TA-3622: Downgrade AdmZip version #194
Conversation
|
I'm curious to understand how the extraction/import of zip happens in the team to team copy as I've also tested this flow locally and it seemed to be working fine. On a side-note, there was a vulnerability reported with versions older than the latest version of adm-zip, can we make sure to run the SAST scan once this PR is merged to verify that we're not introducing new vulnerabilities? |
Team to team copy is using the I can check the SAST scan after merging, since the actions currently don't provide with option to run a branch. |
Description
Downgrade AdmZip library to a version where zip descriptors are not checked. The nested zips we are generating during
config export/importcommands create zips that don't contain descriptors, and the library we are using doesn't provide with any way to force zip descriptors to be written during exports. Issues were introduced with this PRDowngrade will offer a temporary solution until either a fix is provided in the library itself, or otherwise we will need to switch libraries.
Ticket: https://celonis.atlassian.net/browse/TA-3622
Checklist
config exportandconfig import