Closed Georges-GNM closed 1 year ago
prout-bot
commented
1 year ago Overdue on auth, usage, image-loader, metadata-editor, thrall, leases, cropper, collections, media-api, kahuna (merged by @Georges-GNM 30 minutes and 5 seconds ago) What's gone wrong?
prout-bot
commented
1 year ago Seen on kahuna (merged by @Georges-GNM 1 hour, 6 minutes and 59 seconds ago) Please check your changes!
prout-bot
commented
1 year ago Seen on usage (merged by @Georges-GNM 1 hour, 7 minutes and 5 seconds ago) Please check your changes!
prout-bot
commented
1 year ago prout-bot
commented
1 year ago Seen on collections, leases (merged by @Georges-GNM 1 hour, 7 minutes and 21 seconds ago) Please check your changes!
prout-bot
commented
1 year ago Seen on metadata-editor, image-loader (merged by @Georges-GNM 1 hour, 7 minutes and 29 seconds ago) Please check your changes!
What does this change?
Small one to remove a high vulnerability.
How to test and measure success?
So interestingly, this is part of a particular script which, as far as I can tell, exists as a safety net if an image is missing its metadata, and would only get run manually by following the instructions in the readme.
I tried running the tool with this command in my terminal:
AWS_PROFILE=$aws_profile ./run.sh $image_bucket $id, filling in the variables with a random image from a test bucket.Running the command itself didn't completely succeed due to an issue with the aws-sdk version we're using, which it seems should be bumped to v3, but that feels just out of scope for this work of resolving a snyk vulnerability. Importantly, one of the commands that does seem to succeed in the script relates to the exiftool, which feels like sufficient proof that the dependency bump hasn't broken the associated functionality.
Who should look at this?
Tested? Documented?