Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bumped version of guava from 27.1-jre to 30.1-jre - CVE-2020-8908 - CWE-200 #3276

Merged
merged 1 commit into from
Mar 17, 2021
Merged

Bumped version of guava from 27.1-jre to 30.1-jre - CVE-2020-8908 - CWE-200 #3276

merged 1 commit into from
Mar 17, 2021

Conversation

Coduz
Copy link
Contributor

@Coduz Coduz commented Mar 16, 2021

This PR bumps the version of Google Guava from 27.1-jre to 30.1-jre.

Related Issue
None

Description of the solution adopted
Just changed the version and removed org.codehaus.mojo:animal-sniffer-annotations from the exclusions since 30.1-jre no longer depends on that dependency: https://mvnrepository.com/artifact/com.google.guava/guava/30.1-jre

CQ on which we can piggyback: 23002

Screenshots
None

Any side note on the changes made
None

@Coduz
Bumped version of guava to 30.1-jre - CVE-2020-8908 - CWE-200
3a01627 
Signed-off-by: Alberto Codutti <alberto.codutti@eurotech.com>
@Coduz Coduz added Security This issue/PR has some security critical aspect and should be issued as soon as possible Dependencies PR that updates dependencies. Be on the edge! labels Mar 16, 2021
@Coduz Coduz requested a review from lorthirk March 16, 2021 10:11
@codecov
Copy link

codecov bot commented Mar 16, 2021
edited
Loading

Codecov Report

Merging #3276 (3a01627) into develop (3eefc99) will decrease coverage by 26.05%.
The diff coverage is n/a.

Impacted file tree graph

@@              Coverage Diff               @@
##             develop    #3276       +/-   ##
==============================================
- Coverage      51.47%   25.41%   -26.06%     
+ Complexity       764      654      -110     
==============================================
  Files           1467     1467               
  Lines          29943    29943               
  Branches        2504     2504               
==============================================
- Hits           15414     7611     -7803     
- Misses         13657    21729     +8072     
+ Partials         872      603      -269
Impacted Files Coverage Δ Complexity Δ
...rc/main/java/org/eclipse/kapua/KapuaException.java 0.00% <0.00%> (-100.00%) 0.00% <0.00%> (ø%)
...c/main/java/org/eclipse/kapua/KapuaErrorCodes.java 0.00% <0.00%> (-100.00%) 0.00% <0.00%> (ø%)
...in/java/org/eclipse/kapua/broker/BrokerDomain.java 0.00% <0.00%> (-100.00%) 0.00% <0.00%> (ø%)
...ain/java/org/eclipse/kapua/event/ServiceEvent.java 0.00% <0.00%> (-100.00%) 0.00% <0.00%> (ø%)
...n/java/org/eclipse/kapua/broker/BrokerDomains.java 0.00% <0.00%> (-100.00%) 0.00% <0.00%> (ø%)
...va/org/eclipse/kapua/commons/util/SystemUtils.java 0.00% <0.00%> (-100.00%) 0.00% <0.00%> (ø%)
...n/java/org/eclipse/kapua/model/domain/Actions.java 0.00% <0.00%> (-100.00%) 0.00% <0.00%> (ø%)
.../java/org/eclipse/kapua/message/KapuaPosition.java 0.00% <0.00%> (-100.00%) 0.00% <0.00%> (ø%)
.../java/org/eclipse/kapua/KapuaRuntimeException.java 0.00% <0.00%> (-100.00%) 0.00% <0.00%> (ø%)
.../java/org/eclipse/kapua/model/query/SortOrder.java 0.00% <0.00%> (-100.00%) 0.00% <0.00%> (ø%)
... and 546 more

@Coduz Coduz merged commit 78fe7c8 into eclipse-kapua:develop Mar 17, 2021
@Coduz Coduz deleted the chng-bumpGuavaVersionTo30.1-jre branch March 17, 2021 08:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lorthirk lorthirk Awaiting requested review from lorthirk

Assignees
No one assigned
Labels
Dependencies PR that updates dependencies. Be on the edge! Security This issue/PR has some security critical aspect and should be issued as soon as possible
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Coduz