Merge branch 'master' into OverrideCommentFromDatatypeProfile

FHIR · Nov 25, 2024 · e3d98af · e3d98af
2 parents 8f56736 + b894af2
commit e3d98af
Show file tree

Hide file tree

Showing 224 changed files with 25,855 additions and 558 deletions.
diff --git a/.github/workflows/owasp.yml b/.github/workflows/owasp.yml
@@ -13,17 +13,17 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - run: |
           mvn -DskipTests install -P OWASP_CHECK
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           # Path to SARIF file relative to the root of the repository
           sarif_file: target/dependency-check-report.sarif
           # Optional category for the results
           # Used to differentiate multiple results for one commit
 
-          category: OWASP-dependency-check
+          category: OWASP-dependency-check
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -14,10 +14,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Run static analysis
         uses: aquasecurity/trivy-action@master
+        env:
+          # Workaround for rate limiting on ghcr. Use these two entries for ghcr related TOOMANYREQUESTS errors.
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
         with:
           scan-type: 'fs'
           vuln-type: 'library'
@@ -29,7 +33,7 @@ jobs:
 
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'
           category: 'code'
diff --git a/README.md b/README.md
@@ -30,6 +30,20 @@ This repository contains:
 * validator - test cases for the cross-version validation
 * target - maven administrative stuff
 
+
+## FHIR Foundation Project Statement
+
+* Maintainers: Grahame Grieve
+* Issues / Discussion: Various, but primarily https://chat.fhir.org/#narrow/stream/179239-tooling
+* License: The contents in here are covered by Creative Commons Public Domain
+* Contribution Policy: See below
+* Security Information: There shouldn't be any security issues, since this is all static content, but if there are any, use the standard github [security reporting framework](security.md) 
+
+## Contribution Policy
+
+* Contributions are welcome, but are almost always tied to contributions made to the repositories that use this material as part of their test regime. 
+* All contributions must be made in public through this github as a PR, or as comments on other Github repositories, or on a public zulip channel
+
 ## Accessing the test cases
 
 You can access the test cases via Maven. If using Maven doesn't suit, then 

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,5 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please report all potential security vulnerabilities using the [Report a vulnerability](../../security/advisories/new) button in the [Security](../../security) section of this repository. 
diff --git a/master-branch-pipeline.yml b/master-branch-pipeline.yml
@@ -98,6 +98,7 @@ steps:
   # Deploy the SNAPSHOT artifact to GitHub packages.
   # This is done for the master branch merges only.
   - task: Maven@4
+    enabled: false
     displayName: 'Deploy $(module) to Sonatype staging'
     inputs:
       mavenPomFile: '$(System.DefaultWorkingDirectory)/pom.xml'

diff --git a/pom.xml b/pom.xml
@@ -5,7 +5,7 @@
 
 	<groupId>org.hl7.fhir.testcases</groupId>
 	<artifactId>fhir-test-cases</artifactId>
-	<version>1.5.25-SNAPSHOT</version>
+	<version>1.6.9-SNAPSHOT</version>
 	<packaging>jar</packaging>
 
 	<name>HL7 FHIR Test Cases</name>

diff --git a/r4b/snapshot-generation/ext-recursion-2-expected.xml b/r4b/snapshot-generation/ext-recursion-2-expected.xml
@@ -93,12 +93,6 @@
   <derivation value="constraint"/>
   <snapshot>
     <element id="Extension">
-      <extension url="http://hl7.org/fhir/StructureDefinition/structuredefinition-standards-status">
-        <valueCode value="normative"/>
-      </extension>
-      <extension url="http://hl7.org/fhir/StructureDefinition/structuredefinition-normative-version">
-        <valueCode value="4.0.0"/>
-      </extension>
       <path value="Extension"/>
       <short value="Optional Extensions Element"/>
       <definition value="Optional Extension Element - found in all resources."/>