refact: upgrade a string of dependencies to address CVEs report & clean code #110
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov Report
@@ Coverage Diff @@
## master #110 +/- ##
=========================================
Coverage 93.15% 93.15%
Complexity 65 65
=========================================
Files 9 9
Lines 263 263
Branches 22 22
=========================================
Hits 245 245
Misses 8 8
Partials 10 10 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
coderzc
previously approved these changes
Oct 19, 2022
use `apache-rat:check` to see the report and fix current license problems TODO: we should add & use apache-rat plugin in other repos later BTW, we'd reuse such configs better (rather than copy them in each repo)
This reverts commit e58f5d4.
imbajin
changed the title
imbajin
commented
Oct 20, 2022
Comment on lines
-63
to
+77
| <log4j2.version>2.17.0</log4j2.version> | ||
| <log4j2.version>2.18.0</log4j2.version> | ||
| <commons.configuration.version>1.10</commons.configuration.version> | ||
| <commons.configuration2.version>2.3</commons.configuration2.version> | ||
| <commons.configuration2.version>2.8.0</commons.configuration2.version> | ||
| <commons.beanutils.version>1.9.4</commons.beanutils.version> | ||
| <commons.collections.version>3.2.2</commons.collections.version> | ||
| <commons.io.version>2.7</commons.io.version> | ||
| <commons.codec.version>1.11</commons.codec.version> | ||
| <guava.version>25.1-jre</guava.version> | ||
| <commons.codec.version>1.13</commons.codec.version> | ||
| <guava.version>30.0-jre</guava.version> | ||
| <javax.json.version>1.0</javax.json.version> | ||
| <jsr305.version>3.0.1</jsr305.version> | ||
| <javassist.version>3.28.0-GA</javassist.version> | ||
| <jersey.version>3.0.3</jersey.version> | ||
| <jersey.hk2.version>3.0.3</jersey.hk2.version> | ||
| <jackson.version>2.12.1</jackson.version> | ||
| <junit.version>4.12</junit.version> | ||
| <jackson.version>2.14.0-rc1</jackson.version> | ||
| <junit.version>4.13.1</junit.version> |
There was a problem hiding this comment.
contains a lot of CVE problems alerts (high impact)
and ignore commons.collections.version (3.x) now because it changed package name in version 4.x (someone could address it in future)
imbajin
changed the title
imbajin
changed the title
imbajin
changed the title
imbajin
added
enhancement
javeme
approved these changes
Oct 21, 2022
corgiboygsj
approved these changes
Oct 26, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fix #109 and other security problems in CVE202x , also pick little codes from #108
Note: after use
junit-2.13, someassert-api's error messages has changed, check it in other repos (and avoid use long & fixed error message)