Testcases for plugins #517
Comments
Hi @lapnd, thank you for notifying such vulnerabilities. @jonahgraham, what is the current procedure to update the dependencies, hopefully without having to get approval from the legal team? Can we go up to this latest version? In the latest Orbit I see only 2.12.1.
Unfortunately not, we have to test the plug-ins manually. |
Getting a new version into Orbit should be easy enough - I can help do that, or even better we can make the updates so that we can consume content directly from Maven central. The latter has benefits long term, but more effort now. However there is still the issue of https://github.com/eclipse-embed-cdt/eclipse-plugins/blob/master/plugins/org.eclipse.embedcdt.core/lib/jackson-databind-2.9.9.3.jar being in this repo, so some refactoring is needed to make sure we are pulling this from external bundle and remove this jar from embedcdt. We could update the embedded jar, but that would be less ideal. @lapnd I can help guide you through this process / review the changes. Have you already started work in this area? |
Hi,
Currently, the plugins use some lib that out of date and has direct direct vulnerabilities such as https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.9.9.3
I would like to update this library, for example. The building is successful with latest lib (ex https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.13.2.2) but I'm not sure if this change will affect to plugin.
Do we have a set of test cases to run to verify the plugin for such kind of change?
Thank you!
The text was updated successfully, but these errors were encountered: