Cypress company

.github/workflows/build-pr.yml

@@ -52,6 +52,7 @@ jobs:
         working-directory: cla-backend
         run: |
           pip install -r requirements.txt
+          pip install -r requirements-test.txt
 
       - name: Python Lint
         working-directory: cla-backend

.github/workflows/deploy-dev.yml

@@ -89,8 +89,7 @@ jobs:
         working-directory: cla-backend
         run: |
           pip install -r requirements.txt
-
-
+          pip install -r requirements-test.txt
 
       - name: Python Lint
         working-directory: cla-backend

cla-backend-go/.golangci.yaml

@@ -33,10 +33,10 @@ linters-settings:
     # default is false: such cases aren't reported by default.
     check-blank: true
   govet:
-    check-shadowing: true
-    fieldalignment: true
-  revive:
-    ignore-generated-header: true
+    enable-all: true
+    #check-shadowing: true
+    #fieldalignment: true
+  revive: # golint was replaced by revive
     min-confidence: 0
     rules:
       # Recommended in Revive docs
@@ -48,12 +48,14 @@ linters-settings:
   goconst:
     min-len: 2
     min-occurrences: 2
+  gocyclo:
+    min-complexity: 40
 
 linters:
   disable-all: true
   enable:
-    - revive
-    - govet
+    - revive # 'golint' is deprecated (since v1.41.0), replaced by revive
+    #  - govet
     - errcheck
     - ineffassign
     - typecheck
@@ -63,14 +65,13 @@ linters:
     - goimports
     - gosec
     - megacheck # (staticcheck + gosimple + unused in one linter)
-    - depguard
     - unconvert
     - unparam
     - unused
     - nakedret
-    #- maligned # The repository of the linter has been archived by the owner.  Replaced by govet 'fieldalignment'.
+    # - depguard # recently, this error is showing up: import '....' is not allowed from list 'Main' (depguard) for all the packages
+    #- maligned is deprecated (since v1.38.0), replaced by govet 'fieldalignment'.
     #- dupl
-    - bodyclose
 
 issues:
   exclude-use-default: false

cla-backend-go/Makefile

@@ -35,7 +35,7 @@ ifeq "$(shell uname -s)" "Linux"
 endif
 
 LINT_TOOL=$(shell go env GOPATH)/bin/golangci-lint
-LINT_VERSION=v1.51.2
+LINT_VERSION=v1.54.2
 SWAGGER_DIR=$(ROOT_DIR)/swagger
 SWAGGER_BIN_DIR=/usr/local/bin
 SWAGGER_TOOL_VERSION=v0.30.3

cla-backend-go/package.json

@@ -43,6 +43,7 @@
     "minimist": "^1.2.6",
     "normalize-url": "^4.5.1",
     "qs": "^6.11.0",
+    "semver": "^7.5.4",
     "set-value": "^4.0.1",
     "simple-git": "^3.16.0",
     "ws": "^7.4.6",

cla-backend-go/signatures/constants.go

@@ -19,7 +19,7 @@ const SignatureGitHubOrgApprovalListColumn = "github_org_whitelist" // TODO: ren
 const SignatureGitlabUsernameApprovalListColumn = "gitlab_username_approval_list"
 
 // SignatureGitlabOrgApprovalListColumn is the name of the signature column for gitlab organization approval lists
-const SignatureGitlabOrgApprovalListColumn = "gitlab_org_approval_list"
+const SignatureGitlabOrgApprovalListColumn = "gitlab_org_approval_list" // nolint G101: Potential hardcoded credentials (gosec)
 
 // SignatureUserGitHubUsername is the name of the signature column for user gitlab username
 const SignatureUserGitHubUsername = "user_github_username"

cla-backend-go/signatures/repository.go

@@ -556,7 +556,7 @@ func (repo repository) GetIndividualSignature(ctx context.Context, claGroupID, u
 		log.WithFields(f).Warnf("found multiple matching ICLA signatures - found %d total", len(sigs))
 	}
 
-	return sigs[0], nil
+	return sigs[0], nil // nolint G602: Potentially accessing slice out of bounds (gosec)
 }
 
 // GetCorporateSignature returns the signature record for the specified CLA Group and Company ID
@@ -665,7 +665,7 @@ func (repo repository) GetCorporateSignature(ctx context.Context, claGroupID, co
 		log.WithFields(f).Warnf("found multiple matching ICLA signatures - found %d total", len(sigs))
 	}
 
-	return sigs[0], nil
+	return sigs[0], nil // nolint G602: Potentially accessing slice out of bounds (gosec)
 }
 
