nextflow icon indicating copy to clipboard operation
nextflow copied to clipboard

Published 20 hours ago verified publisher icon nextflow-io

Move executor and cloud platform docs to subpages

Open bentsherman opened this issue 2 years ago • 2 comments

This PR includes the following changes:

  • split executor docs into subpages
  • move AWS / Azure / Google pages into "Cloud Platform" subpages
  • incorporate Ignite and Kubernetes pages into executor subpages
  • incorporate Amazon S3 page into AWS cloud subpage
  • add redirects for outdated links

Basically, the "Cloud Platform" subpages include general information about each cloud platform (credentials, object storage, configuration options, etc). The corresponding executor subpages just show how to use the executor. And both pages link to each other.

Also included the general improvements for these pages as they were hard to disentangle.

bentsherman avatar Apr 14 '22 22:04 bentsherman

@pditommaso can you review this PR when you have some time? Deciding on these changes will help us move along with the website / docs overhaul.

bentsherman avatar Jun 08 '22 18:06 bentsherman

pkg:maven/io.nextflow/[email protected]

1 Critical, 9 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies

Components
    pkg:maven/io.nextflow/[email protected]
      CRITICAL Vulnerabilities (1)

        Uncontrolled Resource Consumption

        moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.

        CVSS Score: 7.5

        CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

        CWE: CWE-400

      SEVERE Vulnerabilities (9)
        sonatype-2021-0900

        Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

        CVSS Score: 6.5

        CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

        CWE: CWE-79

        CVE-2018-14040

        Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

        In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

        CVSS Score: 6.1

        CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

        CWE: CWE-79

        CVE-2018-14041

        Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

        In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.

        CVSS Score: 6.1

        CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

        CWE: CWE-79

        CVE-2018-14042

        Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

        In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

        CVSS Score: 6.1

        CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

        CWE: CWE-79

        CVE-2019-11358

        Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

        jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

        CVSS Score: 6.1

        CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

        CWE: CWE-1321

        CVE-2019-8331

        Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

        In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

        CVSS Score: 6.1

        CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

        CWE: CWE-79

        CVE-2020-11023

        Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

        In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

        CVSS Score: 6.1

        CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

        CWE: CWE-79

        sonatype-2018-0607

        Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

        CVSS Score: 6.1

        CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

        CWE: CWE-79

        sonatype-2020-0187

        Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

        CVSS Score: 6.1

        CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

        CWE: CWE-79

sonatype-lift[bot] avatar Aug 25 '22 22:08 sonatype-lift[bot]

Closing this PR because it has gone stale. Most of the language edits have been merged through other PRs, the subpage refactoring will be decided as part of the docs overhaul.

bentsherman avatar Dec 14 '22 18:12 bentsherman