Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump versions of reactor-core and reactor-netty #11500

Merged
merged 5 commits into from
Dec 7, 2023
Merged

Bump versions of reactor-core and reactor-netty #11500

merged 5 commits into from
Dec 7, 2023

Conversation

mch2
Copy link
Member

@mch2 mch2 commented Dec 6, 2023
edited
Loading

Description

Bump versions of reactor-core and reactor-netty on 1.x line.

Related Issues

Resolves CVE-2023-34062 and CVE-2023-34054

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Failing checks are inspected and point to the corresponding known issue(s) (See: Troubleshooting Failing Builds)
  • Commits are signed per the DCO using --signoff
  • Commit changes are listed out in CHANGELOG.md file (See: Changelog)
  • Public documentation issue/PR created

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@mch2
Bump versions of reactor-core and reactor-netty
4a8359c 
Signed-off-by: Marc Handalian <marc.handalian@gmail.com>
@mch2 mch2 added the backport 1.3 Backport to 1.3 branch label Dec 6, 2023
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 6, 2023

Gradle Check (Jenkins) Run Completed with:

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 6, 2023

Gradle Check (Jenkins) Run Completed with:

@mch2
Change to 3.4 line of reactore-core and 1.0 line of reactor-netty.
1d0a6f9 
Signed-off-by: Marc Handalian <marc.handalian@gmail.com>
@mch2
Copy link
Member Author

mch2 commented Dec 7, 2023

@reta @kotwanikunal Made changes here after approvals - the versions I bumped to required a bump in jackson-databind that is not compatible with our gradle version on 1.x. Instead moved these to the latest patch versions within the same minor that also resolve this CVE.

@kotwanikunal
Copy link
Member

You also need to rebase for the changelog :)

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 7, 2023

Gradle Check (Jenkins) Run Completed with:

@mch2
Merge branch '1.x' into 1.x
587d2bd 
Signed-off-by: Marc Handalian <handalm@amazon.com>
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@mch2
update SHAs
4f13031 
Signed-off-by: Marc Handalian <marc.handalian@gmail.com>
@mch2
fix thirdPartyAudit
531a094 
Signed-off-by: Marc Handalian <marc.handalian@gmail.com>
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 7, 2023

Gradle Check (Jenkins) Run Completed with:

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 7, 2023

Gradle Check (Jenkins) Run Completed with:

@codecov Codecov
Copy link

codecov bot commented Dec 7, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (15182ca) 77.60% compared to head (531a094) 77.64%.

Additional details and impacted files 
@@             Coverage Diff              @@
##                1.x   #11500      +/-   ##
============================================
+ Coverage     77.60%   77.64%   +0.03%     
- Complexity    58777    58837      +60     
============================================
  Files          4223     4223              
  Lines        253559   253559              
  Branches      38701    38701              
============================================
+ Hits         196768   196865      +97     
+ Misses        40753    40735      -18     
+ Partials      16038    15959      -79

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@mch2 mch2 merged commit 2059d94 into opensearch-project:1.x Dec 7, 2023
10 checks passed
mch2 added a commit to mch2/OpenSearch that referenced this pull request Dec 7, 2023
@mch2
Bump versions of reactor-core and reactor-netty (opensearch-project#1…
2fcc001 
…1500)

* Bump versions of reactor-core and reactor-netty

Signed-off-by: Marc Handalian <marc.handalian@gmail.com>

* Change to 3.4 line of reactore-core and 1.0 line of reactor-netty.

Signed-off-by: Marc Handalian <marc.handalian@gmail.com>

* update SHAs

Signed-off-by: Marc Handalian <marc.handalian@gmail.com>

* fix thirdPartyAudit

Signed-off-by: Marc Handalian <marc.handalian@gmail.com>

---------

Signed-off-by: Marc Handalian <marc.handalian@gmail.com>
Signed-off-by: Marc Handalian <handalm@amazon.com>
@mch2 mch2 mentioned this pull request Dec 7, 2023
Merged
mch2 added a commit to mch2/OpenSearch that referenced this pull request Dec 7, 2023
@mch2
Bump versions of reactor-core and reactor-netty (opensearch-project#1…
f4e48bb 
…1500)

* Bump versions of reactor-core and reactor-netty

Signed-off-by: Marc Handalian <marc.handalian@gmail.com>

* Change to 3.4 line of reactore-core and 1.0 line of reactor-netty.

Signed-off-by: Marc Handalian <marc.handalian@gmail.com>

* update SHAs

Signed-off-by: Marc Handalian <marc.handalian@gmail.com>

* fix thirdPartyAudit

Signed-off-by: Marc Handalian <marc.handalian@gmail.com>

---------

Signed-off-by: Marc Handalian <marc.handalian@gmail.com>
Signed-off-by: Marc Handalian <handalm@amazon.com>
Signed-off-by: Marc Handalian <marc.handalian@gmail.com>
mch2 added a commit that referenced this pull request Dec 7, 2023
@mch2
Bump versions of reactor-core and reactor-netty (#11500) (#11525)
cedab0b 
* Bump versions of reactor-core and reactor-netty



* Change to 3.4 line of reactore-core and 1.0 line of reactor-netty.



* update SHAs



* fix thirdPartyAudit



---------

Signed-off-by: Marc Handalian <marc.handalian@gmail.com>
Signed-off-by: Marc Handalian <handalm@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reta reta reta approved these changes

@kotwanikunal kotwanikunal kotwanikunal approved these changes

@anasalkouz anasalkouz Awaiting requested review from anasalkouz anasalkouz is a code owner

@andrross andrross Awaiting requested review from andrross andrross is a code owner

@Bukhtawar Bukhtawar Awaiting requested review from Bukhtawar Bukhtawar is a code owner

@CEHENKLE CEHENKLE Awaiting requested review from CEHENKLE CEHENKLE is a code owner

@dblock dblock Awaiting requested review from dblock dblock is a code owner

@gbbafna gbbafna Awaiting requested review from gbbafna gbbafna is a code owner

@setiah setiah Awaiting requested review from setiah

@kartg kartg Awaiting requested review from kartg

@nknize nknize Awaiting requested review from nknize nknize is a code owner

@owaiskazi19 owaiskazi19 Awaiting requested review from owaiskazi19 owaiskazi19 is a code owner

@adnapibar adnapibar Awaiting requested review from adnapibar

@Rishikesh1159 Rishikesh1159 Awaiting requested review from Rishikesh1159 Rishikesh1159 is a code owner

@ryanbogan ryanbogan Awaiting requested review from ryanbogan

@saratvemulapalli saratvemulapalli Awaiting requested review from saratvemulapalli saratvemulapalli is a code owner

@shwetathareja shwetathareja Awaiting requested review from shwetathareja shwetathareja is a code owner

@dreamer-89 dreamer-89 Awaiting requested review from dreamer-89

@tlfeng tlfeng Awaiting requested review from tlfeng

@VachaShah VachaShah Awaiting requested review from VachaShah VachaShah is a code owner

Assignees
No one assigned
Labels
backport 1.3 Backport to 1.3 branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mch2 @kotwanikunal @reta