Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgraded Gson dependencies from 2.7 to 2.10 - CVE-2022-25647 #3648

Merged
merged 1 commit into from
Oct 28, 2022
Merged

Upgraded Gson dependencies from 2.7 to 2.10 - CVE-2022-25647 #3648

merged 1 commit into from
Oct 28, 2022

Conversation

Coduz
Copy link
Contributor

@Coduz Coduz commented Oct 26, 2022

Upgraded Gson dependencies from 2.7 to 2.10 solving following CVEs:

Related Issue
None

Description of the solution adopted
Upgraded dependencies

Screenshots
None

Any side note on the changes made
None

@Coduz Coduz added CQ pending This PR needs a CQ to be approved from Eclipse before merging. Dependencies PR that updates dependencies. Be on the edge! labels Oct 26, 2022
@Coduz Coduz requested a review from stefanomorson October 26, 2022 15:43
@Coduz Coduz mentioned this pull request Oct 26, 2022
Closed
@codecov
Copy link

codecov bot commented Oct 27, 2022
edited
Loading

Codecov Report

Merging #3648 (5af5efa) into develop (b1ee22c) will decrease coverage by 25.80%.
The diff coverage is n/a.

❗ Current head 5af5efa differs from pull request most recent head ae2c651. Consider uploading reports for the commit ae2c651 to get more accurate results

Impacted file tree graph

@@              Coverage Diff               @@
##             develop    #3648       +/-   ##
==============================================
- Coverage      50.13%   24.32%   -25.81%     
+ Complexity       259       72      -187     
==============================================
  Files           1668     1668               
  Lines          31987    31987               
  Branches        2634     2634               
==============================================
- Hits           16036     7782     -8254     
- Misses         15016    23493     +8477     
+ Partials         935      712      -223
Impacted Files Coverage Δ
...rc/main/java/org/eclipse/kapua/KapuaException.java 0.00% <0.00%> (-100.00%) ⬇️
...c/main/java/org/eclipse/kapua/KapuaErrorCodes.java 0.00% <0.00%> (-100.00%) ⬇️
...in/java/org/eclipse/kapua/broker/BrokerDomain.java 0.00% <0.00%> (-100.00%) ⬇️
...java/org/eclipse/kapua/commons/util/ClassUtil.java 0.00% <0.00%> (-100.00%) ⬇️
...ain/java/org/eclipse/kapua/event/ServiceEvent.java 0.00% <0.00%> (-100.00%) ⬇️
...n/java/org/eclipse/kapua/broker/BrokerDomains.java 0.00% <0.00%> (-100.00%) ⬇️
...va/org/eclipse/kapua/commons/util/SystemUtils.java 0.00% <0.00%> (-100.00%) ⬇️
...n/java/org/eclipse/kapua/model/domain/Actions.java 0.00% <0.00%> (-100.00%) ⬇️
.../java/org/eclipse/kapua/KapuaRuntimeException.java 0.00% <0.00%> (-100.00%) ⬇️
.../java/org/eclipse/kapua/model/query/SortOrder.java 0.00% <0.00%> (-100.00%) ⬇️
... and 641 more

@Coduz
Copy link
Contributor Author

Coduz commented Oct 27, 2022

/request-license-review

@github-actions
Copy link

/request-license-review

License review requests:

After all reviews have concluded, re-run the license-vetting check from the Github Actions web-interface to update its status.

Workflow run (with attached summary files):
https://github.com/eclipse/kapua/actions/runs/3335338814

@Coduz Coduz added CQ approved The PR has passed CQ approvation and removed CQ pending This PR needs a CQ to be approved from Eclipse before merging. labels Oct 27, 2022
@Coduz
Upgraded Gson dependencies from 2.7 to 2.10 - CVE-2022-25647
ae2c651 
Signed-off-by: Alberto Codutti <alberto.codutti@eurotech.com>
@Coduz Coduz force-pushed the chng-bumpGsonVersionTo2.10 branch from 5f05329 to ae2c651 Compare October 27, 2022 12:58
@Coduz Coduz merged commit 9167469 into eclipse-kapua:develop Oct 28, 2022
@Coduz Coduz deleted the chng-bumpGsonVersionTo2.10 branch October 28, 2022 08:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stefanomorson stefanomorson Awaiting requested review from stefanomorson

Assignees
No one assigned
Labels
CQ approved The PR has passed CQ approvation Dependencies PR that updates dependencies. Be on the edge!
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Coduz