search

semantalytics / stardog-extensions

Single repository for all Stardog function extensions
Apache License 2.0
3 stars 2 forks source link

Bump dependency versions #8

Closed martinleinberger closed 1 year ago

martinleinberger commented 2 years ago

Hi,

a scan with a tool like Trivy reveals several critical security vulnerabilities that are related to libraries (in particular Jackson) used in the project. According to Trivy, those have been fixed in newer versions of the respective libraries.

Is there any chance for a new release with updated dependency versions?

Thank you, Martin

zacharywhitley commented 2 years ago

Sure, I didn't know anyone was actually using this. I haven't looked at in a while because I shifted my focus on a WebAssembly based implementation of UDFs.

zacharywhitley commented 1 year ago

I got some feedback from Stardog that you're looking for this. I looked into it and it should be fairly easy. A couple of things I wanted to ask. I added some functions for emojis, mostly just to play around with so I doubt you're using them but upgrading that requires migrating over to a separate library and might take a little bit. If you're not using them I'd be happy to just drop them. In that case I could probably have a new version with updated dependencies out in a day.

If you let me know what functions you are using I can prioritize getting them supported in WebAssembly. I understand that there is some concerns about network latency with web functions but that isn't a problem as it actually works in the opposite direction. The code is downloaded once and executed on the local machine. That's once ever like you would download a plugin once and install it.

This dependency problem is one of the problems that it addresses. It supports deploying individual functions and not a fat jar with all the dependencies included. I'd be happy to go over more details of your'e interested.

martinleinberger commented 1 year ago

Hi,

regarding the functions that we are actually using: We are currently only using the string metric functions.

Regarding Web Assembly functions, I need to get back to you because first I need to ask some questions internally (e.g., if we could actually deploy them on the server).

Thank you, Martin

zacharywhitley commented 1 year ago

Fixed with release 2022.12.07.1