vtk 1.3.0 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/vtk/version.rb +1 -1
- data/scripts/shai-hulud-repo-check.ps1 +2 -2
- data/scripts/shai-hulud-repo-check.sh +2 -2
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 62af2c968511d7207d4d28039943b1754da9f0a1f7b22c77d672a4a8fdf42d1f
|
|
4
|
+
data.tar.gz: 4f5acdd0302634d14839a9656c20c0173619a73a719286bd29d10c9ef8679cb3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 58762af18d1e4711a6d3b1f93b878bb4af8de5f5c05af6b192a2924c8a2cfe027327b26077039cca261602f0cad4b15c55396f6cdbf73268403abebe857ccec5
|
|
7
|
+
data.tar.gz: 8ec9a77feae39e5746225066f3450de68695397df703a7c8d991f3e6fd8c9a46ce154d5955e542370cc8b9d7081b949fe7de99f2142201d92283c089c9ffe759
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,14 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [v1.3.1](https://github.com/department-of-veterans-affairs/vtk/tree/v1.3.1) (2026-05-13)
|
|
4
|
+
|
|
5
|
+
[Full Changelog](https://github.com/department-of-veterans-affairs/vtk/compare/v1.3.0...v1.3.1)
|
|
6
|
+
|
|
7
|
+
**Merged pull requests:**
|
|
8
|
+
|
|
9
|
+
- fix\(scan\): match renamed compromised packages header [\#74](https://github.com/department-of-veterans-affairs/vtk/pull/74) ([ericboehs](https://github.com/ericboehs))
|
|
10
|
+
- chore: release v1.3.0 [\#73](https://github.com/department-of-veterans-affairs/vtk/pull/73) ([ericboehs](https://github.com/ericboehs))
|
|
11
|
+
|
|
3
12
|
## [v1.3.0](https://github.com/department-of-veterans-affairs/vtk/tree/v1.3.0) (2026-04-14)
|
|
4
13
|
|
|
5
14
|
[Full Changelog](https://github.com/department-of-veterans-affairs/vtk/compare/v1.2.0...v1.3.0)
|
data/lib/vtk/version.rb
CHANGED
|
@@ -91,7 +91,7 @@ $CacheDir = Join-Path $env:LOCALAPPDATA "vtk"
|
|
|
91
91
|
$CacheFile = Join-Path $CacheDir "compromised-packages.txt"
|
|
92
92
|
$CacheTTL = 86400 # 24 hours in seconds
|
|
93
93
|
$MinExpectedPackages = 500
|
|
94
|
-
$ExpectedHeader = "Shai-Hulud
|
|
94
|
+
$ExpectedHeader = "Shai-Hulud.*Supply Chain Attack"
|
|
95
95
|
$PlaybookUrl = "https://department-of-veterans-affairs.github.io/eert/shai-hulud-dev-machine-cleanup-playbook"
|
|
96
96
|
|
|
97
97
|
# Resolve path
|
|
@@ -151,7 +151,7 @@ function Test-PackageListValid {
|
|
|
151
151
|
param([string]$Content)
|
|
152
152
|
|
|
153
153
|
# Check for expected header
|
|
154
|
-
if ($Content -notmatch
|
|
154
|
+
if ($Content -notmatch $ExpectedHeader) {
|
|
155
155
|
Write-Warning "Downloaded file missing expected header - possible MITM or corrupted file"
|
|
156
156
|
return $false
|
|
157
157
|
}
|
|
@@ -50,7 +50,7 @@ CACHE_DIR="${XDG_CACHE_HOME:-$HOME/.cache}/vtk"
|
|
|
50
50
|
CACHE_FILE="$CACHE_DIR/compromised-packages.txt"
|
|
51
51
|
CACHE_TTL=86400 # 24 hours
|
|
52
52
|
MIN_EXPECTED_PACKAGES=500
|
|
53
|
-
EXPECTED_HEADER="Shai-Hulud
|
|
53
|
+
EXPECTED_HEADER="Shai-Hulud.*Supply Chain Attack"
|
|
54
54
|
PLAYBOOK_URL="https://department-of-veterans-affairs.github.io/eert/shai-hulud-dev-machine-cleanup-playbook"
|
|
55
55
|
|
|
56
56
|
# Parse arguments
|
|
@@ -172,7 +172,7 @@ validate_package_list() {
|
|
|
172
172
|
local content="$1"
|
|
173
173
|
|
|
174
174
|
# Check for expected header
|
|
175
|
-
if ! echo "$content" | grep -
|
|
175
|
+
if ! echo "$content" | grep -Eq "$EXPECTED_HEADER"; then
|
|
176
176
|
echo "Downloaded file missing expected header - possible MITM or corrupted file" >&2
|
|
177
177
|
return 1
|
|
178
178
|
fi
|