Hey hey, If you have an arm64 or arm32 bit machine, I would ❤️ your help in testing out some pact-broker images for me. Drop me a shout in a 🧵 if you do, you can see my cookie trail 🍪 above 👆

Hi, I wonder if I can publish the provider’s verification results ‘manually’/curl to a self-hosted Broker 🤔 1- First I can run the verification and store the results as a JSON file, per example:

pact-provider-verifier #{_contract_json_file_} --provider #{_pacticipant_} --provider-base-url '<http://localhost:3000/>' -v --out #{_results_json_file_}

2- Then gather the verification results file and push it to the broker, per example:

curl -v -X PUT -H "Content-Type: application/json" -d @#{_results_json_file_} #{_broker_}/pacts/provider/#{_pacticipant_}/consumer/#{_service_consumer_}/version/#{_app_version_}/verification-results

Thanks a lot in advance for any advice you can provide me.

@Matt (pactflow.io / pact-js / pact-go) @Bas Dijkstra: do we any similar package(au.com.dius.pact.consumer) in dotnet as we have for Java project used in this example https://github.com/pactflow/example-consumer-java-kafka/blob/master/src/test/java/io/pactflow/example/kafka/ProductsPactTest.java

Hi everybody, I have a couple of questions about the can-I-deploy tool: 1. As an example, I have multiple released + supported versions of a consumer and a provider in production. I now want to release a new version of the provider, how does the can-I-deploy tool figure out if I can release? Does it just check though the provider verification results and only allow release if the new provider is completely backwards compatible with ALL consumer releases? 2. Second example, I have multiple deployed consumer versions each with an application instance, and multiple versions of provider each with an application instance. Now I want to deploy a new provider version onto one of the instances, does this new version need to be compatible with all deployed versions of the consumer?

hi! any ideas about

cannot execute INSERT in a read-only transaction

or

2023-04-25 16:17:28.880483 E [8:puma srv tp 001 logging.rb:48] PactBroker::Errors::ErrorLogger -- Error reference dDCSJbtIGT -- Exception: Sequel::DatabaseError: PG::ReadOnlySqlTransaction: ERROR:  cannot execute INSERT in a read-only transaction

Apologies for the cross-post, wasn't sure where it belongs: https://pact-foundation.slack.com/archives/CLS16AVEE/p1682462165874079

Hi, the webhook from pact broker is getting triggered but is not executing the Jenkins Job and giving "Authentication required" error from Jenkins. I think to solve this, we might have to provide the username:password in Jenkins URL for authentication, however this seems to be an insecure way of accessing Jenkins as we are hardcoding the password in the URL (which gets reflected in webhook logs). Is there any other way of authenticating the webhook URL in Pact Broker?

party yak being 🪒 today!

#607 chore: support prerelease Pull request opened by bethesque pact-foundation/pact_broker GitHub Actions: rubocop GitHub Actions: pact-verify GitHub Actions: bundle-audit GitHub Actions: postgres (9.6) GitHub Actions: postgres (14) GitHub Actions: mysql GitHub Actions: sqlite (3.2) GitHub Actions: sqlite (2.7) GitHub Actions: postgres (9.6) GitHub Actions: postgres (14) GitHub Actions: sqlite (3.2) GitHub Actions: sqlite (2.7) GitHub Actions: mysql ✅ 4 other checks have passed 4/17 successful checks

#598 chore(deps): Use same versions of AlpineLinux and Bundler… Pull request opened by jorander … in dev Docker-files as in pact-broker-docker. pact-foundation/pact_broker ✅ All checks have passed 9/9 successful checks

#132 chore(deps): bump pg from 1.4.6 to 1.5.3 in /pact_broker Pull request opened by dependabot[bot] Bumps pg from 1.4.6 to 1.5.3. Changelog Sourced from pg's changelog.

v1.5.3 [2023-04-28] Lars Kanis lars@greiz-reinsdorf.de

• Fix possible segfault when creating a new PG::Result with type map. #530

• Add category to deprecation warnings of Coder.new, so that they are suppressed for most users. #528

v1.5.2 [2023-04-26] Lars Kanis lars@greiz-reinsdorf.de

• Fix regression in copy_data regarding binary format when using no coder. #527

v1.5.1 [2023-04-24] Lars Kanis lars@greiz-reinsdorf.de

• Don't overwrite flags of timestamp coders. #524 Fixes a regression in rails: rails/rails#48049

v1.5.0 [2023-04-24] Lars Kanis lars@greiz-reinsdorf.de

Enhancements:

• Better support for binary format:

• Extend PG::Connection#copy_data to better support binary transfers #511

• Add binary COPY encoder and decoder:

• PG:BinaryEncoder:CopyRow

• PG:BinaryDecoder:CopyRow

• Add binary timestamp encoders:

• PG:BinaryEncoder:TimestampUtc

• PG:BinaryEncoder:TimestampLocal

• PG:BinaryEncoder:Timestamp

• Add PG:BinaryEncoder:Float4 and Float8

• Add binary date type: #515

• PG:BinaryEncoder:Date

• PG:BinaryDecoder:Date

• Add PG::Result#binary_tuples #511 It is useful for COPY and not deprecated in that context.

• Add PG:TextEncoder:Bytea to BasicTypeRegistry #506

• Ractor support: #519

• Pg is now fully compatible with Ractor introduced in Ruby-3.0 and doesn't use any global mutable state.

• All type en/decoders and type maps are shareable between ractors if they are made frozen by

Ractor.make_shareable

.

• Also frozen PG::Result and PG::Tuple objects can be shared.

• All frozen objects (except PG::Connection) can still be used to do communication with the PostgreSQL server or to read retrieved data.

• PG::Connection is not shareable and must be created within each Ractor to establish a dedicated connection.

• Use keyword arguments instead of hashes for Coder initialization and #to_h. #511

• Add PG::Result.res_status as a class method and extend Result#res_status to return the status of self. #508

• Reduce the number of files loaded at

require 'pg'

by using autoload. #513 Previously stdlib libraries

date

,

json

,

ipaddr

and

bigdecimal

were static dependencies, but now only

socket

is mandatory.

• Improve garbage collector performance by adding write barriers to all PG classes. #518 Now they can be promoted to the old generation, which means they only get marked on major GC.

• New method PG::Connection#check_socket to check the socket state. #521

... (truncated) Commits • `364e5f8` Add pg-1.5.3 to History.md • `df9211d` Bump VERSION to 1.5.3 • `4764bc4` Merge pull request #531 from larskanis/fix-530 • `2b09abb` Remove unnecessary check for NULL pointer • `2238724` Avoid doing complex operations in RB_OBJ_WRITE macro call • `38b4318` Fix possible segfault when creating new PG::Result • `2b87db5` Make some PG::Result method definitions static • `f23782f` Merge pull request #529 from larskanis/fir-warn-on-trufferuby • `83990c6` Fix sporadic spec error on Windows • `9ded3b9` Fix error on warn with category on Truffleruby • Additional commits viewable in compare view Dependabot compatibility score Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) pact-foundation/pact-broker-docker ✅ All checks have passed 4/4 successful checks

Release - Version 2.107.0.beta.1 New release published by github-actions[bot] pact-foundation/pact_broker

#133 chore: update base image to ruby 3.2.1 Pull request opened by bethesque pact-foundation/pact-broker-docker ✅ All checks have passed 4/4 successful checks

Release - Version 2.107.0 New release published by github-actions[bot] pact-foundation/pact_broker

