Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
@cumulus/discover-granules
Advanced tools
Discover Granules in FTP/HTTP/HTTPS/SFTP/S3 endpoints
Cumulus is a cloud-based data ingest, archive, distribution and management prototype for NASA's future Earth science data streams.
To make a contribution, please see our contributing guidelines.
[v14.1.0] 2023-02-27
From this release forward Core will be tested against PostgreSQL 11 Existing release compatibility testing was done for release 11.1.8/14.0.0+. Users should migrate their datastores to Aurora PostgreSQL 11.13+ compatible data stores as soon as possible.
Users utilizing the cumulus-rds-tf
module will have upgraded/had their
database clusters forcibly upgraded at the next maintenance window after 31 Jan
2023. Our guidance to mitigate this issue is to do a manual (outside of
terraform) upgrade. This will result in the cluster being upgraded with a
manually set parameter group not managed by terraform.
If you manually upgraded and the cluster is now on version 11.13, to continue
using the cumulus-rds-tf
module once upgraded update following module
configuration values if set, or allow their defaults to be utilized:
parameter_group_family = "aurora-postgresql11"
engine_version = 11.13
When you apply this update, the original PostgreSQL v10 parameter group will be removed, and recreated using PG11 defaults/configured terraform values and update the database cluster to use the new configuration.
PUT
endpoint. In future releases the PUT
endpoint will be replaced with valid PUT logic
behavior (complete overwrite) in a future release. The existing PUT
implementation is deprecated and users should move all existing usage of
PUT
to PATCH
before upgrading to a release with CUMULUS-3072
.CUMULUS-3033
granuleEsQuery
to properly terminate if body.hit.total.value
is 0.The getLambdaAliases
function has been removed from the @cumulus/integration-tests
package
The getLambdaVersions
function has been removed from the @cumulus/integration-tests
package
CUMULUS-3117
@cumulus/es-client/indexer.js
to properly handle framework write
constraints for queued granules. Queued writes will now be properly
dropped from elasticsearch writes along with the primary datastore(s) when
write constraints applyCUMULUS-3134
CUMULUS-3148:
CUMULUS-3149
/granules/bulkDelete
endpoint to take the
following configuration keys for the bulkDelete:
concurrency
, and generally should not be
changed unless troubleshooting performance concerns.CUMULUS-3142
CUMULUS-3181
sqsMessageRemover
lambda to correctly retrieve ENABLED sqs rules.CUMULUS-3189
cumulus-process
and cumulus-message-adapter-python
versions to
support pip 23.0CUMULUS-3196
createServer
initialization outside the s3-credentials-endpoint
lambda
handler to reduce file descriptor usageREADME shell snippets better support copying
CUMULUS-3111
{ version: 2 }
2
@cumulus/api-client
packages to use PATCH
protocol for existing
granule PUT
calls, this change should not require user updates for
api-client
users.
@cumulus/api-client/granules.updateGranule
@cumulus/api-client/granules.moveGranule
@cumulus/api-client/granules.updateGranule
@cumulus/api-client/granules.reingestGranule
@cumulus/api-client/granules.removeFromCMR
@cumulus/api-client/granules.applyWorkflow
@cumulus/cmr-client
package's token from Echo-Token to Earthdata Login (EDL) token in updateToken methodFAQs
Discover Granules in FTP/HTTP/HTTPS/SFTP/S3 endpoints
The npm package @cumulus/discover-granules receives a total of 153 weekly downloads. As such, @cumulus/discover-granules popularity was classified as not popular.
We found that @cumulus/discover-granules demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.