Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency Update : SnakeYAML for the dotCMS CLI project #28325

Closed
Tracked by #28378
jcastro-dotcms opened this issue Apr 23, 2024 · 1 comment · Fixed by #28383
Closed
Tracked by #28378

Dependency Update : SnakeYAML for the dotCMS CLI project #28325

jcastro-dotcms opened this issue Apr 23, 2024 · 1 comment · Fixed by #28383
Labels
dotCMS : CLI LTS : Next Ticket that will be added to LTS Merged OKR : Security & Privacy Owned by Mehdi Priority : 2 High QA : Not Needed Release : 24.05.13 Bug Fixing Team : Scout Triage Type : Task

Comments

@jcastro-dotcms
Copy link
Contributor

Parent Issue

#24850

Task

dotCMS CLI is currently using org.yaml/snakeyaml 1.30

Upgrading to version 2.2 will remove all the reported security vulnerabilities.

Proposed Objective

Code Maintenance

Proposed Priority

Priority 2 - Important

Acceptance Criteria

No response

External Links... Slack Conversations, Support Tickets, Figma Designs, etc.

No response

Assumptions & Initiation Needs

SnakeYAML 1.30 is being included as a transitive dependency. As per conversation with @fabrizzio-dotCMS , it's very likely that a major change in the dependency list needs to be done.

Quality Assurance Notes & Workarounds

No response

Sub-Tasks & Estimates

No response
@damen-dotcms damen-dotcms mentioned this issue Apr 29, 2024
Closed
@mbiuki mbiuki added the OKR : Security & Privacy Owned by Mehdi label Apr 29, 2024
fabrizzio-dotCMS added a commit that referenced this issue Apr 29, 2024
@fabrizzio-dotCMS
#28325 upping quarkus platform
f82dedc
fabrizzio-dotCMS added a commit that referenced this issue Apr 29, 2024
@fabrizzio-dotCMS
#28325 2.16.12.Final is the leatest version on which I could compile …
720ef5c 
…the project
@fabrizzio-dotCMS fabrizzio-dotCMS linked a pull request Apr 29, 2024 that will close this issue
#28325 upping quarkus platform #28383
Merged
@fabrizzio-dotCMS
Copy link
Contributor

by upping the quarkus platform version to 2.12.3.Final

The snakeYML version goes up to 1.32 which is vulnerability-free

However, I was able to upgrade quaks to 2.16.12.Final without any issue. Beyond this point the build breaks.

fabrizzio-dotCMS added a commit that referenced this issue Apr 30, 2024
@fabrizzio-dotCMS
#28325
b4316cb
fabrizzio-dotCMS added a commit that referenced this issue Apr 30, 2024
@fabrizzio-dotCMS
#28325 adjusting our test to run with the new quarkus platf ver
4ae0158
fabrizzio-dotCMS added a commit that referenced this issue Apr 30, 2024
@fabrizzio-dotCMS
#28325 doc
543afcb
fabrizzio-dotCMS added a commit that referenced this issue May 1, 2024
@fabrizzio-dotCMS
#28325
94c46e2
github-merge-queue bot pushed a commit that referenced this issue May 1, 2024
@fabrizzio-dotCMS
#28325 upping quarkus platform (#28383)
fd4af97 
* #28325 upping quarkus platform

* #28325 2.16.12.Final is the leatest version on which I could compile the project

* #28325

* #28251

* #28325 adjusting our test to run with the new quarkus platf ver

* #28325 doc

* #28325
@nollymar nollymar added the LTS : Next Ticket that will be added to LTS label May 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dotCMS : CLI LTS : Next Ticket that will be added to LTS Merged OKR : Security & Privacy Owned by Mehdi Priority : 2 High QA : Not Needed Release : 24.05.13 Bug Fixing Team : Scout Triage Type : Task
Projects
dotCMS - Product Planning
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

#28325 upping quarkus platform dotCMS/core
4 participants
@nollymar @jcastro-dotcms @mbiuki @fabrizzio-dotCMS