#134 [Snyk] Security upgrade pact_broker from 2.107.0 to 2.107.0 Pull request opened by snyk-bot Snyk has created this PR to fix one or more vulnerable packages in the

rubygems

dependencies of this project. Changes included in this PR • Changes to the following files to upgrade the vulnerable dependencies to a fixed version: • pact_broker/Gemfile.lock Vulnerabilities that will be fixed With an upgrade: (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. * * * Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs. For more information: https://camo.githubusercontent.com/1d8a146ba419bdb75886deb1934c85edeeca2c346ba6ac837c4cdc848d3a7942/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f6949344d4468685a544e685a53316c4f474d314c5451355a475974596d59335a43316c5a4749354e6d55314d3246684e444d694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496a67774f47466c4d32466c4c575534597a55744e446c6b5a6931695a6a646b4c57566b596a6b325a54557a595745304d794a3966513d3d 🧐 View latest project report 🛠️ Adjust project settings 📚 Read more about Snyk's upgrade and patch logic * * * Learn how to fix vulnerabilities with free interactive lessons: 🦉 Learn about vulnerability in an interactive lesson of Snyk Learn. pact-foundation/pact-broker-docker ✅ All checks have passed 6/6 successful checks

Release - Version 2.107.1 New release published by github-actions[bot] Bug Fixes • add missing require in migration (</pact-foundation/pact_broker/commit/6b540235|6b540235>) pact-foundation/pact_broker

#135 [Snyk] Security upgrade pact_broker from 2.107.1 to 2.107.1 Pull request opened by mefellows This PR was automatically created by Snyk using the credentials of a real user. Snyk has created this PR to fix one or more vulnerable packages in the

rubygems

dependencies of this project. Changes included in this PR • Changes to the following files to upgrade the vulnerable dependencies to a fixed version: • pact_broker/Gemfile.lock Vulnerabilities that will be fixed With an upgrade: (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. * * * Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs. For more information: https://camo.githubusercontent.com/3532d824b425f6e4285d5ca28b8c43f94e5abfc100a260571694dae7f8a73a46/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f694a6b5a6a4d345a544d304f5330314e6a566d4c54526959544d74596d526a4e43307a5a4455774e4445354e6a6b315a4759694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496d526d4d7a686c4d7a51354c5455324e5759744e474a684d7931695a474d304c544e6b4e5441304d546b324f54566b5a694a3966513d3d 🧐 View latest project report 🛠️ Adjust project settings 📚 Read more about Snyk's upgrade and patch logic * * * Learn how to fix vulnerabilities with free interactive lessons: 🦉 Learn about vulnerability in an interactive lesson of Snyk Learn. pact-foundation/pact-broker-docker ✅ All checks have passed 6/6 successful checks

#114 Fix next tag calculation for automated release Issue created by bethesque The automatic version calculation code is broken because docker hub no longer allows public API access. The code in

script/release/next-docker-tag.sh

needs to be updated to use the git tags instead. pact-foundation/pact-broker-docker

#106 Vulnerability issues with pact-broker-docker:latest and 2.106.0.1 Issue created by nick130589 Pre issue-raising checklist I have already (please mark the applicable with an

x

): ☑︎ Confirmed this is the right place to raise the issue - only issues related to the Dockerization of the Pact Broker should be raised here. Issues related to the Pact Broker application itself should be raised in the Pact Broker project. ☑︎ Upgraded to the latest Pact Broker Docker image OR ☑︎ Checked the </CHANGELOG.md|CHANGELOG> to see if the issue I am about to raise has been fixed ☑︎ Read the Troubleshooting page Software versions • pact-broker gem version: 2.106.0.1 • pact-broker docker version: 2.106.0.1 Expected behaviour The image doesn't contain critical, high and medium vulnerabilities Actual behaviour The following non-operating system vulnerabilities were found: Critical: CVE-2022-37434 - Package zlib 1.1.0 - /usr/local/lib/ruby/gems/2.7.0/specifications/default/zlib-1.1.0.gemspec High: CVE-2018-25032 - Package zlib 1.1.0 - /usr/local/lib/ruby/gems/2.7.0/specifications/default/zlib-1.1.0.gemspec High: CVE-2020-36327 - Package bundler 2.1.4 - /usr/local/lib/ruby/gems/2.7.0/specifications/default/bundler-2.1.4.gemspec High: CVE-2021-43809 - Package bundler 2.1.4 - /usr/local/lib/ruby/gems/2.7.0/specifications/default/bundler-2.1.4.gemspec Medium: VULNDB-219586 - Package psych 3.1.0 - Fix: psych 3.2.0 Steps to reproduce Perform scan docker image by https://sysdig.com/ scanner Relevent log files N/A pact-foundation/pact-broker-docker

