searching lessons

The 694 FIRST robotics team is doing history webcasts. During today’s Joe and Seth were talking about how there used to be a “Looking Forward” post where 694 was listed as a favorite for the Hartford competition for the first time in 2009. Joe did a quick search and learned it was hard to find.

Since he was doing the webcast, he said he’d look later. I decided to look while I listened. It was hard. Here’s what I dd:

virtual scavenger hunt

Today at work, my team did a virtual scavenger hunt. I got the idea online, but I don’t remember where. What we did

Make the list

I had everyone post in the group chat one item to find. (I did this rather than making the list so I could play too!). We had:

  • a toy
  • toilet paper
  • a can of food
  • hand sanitizer
  • lysol
  • winnie the pooh
  • a book with exactly 8 words in the title
  • chocolate

Find items

Everyone then went off and got items. IT was fun int he video conference as people walked by with their stuff.

Show and tell

I then said each item and we held up what we had for that item. I combined hand sanitizer/lysol into one item. We chatted about some items. It was fun

In conclusion

Today I had a work task to find toilet paper. How many people can say that?

github – one of your dependencies has a security vulnerability

Yesterday, I committed a new project to github. I wasn’t paying attention and made a (mental) typo in typing the jackson-databind version number. I typed 2.2.3 instead of 2.10.3. The former is an old version with security vulnerabilities.

This meant I got to try out a new feature I had only read about – github informing you about the security issue in a dependency. Looking at the repo, I saw a nice yellow box – “We found potential security vulnerabilities in your dependencies. Only the owner of this repository can see this message”

GitHub also created a pull request offering to “Bump jackson-databind from 2.2.3 to 2.9.10.3”. I chose not to accept the pull request and choose the later version I intended – 2.10.3.

After pushing that change, the yellow box went away. GitHub even noticed that I updated the pom.xml and closed the pull request with the message “Looks like com.fasterxml.jackson.core:jackson-databind is up-to-date now, so this is no longer needed.”.

I then went into my gmail and deleted the 18 emails with the subject “One of your dependencies has a security vulnerability.” All of these emails arrived within two hours after I committed. That’s way too many notifications!