-
Notifications
You must be signed in to change notification settings - Fork 286
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(weaver): upgraded Corda dependencies to overcome Log4j vulnerability #2980
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me.
I need to fix a failing unit test. Am testing the fix out now (requires minor upgrades to the Kotlin and Corda plugin versions). Will merge after I see that test (and other Weaver tests) pass. |
@VRamakrishna Sure thing, take your time! |
@VRamakrishna If the changes in those two commits that you have in the PR right now are broken separately, then please s quash them together. The guiding principle being that if you check out any specific commit from the main branch then the build should be working regardless of which commit you've picked. |
@petermetz I fixed the Weaver tests and squashed the commits, but there is still a blocking error in "Cactus CI / yarn_codegen": See https://github.com/hyperledger/cacti/actions/runs/7580285585/job/20645864623?pr=2980 for error logs. I don't believe my changes have anything to do with this. Can you check? |
@VRamakrishna The following files are getting changed by M examples/cactus-example-carbon-accounting-business-logic-plugin/src/main/kotlin/generated/openapi/kotlin-client/gradlew.bat
M examples/cactus-example-supply-chain-business-logic-plugin/src/main/kotlin/generated/openapi/kotlin-client/gradlew.bat
M extensions/cactus-plugin-object-store-ipfs/src/main/kotlin/generated/openapi/kotlin-client/gradlew.bat
M packages/cactus-cmd-api-server/src/main/kotlin/generated/openapi/kotlin-client/gradlew.bat
M packages/cactus-core-api/src/main/kotlin/generated/openapi/kotlin-client/gradlew.bat
M packages/cactus-plugin-consortium-manual/src/main/kotlin/generated/openapi/kotlin-client/gradlew.bat
M packages/cactus-plugin-htlc-eth-besu-erc20/src/main/kotlin/generated/openapi/kotlin-client/gradlew.bat
M packages/cactus-plugin-keychain-aws-sm/src/main/kotlin/generated/openapi/kotlin-client/gradlew.bat
M packages/cactus-plugin-keychain-azure-kv/src/main/kotlin/generated/openapi/kotlin-client/gradlew.bat
M packages/cactus-plugin-keychain-google-sm/src/main/kotlin/generated/openapi/kotlin-client/gradlew.bat
M packages/cactus-plugin-keychain-memory-wasm/src/main/kotlin/generated/openapi/kotlin-client/gradlew.bat
M packages/cactus-plugin-keychain-memory/src/main/kotlin/generated/openapi/kotlin-client/gradlew.bat
M packages/cactus-plugin-keychain-vault/src/main/kotlin/generated/openapi/kotlin-client/gradlew.bat
M packages/cactus-plugin-ledger-connector-corda/src/main/kotlin/generated/openapi/kotlin-client/gradlew.bat
M packages/cactus-plugin-ledger-connector-fabric/src/main/kotlin/generated/openapi/kotlin-client/gradlew.bat
M packages/cactus-plugin-odap-hermes/src/main/kotlin/generated/openapi/kotlin-client/gradlew.bat coedgen on |
@outSH Thanks for pointing that out. I suspect my (Update) The test now passes after I reverted the change. |
@petermetz @outSH I had to fix some conflicts in a file that was modified by another PR 3 days ago, but after doing so, I'm getting an error in the |
@VRamakrishna Some changes got snuck in that triggered the codegen race conditions again. For now the way I've been dealing with it myself is to just re-try that one specific job and usually it goes through the second time but if not the third time did it so far so I never had to do it a forth time. |
Updated Corda package dependencies from 4.8 to 4.8.11, in which the vulnerability was fixed. Upgraded Gradle from 5.6.4 to 7.5 to manage the Corda updates. Downloaded Clikt dependency directly from Maven Central to avoid variant ambiguities in Corda Simple Application. Upgraded Kotlin and Corda plugin versions to make Weaver Interop CordApp unit tests pass. Fixed formatting in shell scripts to ensure that the shell command directive was in Line 1. Signed-off-by: VRamakrishna <[email protected]>
76f0c68
into
hyperledger-cacti:main
Pull Request Requirements
upstream/main
branch and squashed into single commit to help maintainers review it more efficient and to avoid spaghetti git commit graphs that obfuscate which commit did exactly what change, when and, why.-s
flag when usinggit commit
command. You may refer to this link for more information.Character Limit
A Must Read for Beginners
For rebasing and squashing, here's a must read guide for beginners.