Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Spotless Transitive Dependency and bump aiohttp to fix CVE #1323

Merged
merged 1 commit into from
Nov 27, 2023
Merged

Fix Spotless Transitive Dependency and bump aiohttp to fix CVE #1323

merged 1 commit into from
Nov 27, 2023

Conversation

naveentatikonda
Copy link
Member

Description

The Spotless Gradle Plugin brings in a transitive dependency on Eclipse Core Runtime 3.26.100. That version is impacted by a CVE. This forces the newest version, currently 3.29.0.

Also, bump the aiohttp dependency from 3.8.5 to 3.8.6 to fix CVE.

Issues Resolved

#1321
#1320

Check List

  • All tests pass
  • Commits are signed as per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@codecov Codecov
Copy link

codecov bot commented Nov 27, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (a45054f) 85.13% compared to head (2e4fd8d) 85.13%.

Additional details and impacted files 
@@            Coverage Diff            @@
##               main    #1323   +/-   ##
=========================================
  Coverage     85.13%   85.13%           
  Complexity     1210     1210           
=========================================
  Files           160      160           
  Lines          4931     4931           
  Branches        449      449           
=========================================
  Hits           4198     4198           
  Misses          537      537           
  Partials        196      196

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@naveentatikonda naveentatikonda merged commit 5e2f899 into opensearch-project:main Nov 27, 2023
59 of 62 checks passed
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Nov 27, 2023
Merged
opensearch-trigger-bot bot pushed a commit that referenced this pull request Nov 27, 2023
@naveentatikonda @github-actions
Fix Spotless Transitive Dependency and bump aiohttp to fix CVE (#1323)
e177b68 
Signed-off-by: Naveen Tatikonda <[email protected]>
(cherry picked from commit 5e2f899)
ryanbogan pushed a commit that referenced this pull request Nov 27, 2023
@opensearch-trigger-bot @naveentatikonda
Fix Spotless Transitive Dependency and bump aiohttp to fix CVE (#1323) (
6b92dbc 
#1324)

Signed-off-by: Naveen Tatikonda <[email protected]>
(cherry picked from commit 5e2f899)

Co-authored-by: Naveen Tatikonda <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@martin-gaievski martin-gaievski martin-gaievski approved these changes

@vibrantvarun vibrantvarun vibrantvarun approved these changes

@navneet1v navneet1v navneet1v approved these changes

@heemin32 heemin32 Awaiting requested review from heemin32 heemin32 is a code owner

@VijayanB VijayanB Awaiting requested review from VijayanB VijayanB is a code owner

@vamshin vamshin Awaiting requested review from vamshin vamshin is a code owner

@jmazanec15 jmazanec15 Awaiting requested review from jmazanec15 jmazanec15 is a code owner

@junqiu-lei junqiu-lei Awaiting requested review from junqiu-lei junqiu-lei is a code owner

@ryanbogan ryanbogan Awaiting requested review from ryanbogan ryanbogan is a code owner

Assignees
No one assigned
Labels
backport 2.x skip-changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@naveentatikonda @navneet1v @vibrantvarun @martin-gaievski