Date

Call-in Information

Time: 10:00 am, Eastern Standard Time, or 4:00 pm, Central European Time

Attendees

(star)  Indicating note-taker

  1. Dragan Ivanovic (star) 
  2. Georgy Litvinov   
  3. William Welling
  4. Brian Lowe  
  5. Benjamin Gross 

Agenda

  1. Dependencies
    1. Orcid client api 
      1. https://github.com/vivo-project/orcid-api-client/issues/16
      2. https://github.com/vivo-project/orcid-api-client/pull/17

    2. dependency-check-maven

      1. replace with https://github.com/marketplace/actions/dependency-check
      2. upgrade https://github.com/chenejac/Vitro/commit/dc8b2b1e9aaaff3ba706dfe4af751ea78ebe240e, and use mvn site
  2. GitLab self-managed instance
  3. PRs
    1. M1 mac chip and VIVO
      1. https://github.com/vivo-project/Vitro/pull/425
    2. Captcha
      1. https://github.com/vivo-project/Vitro/pull/427
    3. I forgot my password
      1. https://github.com/vivo-project/Vitro/pull/421
    4. Avoid lock on graph uri update in RdfServiceSparql
      1. https://github.com/vivo-project/Vitro/pull/424
    5. ABAC
      1. https://github.com/vivo-project/Vitro/pull/398 
    6. Dynamic API: XML transformation logging
      1. https://github.com/vivo-project/Vitro/pull/428
    7. Wilma theme
      1. https://github.com/vivo-project/VIVO/pull/3909

Notes

  •  Dependencies
  1. Orcid client api 
    1. https://github.com/vivo-project/orcid-api-client/issues/16
    2. https://github.com/vivo-project/orcid-api-client/pull/17

Dragan identified vulnerabilities in the orchid client API linked to Jackson Data Bind library and proposed an update to resolve the issue (https://github.com/vivo-project/orcid-api-client/pull/17). Dragan suggested releasing a new version of the ORCID client API and updating this dependency in the VIVO/Vitro project. 

  1. Dependency-check-maven

The dependency-check-maven library is outdated and there is a security vulnerability. Dragan and Georgy discussed whether dependency-check-maven is needed at all in the VIVO/Vitro codebase. Dragan suggested to upgrade the library (https://github.com/chenejac/Vitro/commit/dc8b2b1e9aaaff3ba706dfe4af751ea78ebe240e), and to investigate whether it can be used in some github action. Georgy suggested to investigate mvn verify, it might include some report generated from dependency-check-maven. 

  • GitLab self-managed instance

We discussed possible alternatives to GitLab self-managed instance for mirroring GitHub repositories. Dragan suggested investigating using the gitlab.com SaaS solution and offered licenses (https://about.gitlab.com/pricing/). The team agreed to investigate the volume of a backup from Litvinovg's Gitlab instance and consider requesting an enterprise license from their leaders due to storage limitations.

The fix is working for Milos Popovic’s laptop, and we are investigating at the moment whether it is working on Kshitij Sinha’s laptop. 

  1. Captcha
    1. https://github.com/vivo-project/Vitro/pull/427

Ivan Mrsulja found that some UI messages in contact form are hard-coded in the Java code. Ivan will refactor that to be i18n and suggest draft versions of translation by using ChatGPT. Dragan will coordinate validation of those messages by native speakers. Google reCAPTCHA not working behind an http proxy. Dragan suggested defining the proxy parameters in the running properties file in a separated PR. The team discussed the issue of HTTP proxy and its configuration in their system. They agreed to investigate further, particularly regarding the use of the HttpClient and the potential need for proxy configuration in different parts of their system. 

  1. I forgot my password
    1. https://github.com/vivo-project/Vitro/pull/421

This PR should be rebased to the main branch once CAPTCHA improvement PR is merged. 

  1. Avoid lock on graph uri update in RdfServiceSparql
    1. https://github.com/vivo-project/Vitro/pull/424

Brian will try to find time to review this PR. 

  1. ABAC
    1. https://github.com/vivo-project/Vitro/pull/398 

Dragan asked about the progress on basic access control PR. Georgy discussed a series of commits he had made to the ontology, with Dragan seeking clarification on the purpose of these commits. They also discussed a pending PR commitment and the need for documentation and potential presentations in future meetings. 

This might be ready for merging. Dragan will review PR and communicate with Georgy if some improvement is needed.  

  1. Dynamic API: XML transformation logging
    1. https://github.com/vivo-project/Vitro/pull/428

This is already merged

  1. Wilma theme
    1. https://github.com/vivo-project/VIVO/pull/3909

Dragan discusses an issue with the nemo theme reported by Rodrigo Villagran and mentions that Milos Popovic has resolved the issue (https://github.com/vivo-project/VIVO/pull/3921). Benjamin Gross suggested via PR comment to consider upgrading JQuery. We are planning to make the nemo theme deprecated, so don’t want to investigate too much effort in resolving issues with this theme. Brian asked whether JQuery is used in the wilma theme.  Dragan will check this, if it is the case then it should be upgraded, but if it is only used in the nemo theme, the fix created by Milos is good enough. The team has three tasks to complete: complete a fix for Nemo, merge the responsive Wilma team, and to make nemo and tenderfoot themes deprecated (separated directory and warning about using deprecated themes).

Draft notes on Google Drive

Actions

Previous actions 

  • No labels

All content on the LYRASIS Wiki is licensed under the CC BY (Attribution) license, unless otherwise noted.