Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Central-ledger migration scripts should configure the Quote Party table to utf8 character set #2480

Closed
9 tasks done
mdebarros opened this issue Sep 16, 2021 · 0 comments
Closed
9 tasks done

Central-ledger migration scripts should configure the Quote Party table to utf8 character set #2480

mdebarros opened this issue Sep 16, 2021 · 0 comments
Assignees
@mdebarros
Labels
oss-core This is an issue - story or epic related to a feature on a Mojaloop core service or related to it story
Milestone
Sprint 15.4

Comments

@mdebarros
Copy link
Member

mdebarros commented Sep 16, 2021
edited
Loading

Goal:

As a Mojaloop Installation Upgrader

I want to have the existing Central-Ledger Migration scripts update the Quoting Party table to utf8 character set encoding

so that upgrades from Mojaloop Helm releases v13.0.1 to v13.0.2 are seamless

Note: this is a follow up to #2471: Quoting service (in persistence mode) having storage issues for Unicode characters.

Acceptance Criteria:

  • Central-ledger migration scripts must upgrade the Party table with the following characteristics:
    • character-set: utf8mb4
    • collation: utf8mb4_unicode_ci

Complexity: Low

Uncertainty: Low

Tasks:

  • Add new migration script to alter Party table to convert character-set to UTF8

Done

  • Acceptance Criteria pass
  • Designs are up-to date
  • Unit Tests pass
  • Integration Tests pass
  • Code Style & Coverage meets standards
  • Changes made to config (default.json) are broadcast to team and follow-up tasks added to update helm charts and other deployment config.

Pull Requests:

Follow-up:

  • N/A

Dependencies:

  • N/A

Accountability:

  • Owner: TBC
  • QA/Review: TBC
@mdebarros mdebarros added oss-core This is an issue - story or epic related to a feature on a Mojaloop core service or related to it story labels Sep 16, 2021
@mdebarros mdebarros added this to the Sprint 15.4 milestone Sep 16, 2021
@mdebarros mdebarros self-assigned this Sep 16, 2021
@mdebarros mdebarros mentioned this issue Sep 16, 2021
Merged
mdebarros added a commit to mojaloop/central-ledger that referenced this issue Sep 16, 2021
@mdebarros
feat(mojaloop/#2480): central-ledger migration scripts to configure q…
bf4da0e 
…uote party table utf8 support (#862)

feat(mojaloop/#2480): central-ledger migration scripts to configure quote party table utf8 support
- added migration script (500601_party-2480.js) to alter party table for utf8 support - mojaloop/project#2480
- updated circleci config to use the last commit sha1 hash instead of the package.json checksum for the dependency-cache to ensure that build caches are now specific to the changes being made
- updated dependencies
- fixes for audit-resolve

```text
--------------------------------------------------
 tar needs your attention.

[ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
 vulnerable versions <4.4.16 || >=5.0.0 <5.0.8 || >=6.0.0 <6.1.7 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar
[ high ] Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
 vulnerable versions <4.4.18 || >=5.0.0 <5.0.10 || >=6.0.0 <6.1.9 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar
[ high ] Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
 vulnerable versions <4.4.18 || >=5.0.0 <5.0.10 || >=6.0.0 <6.1.9 found in:
 - dependencies: @mojaloop/event-sdk>grpc>@mapbox/node-pre-gyp>tar
```

> Outcome: Fixed

```text
--------------------------------------------------
 yargs-parser needs your attention.

[ low ] Prototype Pollution
 vulnerable versions <13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2 found in:
 - dependencies: @mojaloop/central-services-shared>widdershins>yargs>yargs-parser
```

> Outcome: Ignored for a week
> Impact: Minimal as the dependencies are used for the Developer Documentation end-point

```text
--------------------------------------------------
 sanitize-html needs your attention.

[ moderate ] Improper Input Validation
 vulnerable versions <2.3.1 found in:
 - dependencies: @mojaloop/central-services-shared>shins>sanitize-html
[ moderate ] Improper Input Validation
 vulnerable versions <2.3.2 found in:
 - dependencies: @mojaloop/central-services-shared>shins>sanitize-html
```

> Outcome: Ignored for a week
> Impact: Minimal as the dependencies are used for the Developer Documentation end-point
@mdebarros mdebarros mentioned this issue Sep 29, 2021
Closed
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mdebarros mdebarros

Labels
oss-core This is an issue - story or epic related to a feature on a Mojaloop core service or related to it story
Projects
None yet
Milestone
Sprint 15.4
Development

No branches or pull requests
1 participant
@mdebarros