Time: 10:00 am, Eastern Standard Time, or 4:00 pm, Central European Time
Join Zoom Meeting
https://lyrasis.zoom.us/j/81398228834?pwd=SE0wdFN3NnFVbEhYVUhuM3BtQmVUQT09
Meeting ID: 813 9822 8834
Passcode: 728426
Indicating note-taker
dependency-check-maven
Dragan identified vulnerabilities in the orchid client API linked to Jackson Data Bind library and proposed an update to resolve the issue (https://github.com/vivo-project/orcid-api-client/pull/17). Dragan suggested releasing a new version of the ORCID client API and updating this dependency in the VIVO/Vitro project.
The dependency-check-maven library is outdated and there is a security vulnerability. Dragan and Georgy discussed whether dependency-check-maven is needed at all in the VIVO/Vitro codebase. Dragan suggested to upgrade the library (https://github.com/chenejac/Vitro/commit/dc8b2b1e9aaaff3ba706dfe4af751ea78ebe240e), and to investigate whether it can be used in some github action. Georgy suggested to investigate mvn verify, it might include some report generated from dependency-check-maven.
We discussed possible alternatives to GitLab self-managed instance for mirroring GitHub repositories. Dragan suggested investigating using the gitlab.com SaaS solution and offered licenses (https://about.gitlab.com/pricing/). The team agreed to investigate the volume of a backup from Litvinovg's Gitlab instance and consider requesting an enterprise license from their leaders due to storage limitations.
The fix is working for Milos Popovic’s laptop, and we are investigating at the moment whether it is working on Kshitij Sinha’s laptop.
Ivan Mrsulja found that some UI messages in contact form are hard-coded in the Java code. Ivan will refactor that to be i18n and suggest draft versions of translation by using ChatGPT. Dragan will coordinate validation of those messages by native speakers. Google reCAPTCHA not working behind an http proxy. Dragan suggested defining the proxy parameters in the running properties file in a separated PR. The team discussed the issue of HTTP proxy and its configuration in their system. They agreed to investigate further, particularly regarding the use of the HttpClient and the potential need for proxy configuration in different parts of their system.
This PR should be rebased to the main branch once CAPTCHA improvement PR is merged.
Brian will try to find time to review this PR.
Dragan asked about the progress on basic access control PR. Georgy discussed a series of commits he had made to the ontology, with Dragan seeking clarification on the purpose of these commits. They also discussed a pending PR commitment and the need for documentation and potential presentations in future meetings.
This might be ready for merging. Dragan will review PR and communicate with Georgy if some improvement is needed.
This is already merged
Dragan discusses an issue with the nemo theme reported by Rodrigo Villagran and mentions that Milos Popovic has resolved the issue (https://github.com/vivo-project/VIVO/pull/3921). Benjamin Gross suggested via PR comment to consider upgrading JQuery. We are planning to make the nemo theme deprecated, so don’t want to investigate too much effort in resolving issues with this theme. Brian asked whether JQuery is used in the wilma theme. Dragan will check this, if it is the case then it should be upgraded, but if it is only used in the nemo theme, the fix created by Milos is good enough. The team has three tasks to complete: complete a fix for Nemo, merge the responsive Wilma team, and to make nemo and tenderfoot themes deprecated (separated directory and warning about using deprecated themes).