Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix to CVE's by mend #139

Merged
merged 1 commit into from
Feb 16, 2023
Merged

Fix to CVE's by mend #139

merged 1 commit into from
Feb 16, 2023

Conversation

Divyaasm
Copy link
Collaborator

@Divyaasm Divyaasm commented Feb 13, 2023

Signed-off-by: Divya Madala [email protected]

Description

Updated version of snakeyaml(#69 ),protbuf-java (#71 )and workflow-support(#87 ) to address the CVE's

Issues Resolved

List any issues this PR will resolve, e.g. Closes [...].

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@Divyaasm Divyaasm requested a review from a team as a code owner February 13, 2023 21:24
@Divyaasm Divyaasm self-assigned this Feb 14, 2023
@Divyaasm Divyaasm added the Mend: dependency security vulnerability Security vulnerability detected by Mend label Feb 14, 2023
@mend-for-github-com mend-for-github-com bot changed the title Fix to CVE's by mend Fix to CVE's by mend - autoclosed Feb 15, 2023
@mend-for-github-com
Copy link
Contributor

✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

@Divyaasm Divyaasm reopened this Feb 16, 2023
@prudhvigodithi
Copy link
Member

Its good to merge this PR even though mend auto closed which was initially flagged as a vulnerability as the PR updates the version of the libraries.

@Divyaasm Divyaasm changed the title Fix to CVE's by mend - autoclosed Fix to CVE's by mend Feb 16, 2023
Signed-off-by: Divya Madala <[email protected]>
@Divyaasm Divyaasm merged commit d8b0b87 into opensearch-project:main Feb 16, 2023
@Divyaasm Divyaasm removed the Mend: dependency security vulnerability Security vulnerability detected by Mend label Feb 17, 2023
peterzhuamazon pushed a commit to peterzhuamazon/opensearch-build-libraries that referenced this pull request Feb 22, 2023
….x (opensearch-project#137)

Signed-off-by: Sayali Gaikawad <[email protected]>

Update dependency org.jenkins-ci.plugins:junit to v1166.1168.vd6b_8042a_06de (opensearch-project#143)

Co-authored-by: mend-for-github-com[bot] <50673670+mend-for-github-com[bot]@users.noreply.github.com>

Fix Cve's (opensearch-project#139)

Signed-off-by: Divya Madala <[email protected]>

Add apt repo and the artifacts promotion setups  (opensearch-project#136)

Signed-off-by: Peter Zhu <[email protected]>

---------

Signed-off-by: Peter Zhu <[email protected]>
peterzhuamazon added a commit that referenced this pull request Feb 22, 2023
….x (#137) (#145)

Update dependency org.jenkins-ci.plugins:junit to v1166.1168.vd6b_8042a_06de (#143)



Fix Cve's (#139)



Add apt repo and the artifacts promotion setups  (#136)



---------

Signed-off-by: Peter Zhu <[email protected]>
Co-authored-by: Sayali Gaikawad <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants