Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade guava and related dependencies to fix potential security issues #19471

Merged
merged 2 commits into from
Apr 5, 2021
Merged

Upgrade guava and related dependencies to fix potential security issues #19471

merged 2 commits into from
Apr 5, 2021

Conversation

skabashnyuk
Copy link
Contributor

@skabashnyuk skabashnyuk commented Mar 31, 2021
edited
Loading

What does this PR do?

  • upgrade guava to 30.1.1-jre
  • upgrade google.http-client to 1.39.1
  • upgrade restassured to 2.6.0
  • upgrade httpclient to 4.5.13
  • upgrade httpcore to 4.4.14
  • removed mailing infrastructure (since it is not used and contains potential problematic code)

CQ

Screenshot/screencast of this PR

What issues does this PR fix or reference?

https://github.com/skabashnyuk/che/security/dependabot/pom.xml/com.google.guava:guava/open

How to test this PR?

  • deploy che server image quay.io/skabashn/che-server:updatedeps
  • test if workspace started successfully

PR Checklist

As the author of this Pull Request I made sure that:

Reviewers

Reviewers, please comment how you tested the PR when approving it.

@skabashnyuk
Upgrade guava and related dependencies to mitigate potential security…
9c6d739 
… issues

Signed-off-by: Sergii Kabashniuk <skabashniuk@redhat.com>
@che-bot che-bot added the status/code-review This issue has a pull request posted for it and is awaiting code review completion by the community. label Mar 31, 2021
@che-bot
Copy link
Contributor

che-bot commented Mar 31, 2021

❌ E2E Happy path tests failed ❗

See Details

Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1)

  • Use comment "[crw-ci-test]" to rerun happy path E2E test.
  • Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

@eclipse-che eclipse-che deleted a comment from che-bot Mar 31, 2021
@skabashnyuk skabashnyuk marked this pull request as ready for review April 1, 2021 08:50
@skabashnyuk skabashnyuk mentioned this pull request Apr 1, 2021
Closed
@skabashnyuk skabashnyuk changed the title Upgrade guava and related dependencies to mitigate potential security issues Upgrade guava and related dependencies to fix potential security issues Apr 1, 2021
@che-bot che-bot added the kind/bug Outline of a bug - must adhere to the bug report template. label Apr 1, 2021
@skabashnyuk
Copy link
Contributor Author

[crw-ci-test]

@che-bot
Copy link
Contributor

che-bot commented Apr 1, 2021

❌ E2E Happy path tests failed ❗

See Details

Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1)

  • Use comment "[crw-ci-test]" to rerun happy path E2E test.
  • Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

@dmytro-ndp
Copy link
Contributor

[crw-ci-test --rebuild]

@che-bot
Copy link
Contributor

che-bot commented Apr 1, 2021

❌ E2E Happy path tests failed ❗

See Details

Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1)

  • Use comment "[crw-ci-test]" to rerun happy path E2E test.
  • Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

@skabashnyuk
Copy link
Contributor Author

[crw-ci-test --rebuild]

@che-bot
Copy link
Contributor

che-bot commented Apr 1, 2021

❌ E2E Happy path tests failed ❗

See Details

Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1)

  • Use comment "[crw-ci-test]" to rerun happy path E2E test.
  • Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

@skabashnyuk
Copy link
Contributor Author

crw-ci-test --rebuild

@dmytro-ndp
Copy link
Contributor

[crw-ci-test --rebuild]

@che-bot
Copy link
Contributor

che-bot commented Apr 1, 2021

❌ E2E Happy path tests failed ❗

See Details

Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1)

  • Use comment "[crw-ci-test]" to rerun happy path E2E test.
  • Use comment "[crw-ci-test --rebuild]" to re-build the images and rerun happy path E2E test.

@skabashnyuk
Merge remote-tracking branch 'upstream/master' into updatedeps
c60d1ba 
Signed-off-by: Sergii Kabashniuk <skabashniuk@redhat.com>
@skabashnyuk
Copy link
Contributor Author

[crw-ci-test --rebuild]

@skabashnyuk skabashnyuk merged commit c3249b6 into eclipse-che:master Apr 5, 2021
@skabashnyuk skabashnyuk deleted the updatedeps branch April 5, 2021 06:49
@che-bot che-bot removed the status/code-review This issue has a pull request posted for it and is awaiting code review completion by the community. label Apr 5, 2021
@che-bot che-bot added this to the 7.29 milestone Apr 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sparkoo sparkoo sparkoo approved these changes

@mshaposhnik mshaposhnik mshaposhnik approved these changes

@nickboldt nickboldt Awaiting requested review from nickboldt

@metlos metlos Awaiting requested review from metlos

Assignees
No one assigned
Labels
kind/bug Outline of a bug - must adhere to the bug report template.
Projects
None yet
Milestone
7.29
Development

Successfully merging this pull request may close these issues.
5 participants
@skabashnyuk @che-bot @dmytro-ndp @sparkoo @mshaposhnik