-
Notifications
You must be signed in to change notification settings - Fork 276
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependencies upgrades to fix several vulnerabilities reported - Premium support #254
Conversation
…igin/main. As per comment from marcos airbytehq#240 (review)
Hello @mauricioalarcon the engineers will take a look later this week in your contribution. |
Your branch is not currently up-to-date with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this looks great. thanks for the add.
I'm going to run this against our OSS and closed source code for sanity. I'll come back if there is any further action needed on your part. Hopefully we can land this today
/create-oss-pr |
Your branch is not currently up-to-date with |
/create-oss-pr |
Your branch is not currently up-to-date with |
it's all coming back to me now. I copypasta-ed this PR over here so I could update it to work with snapshots which is how we merge OSS PRs with our shared cloud/OSS code then the create-a-pr code was broken due to a version mismatch, now to should work. I'll update here when I get the results of testing |
Your branch is not currently up-to-date with |
We test theses OSS PR against our internal cloud product as well. Keeping these in sync helps to make sure changes we make to cloud work in OSS and visa versa. This PR failed our internal tests. I'm pushing for the team whose test is broken by these changes to take a look. It is very likely that our team will work to fix this without the need for your intervention @mauricioalarcon Thanks again for your contribution. I will tell you when I have more to report. For now waiting on an internal team to review a test failure only seen in the cloud test suite. |
Your branch is not currently up-to-date with |
That's excellent news; thank you, @supertopher - I'm looking forward to the following report, and I'll let up to you close this one once we're done. |
Your branch is not currently up-to-date with |
@@ -24,10 +24,10 @@ micronaut-email = "1.5.0" | |||
micronaut-jaxrs = "3.4.0" | |||
micronaut-jdbc = "4.8.0" | |||
micronaut-micrometer = "4.8.3" | |||
micronaut-security = "3.11.1" | |||
micronaut-test = "3.8.2" | |||
micronaut-security = "3.11.0" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a reason that we are moving down a patch version here?
@@ -48,7 +48,7 @@ apache-commons-text = { module = "org.apache.commons:commons-text", version = "1 | |||
apache-cxf-core = { module = "org.apache.cxf:cxf-core", version = "3.4.2" } | |||
appender-log4j2 = { module = "com.therealvan:appender-log4j2", version = "3.6.0" } | |||
assertj-core = { module = "org.assertj:assertj-core", version = "3.21.0" } | |||
aws-java-sdk-s3 = { module = "com.amazonaws:aws-java-sdk-s3", version = "1.12.6" } | |||
aws-java-sdk-s3 = { module = "com.amazonaws:aws-java-sdk-s3", version = "1.12.468" } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a reason that we are moving down versions here?
mauricioalarcon seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
Your branch is not currently up-to-date with |
Old |
Your branch is not currently up-to-date with |
Bringing selective changes from this PR into latest upstream origin/main.
As per comment from Marcos this includes only the changes "upgrade the packages and addition of jsonsmart library."
What
Simple version bumping to fix several reported vulnerarbilities in several packages and modules
How
Bump accordingly to
deps.toml
file and adjusted one shaded dependency that's not longer part of guava, added original JetBrains NotNull annotation forairbyte-commons-worker/src/main/java/io/airbyte/workers/process/KubeProcessFactory.java
Recommended reading order
n/a
Can this PR be safely reverted / rolled back?
If you know that your PR is backwards-compatible and can be simply reverted or rolled back, check the YES box.
Otherwise if your PR has a breaking change, like a database migration for example, check the NO box.
If unsure, leave it blank.
🚨 User Impact 🚨
Are there any breaking changes? What is the end result perceived by the user? If yes, please merge this PR with the 🚨🚨 emoji so changelog authors can further highlight this if needed.
Not to our knowledge, all of these changes and bumps seems to pass all the tests on our side.