-
Notifications
You must be signed in to change notification settings - Fork 138
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump org.json dependency version #1586
Conversation
Signed-off-by: Chen Dai <daichen@amazon.com>
Codecov Report
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more @@ Coverage Diff @@
## 2.7 #1586 +/- ##
=========================================
Coverage 97.18% 97.18%
Complexity 4104 4104
=========================================
Files 371 371
Lines 10459 10459
Branches 706 706
=========================================
Hits 10165 10165
Misses 287 287
Partials 7 7
Flags with carried forward coverage won't be shown. Click here to find out more. |
Signed-off-by: Chen Dai <daichen@amazon.com>
Signed-off-by: Chen Dai <daichen@amazon.com>
Signed-off-by: Chen Dai <daichen@amazon.com>
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/backport-2.x
# Create a new branch
git switch --create backport/backport-1586-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 0bc8628395b8443f6e1a611345901a7f2c2561fd
# Push it to GitHub
git push --set-upstream origin backport/backport-1586-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/backport-2.x Then, create a pull request where the |
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/backport-main main
# Navigate to the new working tree
pushd ../.worktrees/backport-main
# Create a new branch
git switch --create backport/backport-1586-to-main
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 0bc8628395b8443f6e1a611345901a7f2c2561fd
# Push it to GitHub
git push --set-upstream origin backport/backport-1586-to-main
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/backport-main Then, create a pull request where the |
* Bump org.json version for CVE Signed-off-by: Chen Dai <daichen@amazon.com> * Fix assertion by json array similar method Signed-off-by: Chen Dai <daichen@amazon.com> * Fix more assertions which failed on query path return BigDecimal Signed-off-by: Chen Dai <daichen@amazon.com> * Fix legacy expr value factory Signed-off-by: Chen Dai <daichen@amazon.com> --------- Signed-off-by: Chen Dai <daichen@amazon.com>
* Bump org.json version for CVE * Fix assertion by json array similar method * Fix more assertions which failed on query path return BigDecimal * Fix legacy expr value factory --------- Signed-off-by: Chen Dai <daichen@amazon.com> (cherry picked from commit ff2050d)
* Bump org.json version for CVE * Fix assertion by json array similar method * Fix more assertions which failed on query path return BigDecimal * Fix legacy expr value factory --------- Signed-off-by: Chen Dai <daichen@amazon.com> (cherry picked from commit ff2050d) Co-authored-by: Chen Dai <daichen@amazon.com>
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/backport-1.3 1.3
# Navigate to the new working tree
pushd ../.worktrees/backport-1.3
# Create a new branch
git switch --create backport/backport-1586-to-1.3
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 0bc8628395b8443f6e1a611345901a7f2c2561fd
# Push it to GitHub
git push --set-upstream origin backport/backport-1586-to-1.3
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/backport-1.3 Then, create a pull request where the |
Signed-off-by: Peter Fitzgibbons <peter.fitzgibbons@gmail.com>
…h-project#1598) * Bump org.json version for CVE * Fix assertion by json array similar method * Fix more assertions which failed on query path return BigDecimal * Fix legacy expr value factory --------- Signed-off-by: Chen Dai <daichen@amazon.com> Signed-off-by: Mitchell Gale <Mitchell.Gale@improving.com>
Description
org.json
version in all submodules for CVE fixImpact on UT/IT
org.json
use BigDecimal to interpret floating point text in JSON. This caused the return value ofJSONObject/JSONArray.get() and query()
get changed from double to BigDecimal class.Impact on User Interface
Minor changes I noticed in our response format which seems an improvement:
Previously:
Now:
Issues Resolved
CVE-2022-45688
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.