.12.2 release
- Dragan Ivanovic to find some examples for citation of a GitHub repositories (https://github.com/vivo-project/VIVO/pull/247)
- Georgy Litvinov to contact Tatiana Walther for reviewing https://github.com/vivo-project/VIVO-languages/pull/104 and https://github.com/vivo-project/Vitro-languages/pull/54
- Benjamin Gross to review https://github.com/vivo-project/VIVO/pull/250, https://github.com/vivo-project/Vitro/pull/251, and https://github.com/vivo-project/Vitro-languages/pull/56
- Brian Lowe to review https://github.com/vivo-project/Vitro/pull/213, https://github.com/vivo-project/Vitro-languages/pull/44, https://github.com/vivo-project/Vitro/pull/240, and https://github.com/vivo-project/VIVO-languages/pull/103
- William Welling to review https://github.com/vivo-project/Vitro/pull/241
- Huda Khan to review https://github.com/vivo-project/VIVO/pull/247
