Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgraded Jackson dependencies from 2.13.1 to 2.13.4/2.13.4.2 - CVE-2020-36518 CVE-2022-42003 CVE-2022-42004 #3645

Merged
merged 1 commit into from
Oct 27, 2022
Merged

Upgraded Jackson dependencies from 2.13.1 to 2.13.4/2.13.4.2 - CVE-2020-36518 CVE-2022-42003 CVE-2022-42004 #3645

merged 1 commit into from
Oct 27, 2022

Conversation

Coduz
Copy link
Contributor

@Coduz Coduz commented Oct 26, 2022

This PR upgrades Jackson dependencies from 2.13.1 to 2.13.4 (2.13.4.2 for jackson-databind artifact) solving following CVEs

Related Issue
None

Description of the solution adopted
Upgraded dependencies and added more explicit declaration of jackson dependencies.

Screenshots
None

Any side note on the changes made
None

@Coduz Coduz added CQ pending This PR needs a CQ to be approved from Eclipse before merging. Dependencies PR that updates dependencies. Be on the edge! labels Oct 26, 2022
@Coduz Coduz requested a review from stefanomorson October 26, 2022 14:33
@Coduz Coduz mentioned this pull request Oct 26, 2022
Closed
@Coduz Coduz added CQ approved The PR has passed CQ approvation and removed CQ pending This PR needs a CQ to be approved from Eclipse before merging. labels Oct 26, 2022
@codecov
Copy link

codecov bot commented Oct 26, 2022
edited
Loading

Codecov Report

Merging #3645 (82316e7) into develop (727c2c5) will decrease coverage by 29.99%.
The diff coverage is n/a.

❗ Current head 82316e7 differs from pull request most recent head ee7ee56. Consider uploading reports for the commit ee7ee56 to get more accurate results

Impacted file tree graph

@@              Coverage Diff               @@
##             develop    #3645       +/-   ##
==============================================
- Coverage      50.12%   20.13%   -30.00%     
+ Complexity       259        8      -251     
==============================================
  Files           1668     1668               
  Lines          31987    31987               
  Branches        2634     2634               
==============================================
- Hits           16034     6440     -9594     
- Misses         15017    24948     +9931     
+ Partials         936      599      -337
Impacted Files Coverage Δ
...rc/main/java/org/eclipse/kapua/KapuaException.java 0.00% <0.00%> (-100.00%) ⬇️
...c/main/java/org/eclipse/kapua/KapuaErrorCodes.java 0.00% <0.00%> (-100.00%) ⬇️
...in/java/org/eclipse/kapua/broker/BrokerDomain.java 0.00% <0.00%> (-100.00%) ⬇️
...java/org/eclipse/kapua/commons/util/ClassUtil.java 0.00% <0.00%> (-100.00%) ⬇️
...ain/java/org/eclipse/kapua/event/ServiceEvent.java 0.00% <0.00%> (-100.00%) ⬇️
...n/java/org/eclipse/kapua/broker/BrokerDomains.java 0.00% <0.00%> (-100.00%) ⬇️
...va/org/eclipse/kapua/commons/util/SystemUtils.java 0.00% <0.00%> (-100.00%) ⬇️
...n/java/org/eclipse/kapua/model/domain/Actions.java 0.00% <0.00%> (-100.00%) ⬇️
.../java/org/eclipse/kapua/KapuaRuntimeException.java 0.00% <0.00%> (-100.00%) ⬇️
.../java/org/eclipse/kapua/model/query/SortOrder.java 0.00% <0.00%> (-100.00%) ⬇️
... and 730 more

@Coduz Coduz merged commit b1ee22c into eclipse-kapua:develop Oct 27, 2022
@Coduz Coduz deleted the chng-bumpJacksonVersionTo2.13.4 branch October 27, 2022 07:46
@Coduz Coduz removed the CQ approved The PR has passed CQ approvation label Oct 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stefanomorson stefanomorson Awaiting requested review from stefanomorson

Assignees
No one assigned
Labels
Dependencies PR that updates dependencies. Be on the edge!
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Coduz