Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade protobuf-java to 3.19.6 #3946

Closed
wants to merge 1 commit into from

Conversation

k-mack
Copy link
Contributor

@k-mack k-mack commented Jun 2, 2023

Upgrade protobuf-java to 3.19.6 to remove presence of CVE-2022-3171, CVE-2022-3509, and CVE-2022-3510. Upgrade protoc-gen-grpc-java to 1.43.3 since it also depends on protobuf-java 3.19.6.

Closes #3945.

Upgrade protobuf-java to 3.19.6 to remove presence of CVE-2022-3171,
CVE-2022-3509, and CVE-2022-3510. Upgrade protoc-gen-grpc-java to 1.43.3
since it also depends on protobuf-java 3.19.6.
copybara-service bot pushed a commit that referenced this pull request Jun 8, 2023
Upgrade protobuf-java to 3.19.6 to remove presence of CVE-2022-3171, CVE-2022-3509, and CVE-2022-3510. Upgrade protoc-gen-grpc-java to 1.43.3 since it also depends on protobuf-java 3.19.6.

Closes #3945.

Fixes #3946

FUTURE_COPYBARA_INTEGRATE_REVIEW=#3946 from k-mack:protobuf-java-3.19.6 0039c56
PiperOrigin-RevId: 538782457
copybara-service bot pushed a commit that referenced this pull request Jun 8, 2023
Upgrade protobuf-java to 3.19.6 to remove presence of CVE-2022-3171, CVE-2022-3509, and CVE-2022-3510. Upgrade protoc-gen-grpc-java to 1.43.3 since it also depends on protobuf-java 3.19.6.

Closes #3945.

Fixes #3946

FUTURE_COPYBARA_INTEGRATE_REVIEW=#3946 from k-mack:protobuf-java-3.19.6 0039c56
PiperOrigin-RevId: 538782457
@copybara-service copybara-service bot closed this in 1e3f53d Jun 8, 2023
benkard pushed a commit to benkard/jgvariant that referenced this pull request Jun 18, 2023
This MR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [com.google.errorprone:error_prone_core](https://errorprone.info) ([source](https://github.com/google/error-prone)) |  | minor | `2.19.1` -> `2.20.0` |
| [com.google.errorprone:error_prone_annotations](https://errorprone.info) ([source](https://github.com/google/error-prone)) | compile | minor | `2.19.1` -> `2.20.0` |

---

### Release Notes

<details>
<summary>google/error-prone</summary>

### [`v2.20.0`](https://github.com/google/error-prone/releases/tag/v2.20.0): Error Prone 2.20.0

[Compare Source](google/error-prone@v2.19.1...v2.20.0)

Changes:

-   This release is compatible with early-access builds of JDK 21.

New Checkers:

-   [`InlineTrivialConstant`](https://errorprone.info/bugpattern/InlineTrivialConstant)
-   [`UnnecessaryStringBuilder`](https://errorprone.info/bugpattern/UnnecessaryStringBuilder)
-   [`BanClassLoader`](https://errorprone.info/bugpattern/BanClassLoader)
-   [`DereferenceWithNullBranch`](https://errorprone.info/bugpattern/DereferenceWithNullBranch)
-   [`DoNotUseRuleChain`](https://errorprone.info/bugpattern/DoNotUseRuleChain)
-   [`LockOnNonEnclosingClassLiteral`](https://errorprone.info/bugpattern/LockOnNonEnclosingClassLiteral)
-   [`MissingRefasterAnnotation`](https://errorprone.info/bugpattern/MissingRefasterAnnotation)
-   [`NamedLikeContextualKeyword`](https://errorprone.info/bugpattern/NamedLikeContextualKeyword)
-   [`NonApiType`](https://errorprone.info/bugpattern/NonApiType)

Fixes issues: [#&#8203;2232](google/error-prone#2232), [#&#8203;2243](google/error-prone#2243), [#&#8203;2997](google/error-prone#2997), [#&#8203;3301](google/error-prone#3301), [#&#8203;3843](google/error-prone#3843), [#&#8203;3903](google/error-prone#3903), [#&#8203;3918](google/error-prone#3918), [#&#8203;3923](google/error-prone#3923), [#&#8203;3931](google/error-prone#3931), [#&#8203;3945](google/error-prone#3945), [#&#8203;3946](google/error-prone#3946)

**Full Changelog**: google/error-prone@v2.19.1...v2.20.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about these updates again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4yNC4wIiwidXBkYXRlZEluVmVyIjoiMzQuMjQuMCJ9-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Several high CVEs related to dependency com.google.protobuf:protobuf-java:3.19.2
2 participants