Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add constraint to transitive dependency commons-text #8071

Merged
merged 2 commits into from
Oct 25, 2022

Conversation

lbergelson
Copy link
Member

* This updates us from commons-text:1.6.0 -> 1.10.0 to fix a vulnerability
* fixes #8060
@lbergelson lbergelson marked this pull request as ready for review October 24, 2022 20:14
@lbergelson
Copy link
Member Author

@droazen I set it to exactly 1.10.0 in order to reduce potential issues.

Copy link
Contributor

@droazen droazen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lbergelson One comment for you

build.gradle Outdated
version {
strictly '1.10.0'
}
because 'previous versions have a nasty vulnerability'
Copy link
Contributor

@droazen droazen Oct 24, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe link to the nasty vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2022-42889)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@lbergelson lbergelson merged commit 61b817a into master Oct 25, 2022
@lbergelson lbergelson deleted the lb_update_commons_text branch October 25, 2022 15:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

CVE-2022-42889 in GATK 4.x ?
2 participants