Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgraded Netty dependencies from 4.1.60.Final to 4.1.84.Final - CVE-2021-21409 CVE-2021-37136 CVE-2021-37137 CVE-2021-43797 CVE-2022-24823 #3635

Merged
merged 1 commit into from
Oct 26, 2022
Merged

Upgraded Netty dependencies from 4.1.60.Final to 4.1.84.Final - CVE-2021-21409 CVE-2021-37136 CVE-2021-37137 CVE-2021-43797 CVE-2022-24823 #3635

merged 1 commit into from
Oct 26, 2022

Conversation

Coduz
Copy link
Contributor

@Coduz Coduz commented Oct 21, 2022

This PR updates Netty dependencies from 4.1.60.Final to 4.1.84 to solve following CVEs:

Related Issue
None

Description of the solution adopted
Updated dependencies

Screenshots
None

Any side note on the changes made
None

@Coduz Coduz added CQ pending This PR needs a CQ to be approved from Eclipse before merging. Dependencies PR that updates dependencies. Be on the edge! labels Oct 21, 2022
@Coduz Coduz requested a review from stefanomorson October 21, 2022 10:36
@Coduz
Copy link
Contributor Author

Coduz commented Oct 21, 2022

/request-license-review

@github-actions
Copy link

/request-license-review

License review requests:

After all reviews have concluded, re-run the license-vetting check from the Github Actions web-interface to update its status.

Workflow run (with attached summary files):
https://github.com/eclipse/kapua/actions/runs/3296760255

@codecov
Copy link

codecov bot commented Oct 21, 2022
edited
Loading

Codecov Report

Merging #3635 (fa326cb) into develop (a5600c1) will decrease coverage by 5.03%.
The diff coverage is n/a.

❗ Current head fa326cb differs from pull request most recent head 8fd4978. Consider uploading reports for the commit 8fd4978 to get more accurate results

Impacted file tree graph

@@              Coverage Diff              @@
##             develop    #3635      +/-   ##
=============================================
- Coverage      34.00%   28.96%   -5.04%     
+ Complexity       122       10     -112     
=============================================
  Files           1668     1668              
  Lines          31987    31987              
  Branches        2634     2634              
=============================================
- Hits           10877     9266    -1611     
- Misses         20552    21973    +1421     
- Partials         558      748     +190
Impacted Files Coverage Δ
...rc/main/java/org/eclipse/kapua/KapuaException.java 0.00% <0.00%> (-100.00%) ⬇️
...c/main/java/org/eclipse/kapua/KapuaErrorCodes.java 0.00% <0.00%> (-100.00%) ⬇️
...in/java/org/eclipse/kapua/broker/BrokerDomain.java 0.00% <0.00%> (-100.00%) ⬇️
...java/org/eclipse/kapua/commons/util/ClassUtil.java 0.00% <0.00%> (-100.00%) ⬇️
...ain/java/org/eclipse/kapua/event/ServiceEvent.java 0.00% <0.00%> (-100.00%) ⬇️
...n/java/org/eclipse/kapua/broker/BrokerDomains.java 0.00% <0.00%> (-100.00%) ⬇️
...va/org/eclipse/kapua/commons/util/SystemUtils.java 0.00% <0.00%> (-100.00%) ⬇️
...n/java/org/eclipse/kapua/model/domain/Actions.java 0.00% <0.00%> (-100.00%) ⬇️
.../java/org/eclipse/kapua/KapuaRuntimeException.java 0.00% <0.00%> (-100.00%) ⬇️
.../java/org/eclipse/kapua/model/query/SortOrder.java 0.00% <0.00%> (-100.00%) ⬇️
... and 582 more

@Coduz Coduz force-pushed the chng-bumpNettyVersionTo4.1.84.Final branch 4 times, most recently from 6aab3a3 to eba92fb Compare October 24, 2022 12:42
@Coduz
Upgraded Netty dependencies from 4.1.60.Final to 4.1.84.Final
8fd4978 
Signed-off-by: Alberto Codutti <alberto.codutti@eurotech.com>
@Coduz Coduz force-pushed the chng-bumpNettyVersionTo4.1.84.Final branch from eba92fb to 8fd4978 Compare October 25, 2022 14:56
@Coduz Coduz added CQ approved The PR has passed CQ approvation and removed CQ pending This PR needs a CQ to be approved from Eclipse before merging. labels Oct 26, 2022
This was referenced Oct 26, 2022
Closed
Closed
@Coduz Coduz merged commit 727c2c5 into eclipse:develop Oct 26, 2022
@Coduz Coduz deleted the chng-bumpNettyVersionTo4.1.84.Final branch October 26, 2022 13:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stefanomorson stefanomorson Awaiting requested review from stefanomorson

Assignees
No one assigned
Labels
CQ approved The PR has passed CQ approvation Dependencies PR that updates dependencies. Be on the edge!
Projects
Eclipse Kapua 1.7.0
Status: Done
Eclipse Kapua 2.0.0
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Coduz