Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dependency: bumped version of Apache Commons Compress from 1.22 to 1.24.0 - CVE-2023-42503 #3866

Merged
merged 1 commit into from
Sep 18, 2023
Merged

dependency: bumped version of Apache Commons Compress from 1.22 to 1.24.0 - CVE-2023-42503 #3866

merged 1 commit into from
Sep 18, 2023

Conversation

Coduz
Copy link
Contributor

@Coduz Coduz commented Sep 15, 2023
edited
Loading

This PR bump the version of Apache Commons Compress from 1.22 to 1.24.0 solving following CVEs:

Related Issue
None

Description of the solution adopted
Changed to the latest version

Screenshots
None

Any side note on the changes made
None

@Coduz Coduz added the Dependencies PR that updates dependencies. Be on the edge! label Sep 15, 2023
@Coduz
Copy link
Contributor Author

Coduz commented Sep 15, 2023

/request-license-review

@github-actions
Copy link

/request-license-review

⚠️ Failed to request review of not vetted licenses.

Workflow run (with attached summary files):
https://github.com/eclipse/kapua/actions/runs/6199640145

@Coduz
dependency: Bumped version of Apache Commons Compress from 1.22 to 1.…
2dc7ab3 
…24.0 - CVE-2023-42503

Signed-off-by: Alberto Codutti <alberto.codutti@eurotech.com>
@Coduz Coduz force-pushed the chng-bumpApacheCommonsCompressTo1.24 branch from 6a4ee2a to 2dc7ab3 Compare September 15, 2023 15:02
@Coduz Coduz changed the title Bumped version of Apache Commons Compress from 1.22 to 1.24 - CVE-2023-42503 Bumped version of Apache Commons Compress from 1.22 to 1.24.0 - CVE-2023-42503 Sep 15, 2023
@codecov
Copy link

codecov bot commented Sep 15, 2023

Codecov Report

Merging #3866 (7a41498) into develop (6ef61f8) will not change coverage.
The diff coverage is n/a.

❗ Current head 7a41498 differs from pull request most recent head 2dc7ab3. Consider uploading reports for the commit 2dc7ab3 to get more accurate results

Impacted file tree graph

@@            Coverage Diff             @@
##             develop    #3866   +/-   ##
==========================================
  Coverage      20.59%   20.59%           
  Complexity         6        6           
==========================================
  Files           1936     1936           
  Lines          41532    41532           
  Branches        3945     3945           
==========================================
  Hits            8552     8552           
  Misses         32583    32583           
  Partials         397      397

@Coduz Coduz changed the title Bumped version of Apache Commons Compress from 1.22 to 1.24.0 - CVE-2023-42503 dependency: bumped version of Apache Commons Compress from 1.22 to 1.24.0 - CVE-2023-42503 Sep 15, 2023
@Coduz Coduz merged commit 2cc1568 into eclipse-kapua:develop Sep 18, 2023
@Coduz Coduz deleted the chng-bumpApacheCommonsCompressTo1.24 branch September 18, 2023 09:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Dependencies PR that updates dependencies. Be on the edge!
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Coduz