Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated Spring Boot to version 3.3.5 #297

Merged
merged 2 commits into from
Nov 11, 2024
Merged

Updated Spring Boot to version 3.3.5 #297

merged 2 commits into from
Nov 11, 2024

Conversation

gr4cza
Copy link
Contributor

@gr4cza gr4cza commented Oct 28, 2024
edited
Loading

  • removed unnecessary restriction from tomcat-embed-core

Pull Request type

  • Bugfix
  • Feature
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • WHOSUSING.md
  • Other (please describe):

NOTE: Please remember to run ./gradlew spotlessApply to fix any format violations.

Changes in this PR

Updated Spring Boot to version 3.3.5, as this version does not include the vulnerability that previously required restricting the org.apache.tomcat.embed:tomcat-embed-core dependency.

@gr4cza gr4cza force-pushed the chore/update-spring-boot-3_3_5 branch 3 times, most recently from 97b575d to 5cf8dbd Compare October 28, 2024 23:26
@gr4cza
Copy link
Contributor Author

gr4cza commented Oct 30, 2024

hi @v1r3n!
can you take a look on this one?
the

implementation('org.apache.tomcat.embed:tomcat-embed-core') {
    version {
        strictly '10.1.25'
    }
}

part prevents the further spring boot updates (without explicit exlusions).

thank you!

@v1r3n v1r3n requested a review from c4lm November 10, 2024 02:29
c4lm
c4lm reviewed Nov 10, 2024
View reviewed changes
dependencies.gradle Outdated
revGuava = '33.2.1-jre'
revHamcrestAllMatchers = '1.8'
revHealth = '1.1.4'
revPostgres = '42.7.2'
revProtoBuf = '3.21.12'
revProtoBuf = '3.25.3'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could you try 3.25.5? I know upgrading anything related to protobuf and grpc can be quite a PITA due to what they pull vs what other libraries relying on them pull, but if 3.25.5 works, we should use that - it is vulnerability-free at the moment

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's see 😄

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it seems fine to me 👍

@gr4cza
Updated Spring Boot to version 3.3.5
6250e36 
- removed unnecessary restriction from `tomcat-embed-core`
@gr4cza
Fix grpc end-of-stream mid-frame error by updating to grpc and protobuf
b61901a 
- grpc 1.66.0
- protobuf 3.25.5

based on: camunda-community-hub/spring-zeebe#862
@gr4cza gr4cza force-pushed the chore/update-spring-boot-3_3_5 branch from 283f7a0 to b61901a Compare November 10, 2024 20:40
@gr4cza gr4cza requested a review from c4lm November 10, 2024 21:11
@c4lm c4lm merged commit 46612a7 into conductor-oss:main Nov 11, 2024
2 checks passed
@gr4cza gr4cza deleted the chore/update-spring-boot-3_3_5 branch November 12, 2024 13:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@c4lm c4lm c4lm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gr4cza @c4lm