 // GetActivePullRequestMetadata returns the pull request metadata for the given user ID

cla-backend-go/v2/metrics/repository.go

@@ -88,10 +88,10 @@ const (
 	MetricTypeCompany                = "company"
 	MetricTypeProject                = "project"
 	MetricTypeCompanyProject         = "company_project"
-	MetricTypeClaManagerDistribution = "cla_manager_distribution"
+	MetricTypeClaManagerDistribution = "cla_manager_distribution" // nolint G101: Potential hardcoded credentials (gosec)
 
 	IDTotalCount             = "total_count"
-	IDClaManagerDistribution = "cla_manager_distribution"
+	IDClaManagerDistribution = "cla_manager_distribution" // nolint G101: Potential hardcoded credentials (gosec)
 )
 
 func newMetrics() *Metrics {

cla-backend-go/yarn.lock

@@ -2313,17 +2313,10 @@ seek-bzip@^1.0.5:
   dependencies:
     commander "^2.8.1"
 
-semver@^5.5.0:
-  version "5.7.1"
-  resolved "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz"
-
-semver@^6.0.0:
-  version "6.3.0"
-  resolved "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz"
-
-semver@^7.3.2, semver@^7.3.5, semver@^7.3.8, semver@^7.5.1:
-  version "7.5.1"
-  resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.1.tgz#c90c4d631cf74720e46b21c1d37ea07edfab91ec"
+semver@^5.5.0, semver@^6.0.0, semver@^7.3.2, semver@^7.3.5, semver@^7.3.8, semver@^7.5.1, semver@^7.5.4:
+  version "7.5.4"
+  resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.4.tgz#483986ec4ed38e1c6c48c34894a9182dbff68a6e"
+  integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==
   dependencies:
     lru-cache "^6.0.0"
 

cla-backend/README.md

@@ -0,0 +1,15 @@
+# Python Backend Notes
+
+## Setup
+
+```bash
+pip3 install -r requirements.txt
+```
+## Dependency Tree
+
+To show the dependency tree of the project, run the following commands:
+
+```bash
+pip install pipdeptree
+pipdeptree -fl
+```

cla-backend/cla/docusign_auth.py

@@ -39,6 +39,9 @@ def request_access_token() -> str:
             "scope": "signature impersonation"
         }
         cla.log.debug(f'Claims: {claims}')
+        # Note from the docs: If you are planning on encoding or decoding tokens using certain digital signature
+        # algorithms # (like RSA or ECDSA), you will need to install the cryptography library. This can be installed
+        # explicitly, or as a required extra in the pyjwt requirement: $ pip install pyjwt[crypto]
         encoded_jwt = jwt.encode(claims, INTEGRATION_SECRET.encode(), algorithm='RS256')
 
         payload = {
@@ -54,7 +57,7 @@ def request_access_token() -> str:
         else:
             cla.log.error('Unable to request access token from DocuSign OAuth2 service: ' + str(data))
             raise Exception('Unable to request access token from DocuSign OAuth2 service: ' + str(data))
-        
+
     except Exception as err:
         cla.log.error('Unable to request access token from DocuSign OAuth2 service: ' + str(err))
         raise err

cla-backend/package.json

@@ -14,6 +14,7 @@
     "prune:dev": "SLS_DEBUG=* time ./node_modules/serverless/bin/serverless.js prune -n 10 -s dev -r us-east-1 --verbose",
     "offline:dev": "./node_modules/serverless/bin/serverless.js offline -s dev -r us-east-1 start",
     "package": "SLS_DEBUG=* ./node_modules/serverless/bin/serverless.js package -s dev -r us-east-1 --verbose",
+    "package:dev": "SLS_DEBUG=* ./node_modules/serverless/bin/serverless.js package -s dev -r us-east-1 --verbose",
     "serve:staging": "./node_modules/serverless/bin/serverless.js wsgi serve -s 'staging'",
     "deploy:staging": "SLS_DEBUG=* ./node_modules/serverless/bin/serverless.js deploy -s staging -r us-east-1 --verbose",
     "deploy:info:staging": "SLS_DEBUG=* ./node_modules/serverless/bin/serverless.js info -s staging -r us-east-1 --verbose",
@@ -35,8 +36,8 @@
   "dependencies": {
     "install": "^0.13.0",
     "node.extend": "^2.0.2",
-    "serverless": "^3.32.2",
-    "serverless-domain-manager": "^7.0.4",
+    "serverless": "^3.34.0",
+    "serverless-domain-manager": "^7.1.2",
     "serverless-finch": "^4.0.3",
     "serverless-layers": "^2.6.1",
     "serverless-plugin-tracing": "^2.0.0",
@@ -51,6 +52,7 @@
     "aws-sdk": "^2.1329.0",
     "axios": "^0.21.4",
     "cookiejar": "^2.1.4",
+    "fast-xml-parser": "^4.2.4",
     "file-type": "^16.5.4",
     "glob-parent": "^5.1.2",
     "http-cache-semantics": "^4.1.1",
@@ -63,6 +65,7 @@
     "minimist": "^1.2.6",
     "normalize-url": "^4.5.1",
     "qs": "^6.11.0",
+    "semver": "^7.5.4",
     "set-value": "^4.0.1",
     "shell-quote": "^1.7.3",
     "simple-git": "^3.16.0",