#104 Upgrade to Alpine Linux ver 3.17 Issue created by jorander Pre issue-raising checklist I have already (please mark the applicable with an

x

): ☑︎ Confirmed this is the right place to raise the issue - only issues related to the Dockerization of the Pact Broker should be raised here. Issues related to the Pact Broker application itself should be raised in the Pact Broker project. ☑︎ Upgraded to the latest Pact Broker Docker image OR ☑︎ Checked the </CHANGELOG.md|CHANGELOG> to see if the issue I am about to raise has been fixed ☑︎ Read the Troubleshooting page Software versions • pact-broker gem version: 2.106.0 • pact-broker docker version: 2.106.0.0 Expected behaviour Use Alpine Linux 3.17 to avoid security issues related to version 3.16. Actual behaviour Alpine Linux 3.16 contains several packages (mariadb-deb, sqlite, libxml2) with reported CVE:s with severity level Critical and High. Steps to reproduce Scan the docker image with Jfrog Xray. Relevent log files N/A pact-foundation/pact-broker-docker

#94 Can MariaDB be removed from list of dependencies? Issue created by jorander Pre issue-raising checklist I have already (please mark the applicable with an

x

): ☑︎ Confirmed this is the right place to raise the issue - only issues related to the Dockerization of the Pact Broker should be raised here. Issues related to the Pact Broker application itself should be raised in the Pact Broker project. ☑︎ Upgraded to the latest Pact Broker Docker image OR ☑︎ Checked the </CHANGELOG.md|CHANGELOG> to see if the issue I am about to raise has been fixed ☑︎ Read the Troubleshooting page Software versions • pact-broker docker version: 2.105.0.1 Expected behaviour No known vulnerabilities. Actual behaviour The documentation for setting up database connectivity describes PostgreSQL (for production) and SQLite (for testing), but it doesn't mention MariaDB. Still the

mariadb-dev

package is brought in as a dependency in the Docker image. MariaDB version 10.6.10 seems to have quite a few security issues, some not fixed in later versions either. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27385 • https://jira.mariadb.org/browse/MDEV-26911 • https://jira.mariadb.org/browse/MDEV-27001 • https://jira.mariadb.org/browse/MDEV-26956 • https://jira.mariadb.org/browse/MDEV-26589 • https://jira.mariadb.org/browse/MDEV-26590 • https://jira.mariadb.org/browse/MDEV-26556 • https://jira.mariadb.org/browse/MDEV-26561 • https://jira.mariadb.org/browse/MDEV-26574 Question: Is MariaDB used for some internal tasks, or could it be removed from the pact-broker-docker image? Steps to reproduce Security scan provided by Jfrog Xray. Relevent log files N/A pact-foundation/pact-broker-docker

#600 Security Vulnerabilities with the latest docker image Issue created by Yogesh-BK The latest docker image for pact-broker contains security vulnerabilities. I have already (please mark the applicable with an

x

): ☑︎ Upgraded to the latest Pact Broker OR ☑︎ Checked the CHANGELOG to see if the issue I am about to raise has been fixed ☐ Created an executable example that demonstrates the issue using either a: • Dockerfile • Git repository with a Travis or Appveyor (or similar) build Software versions • pact-broker docker version: eg latest • OS: e.g. Mac OSX 13.1 Expected behaviour Docker image with no security vulnerabilities Actual behaviour Docker image which contains security vulnerabilities (including high and medium) Steps to reproduce

