Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.3] Force commons-io transitive dependency version #16816

Merged
merged 1 commit into from
Dec 10, 2024
Merged

[1.3] Force commons-io transitive dependency version #16816

merged 1 commit into from
Dec 10, 2024

Conversation

dbwiddis
Copy link
Member

@dbwiddis dbwiddis commented Dec 9, 2024
edited
Loading

Description

Forces the transitive dependency on commons-io to a non-impacted version.

Fixes CVE-2024-47554

Note: as a transitive dependency, no SHAs, and the version bump (#16780) is already included in release notes for the OpenSearch bump

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@dbwiddis dbwiddis changed the title Force commons-io transitive dependency version [1.3] Force commons-io transitive dependency version Dec 9, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 9, 2024

✅ Gradle check result for c854bbd: SUCCESS

@codecov Codecov
Copy link

codecov bot commented Dec 9, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 77.67%. Comparing base (05f4aac) to head (10fe354).
Report is 41 commits behind head on 1.3.

Additional details and impacted files 
@@             Coverage Diff              @@
##                1.3   #16816      +/-   ##
============================================
+ Coverage     77.56%   77.67%   +0.10%     
- Complexity    58760    58792      +32     
============================================
  Files          4223     4223              
  Lines        253441   253459      +18     
  Branches      38701    38692       -9     
============================================
+ Hits         196590   196878     +288     
+ Misses        40844    40564     -280     
- Partials      16007    16017      +10

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@dbwiddis dbwiddis force-pushed the commons-io-cve branch 2 times, most recently from f72de17 to b4ef51e Compare December 10, 2024 01:27
@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for f72de17: ABORTED

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for b4ef51e: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for b4ef51e: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for b4ef51e: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@github-actions GitHub Actions
Copy link
Contributor

✅ Gradle check result for 10fe354: SUCCESS

@ashking94 ashking94 merged commit 31afd17 into opensearch-project:1.3 Dec 10, 2024
18 checks passed
@dbwiddis dbwiddis deleted the commons-io-cve branch December 10, 2024 07:26
@reta
Copy link
Collaborator

reta commented Dec 10, 2024

Thank you @dbwiddis !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reta reta reta approved these changes

@ashking94 ashking94 ashking94 approved these changes

@anasalkouz anasalkouz Awaiting requested review from anasalkouz anasalkouz is a code owner

@andrross andrross Awaiting requested review from andrross andrross is a code owner

@Bukhtawar Bukhtawar Awaiting requested review from Bukhtawar Bukhtawar is a code owner

@CEHENKLE CEHENKLE Awaiting requested review from CEHENKLE CEHENKLE is a code owner

@dblock dblock Awaiting requested review from dblock dblock is a code owner

@gbbafna gbbafna Awaiting requested review from gbbafna gbbafna is a code owner

@kotwanikunal kotwanikunal Awaiting requested review from kotwanikunal kotwanikunal is a code owner

@mch2 mch2 Awaiting requested review from mch2 mch2 is a code owner

@msfroh msfroh Awaiting requested review from msfroh msfroh is a code owner

@nknize nknize Awaiting requested review from nknize nknize is a code owner

@owaiskazi19 owaiskazi19 Awaiting requested review from owaiskazi19 owaiskazi19 is a code owner

@Rishikesh1159 Rishikesh1159 Awaiting requested review from Rishikesh1159 Rishikesh1159 is a code owner

@sachinpkale sachinpkale Awaiting requested review from sachinpkale sachinpkale is a code owner

@saratvemulapalli saratvemulapalli Awaiting requested review from saratvemulapalli saratvemulapalli is a code owner

@shwetathareja shwetathareja Awaiting requested review from shwetathareja shwetathareja is a code owner

@sohami sohami Awaiting requested review from sohami sohami is a code owner

@VachaShah VachaShah Awaiting requested review from VachaShah VachaShah is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dbwiddis @reta @ashking94