From 49119eab5ca0e519b1737e1f1ecfa021d9ef7b9e Mon Sep 17 00:00:00 2001
From: Zhe Sun <31067185+ZheSun88@users.noreply.github.com>
Date: Thu, 14 Nov 2024 11:48:30 +0200
Subject: [PATCH] fix: dependency convergence error from copilot (#6998)
- `dependency convergence` : there two different versions of io.netty:netty-* in this reactor-netty:1.2.0 , which are 4.1.114 and 4.1.113
- `vulnerable dependency` : the reactor-netty:1.2.0 uses io.netty:netty-common:4.1.114 which contains https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv
---
vaadin-dev/pom.xml | 67 ++++++++++++++++++++++++++++++++++++++++++++++
versions.json | 2 +-
2 files changed, 68 insertions(+), 1 deletion(-)
diff --git a/vaadin-dev/pom.xml b/vaadin-dev/pom.xml
index 0355ff11d..0390125ff 100644
--- a/vaadin-dev/pom.xml
+++ b/vaadin-dev/pom.xml
@@ -52,8 +52,75 @@
com.vaadin
copilot
+
+
+
+ io.netty
+ netty-common
+
+
+ io.netty
+ netty-buffer
+
+
+ io.netty
+ netty-codec
+
+
+ io.netty
+ netty-handler
+
+
+ io.netty
+ netty-transport
+
+
+ io.netty
+ netty-resolver
+
+
+ io.netty
+ netty-transport-native-unix-common
+
+
+
+ io.netty
+ netty-common
+ 4.1.115.Final
+
+
+ io.netty
+ netty-buffer
+ 4.1.115.Final
+
+
+ io.netty
+ netty-codec
+ 4.1.115.Final
+
+
+ io.netty
+ netty-handler
+ 4.1.115.Final
+
+
+ io.netty
+ netty-transport
+ 4.1.115.Final
+
+
+ io.netty
+ netty-resolver
+ 4.1.115.Final
+
+
+ io.netty
+ netty-transport-native-unix-common
+ 4.1.115.Final
+
diff --git a/versions.json b/versions.json
index b83c937ba..c08153811 100644
--- a/versions.json
+++ b/versions.json
@@ -382,7 +382,7 @@
"version": "1.0.0"
},
"copilot": {
- "javaVersion": "24.4.16"
+ "javaVersion": "24.4-SNAPSHOT"
},
"kubernetes-kit-starter": {
"javaVersion": "2.3.0"