Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrading Jackson-Databind version #1982

Merged
merged 2 commits into from
Jan 27, 2022
Merged

Upgrading Jackson-Databind version #1982

merged 2 commits into from
Jan 27, 2022

Conversation

Rishikesh1159
Copy link
Member

Signed-off-by: Rishikesh1159 [email protected]

Description

Update the version of jackson-databind to remove the vulnerability WS-2021-0616

Issues Resolved

None

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@Rishikesh1159 Rishikesh1159 requested a review from a team as a code owner January 27, 2022 00:27
@opensearch-ci-bot
Copy link
Collaborator

Can one of the admins verify this patch?

@opensearch-ci-bot
Copy link
Collaborator

❌   Gradle Check failure be31253
Log 2075

Reports 2075

@@ -116,7 +116,7 @@ dependencies {
api 'com.avast.gradle:gradle-docker-compose-plugin:0.14.12'
api 'org.apache.maven:maven-model:3.6.2'
api 'com.networknt:json-schema-validator:1.0.36'
api 'com.fasterxml.jackson.core:jackson-databind:2.12.5'
api 'com.fasterxml.jackson.core:jackson-databind:2.12.6'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please change it to${props.getProperty('jackson')} ? Thank you.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@reta Sure I will change that

@reta
Copy link
Collaborator

reta commented Jan 27, 2022

@Rishikesh1159 please run ./gradlew updateSHAs, there are SHAs updates for artifacts, thank you.

@opensearch-ci-bot
Copy link
Collaborator

❌   Gradle Check failure be24eac
Log 2078

Reports 2078

@Rishikesh1159
Copy link
Member Author

start gradle check

@opensearch-ci-bot
Copy link
Collaborator

✅   Gradle Check success be24eac
Log 2079

Reports 2079

@tlfeng tlfeng added >upgrade Label used when upgrading library dependencies (e.g., Lucene) backport 1.x CVE Fixes a CVE v1.3.0 v2.0.0 Version 2.0.0 labels Jan 27, 2022
@saratvemulapalli saratvemulapalli merged commit 1568407 into opensearch-project:main Jan 27, 2022
@saratvemulapalli saratvemulapalli added the pending backport Identifies an issue or PR that still needs to be backported label Jan 27, 2022
github-actions bot pushed a commit that referenced this pull request Jan 27, 2022
* Upgrading Jackson-Databind version

Signed-off-by: Rishikesh1159 <[email protected]>

* Adding jackson-databind version using getProperty method

Signed-off-by: Rishikesh1159 <[email protected]>
(cherry picked from commit 1568407)
saratvemulapalli pushed a commit that referenced this pull request Jan 31, 2022
* Upgrading Jackson-Databind version

Signed-off-by: Rishikesh1159 <[email protected]>

* Adding jackson-databind version using getProperty method

Signed-off-by: Rishikesh1159 <[email protected]>
(cherry picked from commit 1568407)

Co-authored-by: Rishikesh Pasham <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport 1.x CVE Fixes a CVE pending backport Identifies an issue or PR that still needs to be backported >upgrade Label used when upgrading library dependencies (e.g., Lucene) v1.3.0 v2.0.0 Version 2.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants