Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Esri to JTS #8

Merged
merged 16 commits into from
May 5, 2022
Merged

Esri to JTS #8

merged 16 commits into from
May 5, 2022

Conversation

sheinbergon
Copy link
Owner

@sheinbergon sheinbergon commented May 4, 2022
edited
Loading

  • Geometry Implementation move from ESRI to JTS
  • From WKB read impelemented and validated
  • ST_AsJson/ST_Transform removed, for the time being.
  • SRID is now passed around between functions, thanks to JTS EWKB support.
  • CI Procedural Fixes
  • README updates

sonatype-lift[bot]
sonatype-lift bot reviewed May 4, 2022
View reviewed changes
pom.xml
<artifactId>jts-core</artifactId>
<version>${jts-core.version}</version>
</dependency>
<dependency>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Severe OSS Vulnerability:

pkg:maven/org.locationtech.jts.io/[email protected]

0 Critical, 1 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies

Components
    pkg:maven/junit/[email protected]
      SEVERE Vulnerabilities (1)

        [CVE-2020-15250] CWE-732: Incorrect Permission Assignment for Critical Resource

        In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory.

        CVSS Score: 5.5

        CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

        CWE: CWE-732

(at-me in a reply with help or ignore)

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

@sheinbergon sheinbergon merged commit 4a5086d into 20.x.x May 5, 2022
@sheinbergon sheinbergon deleted the esri-to-jts branch May 5, 2022 18:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sonatype-lift sonatype-lift[bot] sonatype-lift[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@sheinbergon