Dependencies upgrades to fix several vulnerabilities reported - Premium support #254
Conversation
…igin/main. As per comment from marcos airbytehq#240 (review)
mauricioalarcon
changed the title
marcosmarxm
requested review from
davinchia,
wennergr,
supertopher and
airbyte-prodeng
|
Hello @mauricioalarcon the engineers will take a look later this week in your contribution. |
|
Your branch is not currently up-to-date with |
|
/create-oss-pr |
|
Your branch is not currently up-to-date with |
|
/create-oss-pr |
|
Your branch is not currently up-to-date with |
|
it's all coming back to me now. I copypasta-ed this PR over here so I could update it to work with snapshots which is how we merge OSS PRs with our shared cloud/OSS code then the create-a-pr code was broken due to a version mismatch, now to should work. I'll update here when I get the results of testing |
|
Your branch is not currently up-to-date with |
|
We test theses OSS PR against our internal cloud product as well. Keeping these in sync helps to make sure changes we make to cloud work in OSS and visa versa. This PR failed our internal tests. I'm pushing for the team whose test is broken by these changes to take a look. It is very likely that our team will work to fix this without the need for your intervention @mauricioalarcon Thanks again for your contribution. I will tell you when I have more to report. For now waiting on an internal team to review a test failure only seen in the cloud test suite. |
|
Your branch is not currently up-to-date with |
|
That's excellent news; thank you, @supertopher - I'm looking forward to the following report, and I'll let up to you close this one once we're done. |
|
Your branch is not currently up-to-date with |
| @@ -24,10 +24,10 @@ micronaut-email = "1.5.0" | |||
| micronaut-jaxrs = "3.4.0" | |||
| micronaut-jdbc = "4.8.0" | |||
| micronaut-micrometer = "4.8.3" | |||
| micronaut-security = "3.11.1" | |||
| micronaut-test = "3.8.2" | |||
| micronaut-security = "3.11.0" | |||
There was a problem hiding this comment.
Is there a reason that we are moving down a patch version here?
| @@ -48,7 +48,7 @@ apache-commons-text = { module = "org.apache.commons:commons-text", version = "1 | |||
| apache-cxf-core = { module = "org.apache.cxf:cxf-core", version = "3.4.2" } | |||
| appender-log4j2 = { module = "com.therealvan:appender-log4j2", version = "3.6.0" } | |||
| assertj-core = { module = "org.assertj:assertj-core", version = "3.21.0" } | |||
| aws-java-sdk-s3 = { module = "com.amazonaws:aws-java-sdk-s3", version = "1.12.6" } | |||
| aws-java-sdk-s3 = { module = "com.amazonaws:aws-java-sdk-s3", version = "1.12.468" } | |||
There was a problem hiding this comment.
Is there a reason that we are moving down versions here?
|
mauricioalarcon seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
|
Your branch is not currently up-to-date with |
|
Old |
|
Your branch is not currently up-to-date with |
Bringing selective changes from this PR into latest upstream origin/main.
As per comment from Marcos this includes only the changes "upgrade the packages and addition of jsonsmart library."
What
Simple version bumping to fix several reported vulnerarbilities in several packages and modules
How
Bump accordingly to
deps.tomlfile and adjusted one shaded dependency that's not longer part of guava, added original JetBrains NotNull annotation forairbyte-commons-worker/src/main/java/io/airbyte/workers/process/KubeProcessFactory.javaRecommended reading order
n/a
Can this PR be safely reverted / rolled back?
If you know that your PR is backwards-compatible and can be simply reverted or rolled back, check the YES box.
Otherwise if your PR has a breaking change, like a database migration for example, check the NO box.
If unsure, leave it blank.
🚨 User Impact 🚨
Are there any breaking changes? What is the end result perceived by the user? If yes, please merge this PR with the 🚨🚨 emoji so changelog authors can further highlight this if needed.
Not to our knowledge, all of these changes and bumps seems to pass all the tests on our side.