1. Install a tool named [trivy](<https://github.com/aquasecurity/trivy>) which is used to scan docker images for security vulnerabilities.
 2. Scan the pact broker image for vulnerabilities with the below command

trivy image pactfoundation/pact-broker:latest

3. This will give the vulnerabilities

Scan Result | Security Vulnerabilities pact-foundation/pact_broker

#599 Upgrade to at least Ruby 3.1.3 Issue created by jorander Pre issue-raising checklist I have already (please mark the applicable with an

x

): ☑︎ Upgraded to the latest Pact Broker OR ☑︎ Checked the CHANGELOG to see if the issue I am about to raise has been fixed ☐ Created an executable example that demonstrates the issue using either a: • Dockerfile • Git repository with a Travis or Appveyor (or similar) build Software versions • pact-broker gem version: 2.106.0 Expected behaviour Pact Broker runs on Ruby 3.1.3 or higher. Actual behaviour Pact Broker runs on Ruby 2.7.7 which prevents using an official Ruby docker image based on Alpine Linux 3.17. See pact-broker-docker issue #104. Steps to reproduce N/A Relevant log files N/A pact-foundation/pact_broker

Thanks a ton for the new Pact-Broker-Docker version released. As of now our tools does not indicate any security flaws. Great work everyone involved! We will install and start testing shortly.

#608 chore: Add redundant conditional linting rule to rubocop Pull request opened by Inksprout This PR adds the linting rule "RedundantConditional" to rubocop. This rule will help improve code quality. pact-foundation/pact_broker ✅ All checks have passed 19/19 successful checks

Hello! Is it possible to provide several pacticipants in the record-deployment? Like:

pact-broker record-deployment
--pacticipant="my-pacticipant-1"
--pacticipant="my-pacticipant-2"
--version="1"
--environment="test"
--broker-base-url="<http://pactflow.com|pactflow.com>"
--broker-token="123"
--verbose

Hello! We use the

Read/write token (CI)

in our builds to publish pacts. We get the following error message:

Forbidden. Either you are using a read only token for a request that requires a write token (the most likely cause), or you do not have the required permissions.

. What could be the issue?

Hi all, in pact broker, is it possible to use wildcard search for participant names? e.g. my participants are named

system.subsystem

I want to fetch all the contracts with consumer names which matches "`system.*`"? Thanks!

Hi team, the can-i-deploy is incorrectly fetching the verification result and giving a false success. The pact verification as per the broker and the jenkins logs, has failed for Consumer A and Provider B, but the Can-i-deploy is showing it as a success. How to sort this out please?

#123 Multi manifest build - arm64/arm (new) + amd64 (current) Pull request opened by YOU54F closes #30 create and publish arm64 + arm versions of pact cli and pact broker docker images for use in raspberry Pi's / mac m1/2 etc. currently publishing to personal docker hub acc for testing • https://hub.docker.com/r/you54f/pact-broker Related • pact-foundation/pact-ruby-cli#51 • https://hub.docker.com/r/you54f/pact-cli • pact-foundation/pact-ruby-cli#98 Have spun up the images briefly but would warrant some decent testing Have spun up the images briefly on an m1 pro macbook but would warrant some decent testing - I have several pi's (3b+ and 4) so will give them a whirl Fancy giving it a test, try

docker pull you54f/pact-broker

and let us know how you get on it the thread. Testing I have tested now across 32 bit rasp pi / arm64 macos + plus various arm64 linux vm's. Only one issue found so far, has been

nokogiri

gem failing to load, under alpine for arm, easily reproducible by clicking on the example api and it blew up when viewing the network graph. Turns out we needed the

gcompat

library adding. sparklemotion/nokogiri#2414 (comment) pact-foundation/pact-broker-docker GitHub Actions: test ✅ 1 other check has passed 1/2 successful checks