cla-backend/requirements-test.txt

@@ -0,0 +1,7 @@
+# Copyright The Linux Foundation and each contributor to CommunityBridge.
+# SPDX-License-Identifier: MIT
+pytest==5.0.1
+pytest-clarity==0.3.0a0
+pytest-cov==2.8.1
+coverage==4.5.4
+

cla-backend/requirements.txt

@@ -1,62 +1,77 @@
 # Copyright The Linux Foundation and each contributor to CommunityBridge.
 # SPDX-License-Identifier: MIT
-astroid==2.3.3
-atomicwrites==1.3.0
-attrs==19.3.0
-beautifulsoup4==4.8.1
+astroid==2.15.6
+atomicwrites==1.4.1
+attrs==23.1.0
+beautifulsoup4==4.12.2
 boto3==1.9.236
 botocore==1.12.253
-certifi==2022.12.7
+certifi==2023.7.22
+cffi==1.15.1
 chardet==3.0.4
-colorama==0.4.3
-coverage==4.5.4
-Deprecated==1.2.7
+charset-normalizer==3.2.0
+click==8.1.7
+colorama==0.4.6
+cryptography==41.0.3
+Deprecated==1.2.14
+dill==0.3.7
+distlib==0.3.7
 docraptor==1.2.0
 docutils==0.15.2
-ecdsa==0.14.1
+ecdsa==0.18.0
 falcon==2.0.0
+filelock==3.12.2
 future==0.18.3
-gossip==2.3.1
-gunicorn==19.9.0
-hug==2.6.0
-idna==2.8
-importlib-metadata==1.6.1
-Jinja2==2.11.3
+gossip==2.4.0
+gunicorn==21.2.0
+hug==2.6.1
+idna==3.4
+importlib-metadata==6.7.0
+isort==5.11.5
+Jinja2==3.1.2
 jmespath==0.9.4
 lazy-object-proxy==1.4.3
 Logbook==1.5.3
-lxml==4.9.2
+lxml==4.9.3
+MarkupSafe==2.0.1
+mccabe==0.7.0
 more-itertools==8.0.2
 nose2==0.9.1
-oauthlib==3.1.0
+oauthlib==3.2.2
 packaging==20.5
+pip-autoremove==0.10.0
+pipdeptree==2.9.6
+platformdirs==3.10.0
 pluggy==0.13.1
-py==1.10.0
+psycopg2==2.9.7
+py==1.11.0
 pyasn1==0.4.8
+pycparser==2.21
 pydocusign==2.2
-PyGithub==1.55
-PyJWT==2.7.0
-pylint==1.5.2
+PyGithub==1.59.1
+PyJWT==2.8.0
+pylint==2.17.5
+PyNaCl==1.5.0
 pynamodb==3.4.1
 pyparsing==2.4.5
-pytest==5.0.1
-pytest-clarity==0.3.0a0
-pytest-cov==2.8.1
 python-dateutil==2.8.1
 python-jose==3.0.1
 requests==2.31.0
 requests-oauthlib==1.2.0
-rsa==4.7
+rsa==4.9
 s3transfer==0.2.1
 sentinels==1.0.0
-six==1.13.0
+six==1.16.0
 soupsieve==1.9.5
 termcolor==1.1.0
+tomli==2.0.1
+tomlkit==0.12.1
 typed-ast==1.4.1
+typing_extensions==4.7.1
 urllib3==1.25.11
 vintage==0.4.1
+virtualenv==20.24.4
 wcwidth==0.1.7
 Werkzeug==0.15.5
 wrapt==1.11.2
 zipp==3.15.0
-markupsafe==2.0.1