Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adjusted dependency versions to address CVEs #635

Merged
merged 1 commit into from
Mar 13, 2024
Merged

Adjusted dependency versions to address CVEs #635

merged 1 commit into from
Mar 13, 2024

Conversation

VijayanB
Copy link
Member

@VijayanB VijayanB commented Mar 12, 2024
edited
Loading

Description

Adjusted com.github.seancfoley:ipaddress version to address CVE.

Issues Resolved

Check List

  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@codecov Codecov
Copy link

codecov bot commented Mar 12, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 89.14%. Comparing base (a7ed59a) to head (dc93821).

Additional details and impacted files 
@@             Coverage Diff              @@
##               main     #635      +/-   ##
============================================
+ Coverage     88.96%   89.14%   +0.18%     
- Complexity      765      768       +3     
============================================
  Files            93       93              
  Lines          2746     2746              
  Branches        223      223              
============================================
+ Hits           2443     2448       +5     
+ Misses          221      219       -2     
+ Partials         82       79       -3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@VijayanB VijayanB force-pushed the cve-ipaddress branch 4 times, most recently from 14eb386 to 1dbcdb7 Compare March 12, 2024 21:23
@VijayanB
Copy link
Member Author

Will fix commons-compress in next PR

@VijayanB
Adjusted dependency versions to address CVEs
dc93821 
Adjusted com.github.seancfoley:ipaddress version to address CVE.
Adjusted org.apache.commons:commons-compress to address CVE.
Added commons-io:commons-io due to above update.

Signed-off-by: Vijayan Balasubramanian <[email protected]>
@VijayanB VijayanB added v2.13.0 Issues targeting release v2.13.0 backport 2.x Backport PR to 2.x branch labels Mar 13, 2024
vamshin
vamshin approved these changes Mar 13, 2024
View reviewed changes
Copy link
Member

@vamshin vamshin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks

@VijayanB VijayanB merged commit 430077d into opensearch-project:main Mar 13, 2024
25 checks passed
opensearch-trigger-bot bot pushed a commit that referenced this pull request Mar 13, 2024
@VijayanB @github-actions
Adjusted dependency versions to address CVEs (#635)
278267e 
Adjusted com.github.seancfoley:ipaddress version to address CVE.
Adjusted org.apache.commons:commons-compress to address CVE.
Added commons-io:commons-io due to above update.

Signed-off-by: Vijayan Balasubramanian <[email protected]>
(cherry picked from commit 430077d)
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Mar 13, 2024
Merged
VijayanB pushed a commit that referenced this pull request Mar 13, 2024
@opensearch-trigger-bot
Adjusted dependency versions to address CVEs (#635) (#636)
11b1d3d 
Adjusted com.github.seancfoley:ipaddress version to address CVE.
Adjusted org.apache.commons:commons-compress to address CVE.
Added commons-io:commons-io due to above update.

Signed-off-by: Vijayan Balasubramanian <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@naveentatikonda naveentatikonda naveentatikonda approved these changes

@vamshin vamshin vamshin approved these changes

@heemin32 heemin32 Awaiting requested review from heemin32 heemin32 is a code owner

@navneet1v navneet1v Awaiting requested review from navneet1v navneet1v is a code owner

@jmazanec15 jmazanec15 Awaiting requested review from jmazanec15 jmazanec15 is a code owner

@junqiu-lei junqiu-lei Awaiting requested review from junqiu-lei junqiu-lei is a code owner

@martin-gaievski martin-gaievski Awaiting requested review from martin-gaievski martin-gaievski is a code owner

Assignees
No one assigned
Labels
backport 2.x Backport PR to 2.x branch v2.13.0 Issues targeting release v2.13.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@VijayanB @vamshin @naveentatikonda