 Hey, that one isn't it. Hey, can you hear me? Hey, Peter. Yeah Just have to share the screen with the thing. I don't know. Where is I? Oh I put it on the top. Oh Okay, cool Welcome everyone to the hyperledic cacti maintainers meeting Please abide by the antitrust policy that we're showing on the screen And also the hyperledic code of conduct Which is linked to in the agenda document. So that said I have Just basic Chores to talk about regarding the 2.0 release We have to throw out the old 3rpc, which means that throw out fabric And fabric one dependencies and Then I also saw Critical level or critical severity What is that vulnerabilities 8js and mongoose and It's not here. So I'm not going to talk about mongoose because I think that's stuff that he maintains But we can't talk about the fever visu cli and The febrile because they both have this glue gun dependency that has the old ejs. So I just wanted to ask What do you think is that upgradeable or is it some some old thing? That it's hard to upgrade It should be upgradeable. I would see into this Okay, awesome. And then for my part I spent most of the last week working on fixing up the 2.0 fabric all-in-one docker container There was a bunch of stuff that I had to do there at the old fabric node and Image was using Node.js 12 and then it wasn't building the typescript packages correctly anymore And there was a bunch of other stuff as a sage getting upgraded in the alpine images and then causing issues with the s sage connection But I just submitted a PR with it today. I forget what it was. Oh, yeah, it was PR 25 99 We're in the chat. I'm just bringing that up as an ad hoc thing because I'm soliciting reviews so if you have a second, please take a quick look at it and So just one thing I just the diff that you are showing a last call about the gRPC updates and the fabric Version updates that we are you haven't opened it or it has merged Ah Definitely was not merged because the tests were not passing yet Yeah, so it's a work in progress draft pull requests And certain yeah a bunch of this stuff is just broken on it And I haven't yet had had time to investigate So I don't actually know How hard it is to fix it the only reason I put this out there so that everyone can take a look for themselves And then we can try and figure it out But also if you get stuck with something I'm happy to try and help and do deep dives That's kind of my specialty to just zoom in on some specific issue And then figure it out if something gets in the way. Just let me know and I'll try to help Okay I'll put this as well in the chat And actually I'll probably put these in the discord chat as well. I Have not had time to read the score chat. Sorry about that. So it was just easy to say Migrating fabric one to two the plenty update plugins example tool Open API fabric connector and move stock type of fabric connector. Oh, nice. Okay, that's great So he says they can finish their thing next week Awesome. That's good progress Sorry go ahead No relating to what you said I had a chat with Sunday yesterday I don't think there are any fabric one point ex dependencies within the beaver part. So I think we have kind of saved that Other Sunday, but I think No, we are all two point Yeah Yeah, at the latest stage we probably Need to I mean this is they'll take some development effort, but as you know, the fabric team has is now recommending using the New version of the SDK which doesn't require us to import several libraries, but instead just import one library So, yeah, but that's going to be a bigger effort. So I think we should It'll take a few months, I suppose Oh, yeah, that's that's all fine. Oh, I remember now You don't use fabric one, but you do use the old GRPC in The proto's JS package You also use GRPC JS and they do the same thing. So maybe you don't maybe this is just here by accident This one that I'm highlighting But I don't know I think this was auto-generated, but okay Yeah, if if you can just remove it and it doesn't break anything awesome, okay I think all the other ones are really just me Going to unify the versions that are already two point X. Yeah Yeah, okay, so then yeah for the viewer code base. It's just really just that your PC declaration That's nice and the last thing I wanted to say is that I'll try to work on issuing the alpha to release and I'll try to find some more time to to review the build scripts or the release scripts because I know we've been adding things in there and We still not don't have the automation in place because ideally we would just Need to put a git tag or release tag on the main branch and it would trigger the release, but it doesn't work yet so I'll try to work on that as well and And that's all I had Thanks Yeah, I don't have anything today. I just got back from vacation just over two days ago. I'm still trying to get all my jet lag I will get working on my pending tasks soon during the reviews that you have assigned and also The finishing the documentation which I only was able to do a little bit during the week I was attending the conference Then I think next week we should also Talk about Applying for graduated status, which is something you brought before the PC Yeah, sorry, I was supposed to look into that as well because There's some sort of form or something document Yeah, we need to make I can I can take a stab at that if you want I mean, I know you're really busy with this and you've been doing a lot of work on fixing the code base and the pipelines Okay, yeah, if you could help out with that, I would love that. Thank you very much No problem That's one more thing Yeah There was a unrelated issue. Sorry. Just because you're here, so I just wanted to catch you. So Sorry, I was not able to attend the pipelines meeting a couple of weeks ago There's a conflict with the conference that I was attending, I think and I just didn't find time that morning I'm happy to join other new editions of the Of the task of meeting I would you also Care to discuss the badging life cycle Work that I'm in charge of I think we're supposed to based on a next change. I had the Tracy last night We can probably use the Tomorrow's to see meeting to discuss that because there was no no other items in the DOC agenda Yeah, yeah, I will be in attendance at the TLC meeting and I'm totally fine with discussing that because I last time I made a Draft and I was I just had about 10 minutes to propose What was in there and it was all a solo effort. So I really need to brainstorm it with others Especially people like you have been in the TLC much longer than I Yeah, okay Thanks Cool, Sandy. Do you have anything? Uh, just one thing. So the gluggen vulnerability that you were showing What was the version for it? Yeah, I was looking at that too. It was 512 is what was in the The agenda and from what I can see in npm 512 is the latest version. Yeah, they have not updated it Someone has opened an issue in their repository about that vulnerability, but they haven't updated that Okay, well then two options we have one is If this gluggen thing is something that we can swap out with a different dependency, you can just do that or We for now we can just wait and hope that they quickly fix it and then all we need to do is upgrade The only thing is that The 2.0 release the the final stable one cannot go out with No critical level security vulnerabilities in it So the package that uh, that has this vulnerability we can forcefully Like a putterator was in in the package of json, right and check if it works or not Sorry, I don't what do you mean by forcefully putting it in the package json? Like if in our application we put that egs version to uh, like I think they say 3.1.7 Oh, yeah, yeah, we can force the upgrade even on transitive dependencies There's a syntax for it. Yeah Yeah, if you can also just test that you're right Okay I looked at the npm Page for uh gluggen and it's not been updated for a year. So I think it's highly unlikely anybody will be updating it Even for a vulnerability. So either we may have to do it ourselves or we may have to Try what something just suggested Yeah, yeah, if they haven't updated in a year honestly Not very likely that they're going to be quick with the fix So yeah for now just I would just set the resolution here in the the root package json Or you can actually set it in the specific packages json to it doesn't matter Uh And then just see if it works and if it works great, we can just forget it and move on Okay, I'll try. Thank you Thanks Okay, if nothing else Then thanks everyone for joining Okay, thanks Bye. Thank you