Security fix release #115
Security fix release #115
Conversation
pom.xml
Outdated
| @@ -60,10 +60,10 @@ | |||
| </scm> | |||
|
|
|||
| <properties> | |||
| <spring.version>5.2.13.RELEASE</spring.version> | |||
| <spring.version>5.2.22.RELEASE</spring.version> | |||
There was a problem hiding this comment.
Are you sure the 5.2.22.RELEASE doesn't have spring-beans critical CVE?
There was a problem hiding this comment.
nexus tells us
but may be bump to 5.3.22 or 5.3.23
There was a problem hiding this comment.
Bumped to 5.3.23.RELEASE
pom.xml
Outdated
| @@ -60,10 +60,10 @@ | |||
| </scm> | |||
|
|
|||
| <properties> | |||
| <spring.version>5.2.13.RELEASE</spring.version> | |||
| <spring.version>5.2.22.RELEASE</spring.version> | |||
| <spring-boot.version>2.3.2.RELEASE</spring-boot.version> | |||
There was a problem hiding this comment.
May be we should bump it too?
There was a problem hiding this comment.
@akudiyar I don't get it why we have spring-boot variable but it's used in spring-data-commons?
There was a problem hiding this comment.
@ArtDu because spring-data-commons in spring-boot sequence version numbers, take a look Compile Dependencies for spring-data-commons
There was a problem hiding this comment.
@ArtDu because
spring-data-commonsin spring-boot sequence version numbers, take a look Compile Dependencies forspring-data-commons
@Elishtar I can't find something like spring-boot in there https://github.com/spring-projects/spring-data-commons/blob/main/pom.xml
There was a problem hiding this comment.
Also bumped to 2.6.3
There was a problem hiding this comment.
@ArtDu when I added this library, Sping Boot had different version numbers from the Sping framework. Have they unified it by this time?
There was a problem hiding this comment.
Noop, I'm not talking about version difference between spring boot and spring framework. I don't understand why we use variable spring-boot-version in spring-data-commons library
|
@dkasimovskiy Remove github ticket from title name in commit and PR and move it below in description |
dkasimovskiy
force-pushed
the
bump/cartridge-java-0.9.1
branch
from
23c76fc to
8b0e47f
Compare
| @@ -2,6 +2,13 @@ | |||
|
|
|||
| ## [Unreleased] | |||
|
|
|||
| ## [0.5.2] - 2022-10-27 | |||
dkasimovskiy
force-pushed
the
bump/cartridge-java-0.9.1
branch
from
8b0e47f to
f218169
Compare
There was a problem hiding this comment.
@dkasimovskiy Please remove github ticket from title name in commit and PR and move it below in description Closes #113
| @@ -112,12 +112,6 @@ | |||
| <version>1.2.3</version> | |||
| <scope>test</scope> | |||
| </dependency> | |||
| <dependency> | |||
There was a problem hiding this comment.
Please be careful here. Our testcontainers module has an old version of this library too, and it has some major bugs. We need to change this dependency to 1.17.3 or higher, but should not remove it.
There was a problem hiding this comment.
In my opinion we need to have this dependency only in cartridge-java-testcontainers
There was a problem hiding this comment.
@akudiyar @dkasimovskiy
Now it's look shit crutch
Bump cartridge-java version to 0.9.1 Bump spring to 5.3.23.RELEASE Bump spring-boot to 2.6.3
dkasimovskiy
force-pushed
the
bump/cartridge-java-0.9.1
branch
from
f218169 to
8471c87
Compare
I don't see my comments have been fixed @akudiyar @dkasimovskiy I don't like that we merge PR before all changes or comments are approved |
Bump cartridge-java version to 0.9.1
Bump spring to 5.3.23.RELEASE
Bump spring-boot to 2.6.3
Closes #113