Merging all commits for OSCAL 1.1.3 patch release into the release-1.1 branch #2081
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The old board (https://github.com/usnistgov/OSCAL/projects/52) has been deprecated and it is time to switch board automation. Repo admins will get emails on every triage automation failure as old board is closed.
I found this other issue type when reading GitHub's documentation and reviewing it for debugging steps.
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.6.0 to 4.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@f43a0e5...3df4ab1) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@3df4ab1...8ade135) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [build/metaschema-xslt](https://github.com/usnistgov/metaschema-xslt) from `034e92b` to `bd4359a`. - [Commits](usnistgov/metaschema-xslt@034e92b...bd4359a) --- updated-dependencies: - dependency-name: build/metaschema-xslt dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
Based on the content of the catalog whose controls are being imported, the prop names should be "label" instead of "place" and the a1 statement paragraph should include <insert>. Also, remove a debugging message.
Unselected parent could have multiple children that are selected, so data type of template must accommodate multiple elements.
* Deleted duplicate `metaschema_datatypes` file * Added spec test adr and prototype spec test file * Spec test harness and minimal example
Thanks for catching this, @nikitawootten-nist.
…backwards compatible.
Bumps [actions/github-script](https://github.com/actions/github-script) from 6.4.1 to 7.0.1. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@d7906e4...60a0d83) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.8.1 to 4.0.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@5e21ff4...8f152de) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) from 3.6.0 to 3.6.1. - [Commits](apache/maven-dependency-plugin@maven-dependency-plugin-3.6.0...maven-dependency-plugin-3.6.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-dependency-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@8ade135...b4ffde6) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [build/metaschema-xslt](https://github.com/usnistgov/metaschema-xslt) from `bd4359a` to `7d9fbfa`. - [Commits](usnistgov/metaschema-xslt@bd4359a...7d9fbfa) --- updated-dependencies: - dependency-name: build/metaschema-xslt dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This ADR documents the team's decision regarding the simplified system lifecycle to be used in the tutorials.
* Flatten codeowners * Update CODEOWNERS with feedback from the team
…1949 (#1952) * Two additional allowed values for catalog/group/part/@name and catalog/group/control/part/@name * aligned the description of group/part@name='statement' and control/part@name='statement' * Fixed typo in the oscal_ssp_metaschema and updated controversial constraint for group/part in oscal_catalog_metaschema * Update src/metaschema/oscal_catalog_metaschema.xml Fixed grammar. Co-authored-by: Chris Compton <[email protected]> --------- Co-authored-by: Iorga <[email protected]> Co-authored-by: Chris Compton <[email protected]>
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 4. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@v3...v4) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [ajv-formats](https://github.com/ajv-validator/ajv-formats) from 2.1.1 to 3.0.1. - [Release notes](https://github.com/ajv-validator/ajv-formats/releases) - [Commits](ajv-validator/ajv-formats@v2.1.1...v3.0.1) --- updated-dependencies: - dependency-name: ajv-formats dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Will test in the pipeline
markdown-link-check seems to have intermittent errors when checking multiple files at a time. This change might be a workaround.
Bumps [markdown-link-check](https://github.com/tcort/markdown-link-check) from 3.11.2 to 3.12.2. - [Release notes](https://github.com/tcort/markdown-link-check/releases) - [Changelog](https://github.com/tcort/markdown-link-check/blob/master/CHANGELOG.md) - [Commits](tcort/markdown-link-check@v3.11.2...v3.12.2) --- updated-dependencies: - dependency-name: markdown-link-check dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) from 3.6.1 to 3.7.0. - [Release notes](https://github.com/apache/maven-dependency-plugin/releases) - [Commits](apache/maven-dependency-plugin@maven-dependency-plugin-3.6.1...maven-dependency-plugin-3.7.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-dependency-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.2 to 4.1.7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@9bb5618...692973e) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.6.0 to 1.0.2. - [Release notes](https://github.com/actions/add-to-project/releases) - [Commits](actions/add-to-project@0609a27...244f685) --- updated-dependencies: - dependency-name: actions/add-to-project dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.0.2 to 4.0.3. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@60edb5d...1e60f62) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) from 3.7.1 to 3.8.0. - [Release notes](https://github.com/apache/maven-dependency-plugin/releases) - [Commits](apache/maven-dependency-plugin@maven-dependency-plugin-3.7.1...maven-dependency-plugin-3.8.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-dependency-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
…e with a broken link.
…. These values are required and can cause errors in processing within some tools.
By rebasing I reintroduced the deprecated CamelCase datatype variant. This change reintroduces the new kebab case preferred in Metaschema models, per @imichael's request during code review.
This change also relates to #1922. FedRAMP staff have analyzed the progression of this constraint as it pertains FedRAMP's tailored use of NIST SP 800-53 controls customized for FedRAMP processes. Previously, it was believed with a representation of a SSP prior to the "this-system" component construct that limiting the protocol assembly usage to _only_ components of service type was feasible. However, this does not allow homogenous this-system-based SSPs to have the same requirement. Moreover this limits the ability of understandbly different sub-component of components approaches with complex multi-layered architecture to have non-service components document their ports and have it filter up into later transformation and processing by OSCAL-enabled tools. For both reasons, we recommend removing this constraint. Staff reviewed historical documentation and believed this constraint to be an overreach of a previous business rule recommended by FedRAMP staff during collaboration with NIST.
Per discussion with community members and the nature of port, protocol, and service declarations in a OSCAL SSP model instances for RMF use cases, like FedRAMP and others. It would appear the model, per the Metaschema declarations and documentation, require a port range has a name that is commonly the IANA service name, which should be optional. Otherwise, developers and security officials will need to create an arbitrary name that does not strictly conform to the documentation. More details can be found in the issue thread referenced below by URL. #1772 (comment)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@692973e...11bd719) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.0.3 to 4.1.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@1e60f62...39370e3) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) from 3.8.0 to 3.8.1. - [Release notes](https://github.com/apache/maven-dependency-plugin/releases) - [Commits](apache/maven-dependency-plugin@maven-dependency-plugin-3.8.0...maven-dependency-plugin-3.8.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-dependency-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Committer Notes
Per the patch release guidance at: https://github.com/usnistgov/OSCAL/wiki/OSCAL-Patch-(Hot-Fix)-Release-Checklist, the PR is merging all commits prepared for this patch release from
developintorelease-1.1All Submissions:
By submitting a pull request, you are agreeing to provide this contribution under the CC0 1.0 Universal public domain dedication.
(For reviewers: The wiki has guidance on code review and overall issue review for completeness.)
Changes to Core Features: