Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Java] Update dependencies to address vulnerabilities #1735

Merged
merged 6 commits into from
Dec 23, 2018
Merged

[Java] Update dependencies to address vulnerabilities #1735

merged 6 commits into from
Dec 23, 2018

Conversation

ackintosh
Copy link
Contributor

@ackintosh ackintosh commented Dec 22, 2018
edited
Loading

PR checklist

  • Read the contribution guidelines.
  • Ran the shell script under ./bin/ to update Petstore sample so that CIs can verify the change. (For instance, only need to run ./bin/{LANG}-petstore.sh and ./bin/security/{LANG}-petstore.sh if updating the {LANG} (e.g. php, ruby, python, etc) code generator or {LANG} client's mustache templates). Windows batch files can be found in .\bin\windows\.
  • Filed the PR against the correct branch: master, 3.4.x, 4.0.x. Default: master.
  • Copied the technical committee to review the pull request if your PR is targeting a particular programming language.

Description of the PR

Updated Retrofit2 to address the vulnerabilities:

@ackintosh
Copy link
Contributor Author

https://circleci.com/gh/OpenAPITools/openapi-generator/3871#tests/containers/1

[ERROR] COMPILATION ERROR : 
[ERROR] /home/circleci/OpenAPITools/openapi-generator/samples/client/petstore/java/retrofit2-play25/src/main/java/org/openapitools/client/Play25CallFactory.java:[92,12] org.openapitools.client.Play25CallFactory.PlayWSCall is not abstract and does not override abstract method timeout() in okhttp3.Call
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.1:compile (default-compile) on project petstore-java-client-retrofit2-play25: Compilation failure
[ERROR] /home/circleci/OpenAPITools/openapi-generator/samples/client/petstore/java/retrofit2-play25/src/main/java/org/openapitools/client/Play25CallFactory.java:[92,12] org.openapitools.client.Play25CallFactory.PlayWSCall is not abstract and does not override abstract method timeout() in okhttp3.Call

@ackintosh
Copy link
Contributor Author

Related PR @ okhttp: square/okhttp#4363

@ackintosh ackintosh added the WIP Work in Progress label Dec 22, 2018
@ackintosh
Copy link
Contributor Author

23cda7a

I used this as reference.

@ackintosh ackintosh removed the WIP Work in Progress label Dec 22, 2018
@ackintosh
Copy link
Contributor Author

cc @bbdouglas (2017/07) @JFCote (2017/08) @sreeshas (2017/08) @jfiala (2017/08) @lukoyanov (2017/09) @cbornet (2017/09) @jeff9finger (2018/01)

wing328
wing328 reviewed Dec 23, 2018
View reviewed changes
...napi-generator/src/main/resources/Java/libraries/retrofit2/play25/Play25CallFactory.mustache Outdated
}

@Override
public Request request() {
return request;
}

@Override
public Timeout timeout() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ackintosh looks like it's not indented properly (4 extra spaces)

@ackintosh
Copy link
Contributor Author

Thanks for the review! Fixed the indent.

@wing328 wing328 added this to the 4.0.0 milestone Dec 23, 2018
wing328
wing328 approved these changes Dec 23, 2018
View reviewed changes
Copy link
Member

@wing328 wing328 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@wing328 wing328 merged commit f183153 into OpenAPITools:master Dec 23, 2018
@ackintosh ackintosh deleted the update-deps branch December 23, 2018 12:27
@wing328 wing328 changed the title [Java] Update dependencies [Java] Update dependencies to address vulnerabilities Dec 23, 2018
A-Joshi pushed a commit to ihsmarkitoss/openapi-generator that referenced this pull request Feb 27, 2019
@ackintosh @wing328
[Java] Update dependencies (OpenAPITools#1735)
52ace40 
* Update retrofit2

refs:
https://nvd.nist.gov/vuln/detail/CVE-2018-1000850
https://nvd.nist.gov/vuln/detail/CVE-2018-1000844

* Update samples

./bin/java-petstore-all.sh

* Implement okhttp3.Call#timeout

refs square/okhttp#4363

* Update samples

./bin/java-petstore-all.sh

* Update Play26CallFactory

* Fix indent
aloisklink added a commit to aloisklink/openapi-generator that referenced this pull request May 11, 2020
@aloisklink
[java-retrofit2-play24] Fix integration-tests
d9987c3 
Running mvn integration-test failed in
samples/client/petstore/java/retrofit2-play24

This merges pull requests OpenAPITools#1735 and OpenAPITools#5527 into
retrofit2-play24.

Also removes the jackson-databind-version field,
since it should always be the same as jackson-version,
and updates build.gradle/build.sbt

on-behalf-of: @nqminds <[email protected]>
wing328 added a commit that referenced this pull request Jun 16, 2020
@wing328 @aloisklink
[java] Specify Java version for maven-javadoc-plugin (fixes Java 11 e…
213c38c 
…rror) (#6679)

* Add jersey2-experimental to petstore build script

on-behalf-of: @nqminds <[email protected]>

* [java] Add <source> to javadoc in pom.mustache

We add the following <source> tag to the <configuration> of
maven-javadoc-plugin for most pom.mustache files that use it.
This tells javadoc which version of java the compiler used.

This fixes the following error when running Java 11:
[ERROR] Exit code: 1 - javadoc: error - The code being documented uses
modules but the packages defined in
https://docs.oracle.com/javase/8/docs/api/ are in the unnamed module

Additionally, we also add maven-compiler-plugin to jersey2/pom.mustache
to specify that the source code is Java 6/7/8.

on-behalf-of: @nqminds <[email protected]>

* [java-jersey2-java6] Update failing old tests

Pull-request #4666 changed jersey generation, but didn't update the
test samples Tests now succeed.

on-behalf-of: @nqminds <[email protected]>

* [java-retrofit2-play24] Fix integration-tests

Running mvn integration-test failed in
samples/client/petstore/java/retrofit2-play24

This merges pull requests #1735 and #5527 into
retrofit2-play24.

Also removes the jackson-databind-version field,
since it should always be the same as jackson-version,
and updates build.gradle/build.sbt

on-behalf-of: @nqminds <[email protected]>

Co-authored-by: Alois Klink <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wing328 wing328 wing328 approved these changes

Assignees
No one assigned
Labels
Client: Java Issue: Security
Projects
None yet
Milestone
4.0.0
Development

Successfully merging this pull request may close these issues.
2 participants
@ackintosh @wing328