Skip to content

Move to Gradle v7.6.3 for all wrappers. #317

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 20, 2023
Merged

Move to Gradle v7.6.3 for all wrappers. #317

merged 1 commit into from
Oct 20, 2023

Conversation

benjsmi
Copy link
Contributor

@benjsmi benjsmi commented Oct 17, 2023

As per https://nvd.nist.gov/vuln/detail/CVE-2023-44387, Gradle v7.6.2 is vulnerable. Moves all incorporate wrappers to the latest version of Gradle in their properties spec such that they use the latest Gradle (on the 7.6.x branch) to run the build.

Related to #312 but not mentioned explicitly in that issue.

@benjsmi benjsmi requested a review from a team as a code owner October 17, 2023 21:28
@benjsmi benjsmi mentioned this pull request Oct 17, 2023
Closed
@benjsmi
Copy link
Contributor Author

benjsmi commented Oct 18, 2023

Merged in other merged PR for org.json to this PR to avoid conflicts.

@benjsmi
Copy link
Contributor Author

benjsmi commented Oct 19, 2023

@bestbeforetoday -- do you mind reviewing this?

@benjsmi
Copy link
Contributor Author

benjsmi commented Oct 19, 2023

@bestbeforetoday Read up on the right way to upgrade Gradle Wrapper and have applied those changes to this PR now. Thanks for the tip!

bestbeforetoday
bestbeforetoday reviewed Oct 19, 2023
View reviewed changes
Copy link
Member

@bestbeforetoday bestbeforetoday left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like you might have missed the Gradle wrapper upgrade in the examples/fabric-contract-example-gradle-kotlin directory. Also the commits all need a signoff statement (git commit --amend --signoff)

@benjsmi
Upgrade Gradle Wrapper to v7.6.3 (the right way this time).
93d36b5 
Signed-off-by: Ben Smith <benjsmi@us.ibm.com>
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@benjsmi
Copy link
Contributor Author

benjsmi commented Oct 20, 2023

@bestbeforetoday yeah I definitely ran the wrapper command in the Kotlin directory.

programsam@Bens-IBM-Laptop-2022 fabric-contract-example-gradle-kotlin % ./gradlew wrapper --gradle-version 7.6.3
Starting a Gradle Daemon (subsequent builds will be faster)

Deprecated Gradle features were used in this build, making it incompatible with Gradle 8.0.

You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.

See https://docs.gradle.org/7.6.3/userguide/command_line_interface.html#sec:command_line_warnings

BUILD SUCCESSFUL in 7s
1 actionable task: 1 up-to-date

Oddly enough, the JAR file in that directory does not/did not seem to need changing. Not sure why that is.

@bestbeforetoday bestbeforetoday merged commit 412447c into hyperledger:main Oct 20, 2023
@benjsmi benjsmi deleted the newer-gradle branch October 23, 2023 13:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bestbeforetoday bestbeforetoday bestbeforetoday approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@benjsmi @bestbeforetoday