fix(security): security version updates #6602

david-leifker · 2022-12-01T21:22:17Z

Checklist

The PR conforms to DataHub's Contributing Guideline (particularly Commit Message Format)
Links to related issues (if applicable)
Tests for the changes have been added/updated (if applicable)
Docs related to the changes have been added/updated (if applicable). If a new feature has been added a Usage Guide has been added for the same.
For any breaking change/potential downtime/deprecation/big changes an entry has been made in Updating DataHub

david-leifker · 2022-12-01T21:29:16Z

build.gradle

@@ -184,6 +191,7 @@ configure(subprojects.findAll {! it.name.startsWith('spark-lineage') }) {

  configurations.all {
    exclude group: "io.netty", module: "netty"
+    exclude group: "log4j", module: "log4j"


This does seem to do something, what is not covered here is the -core and -api modules, but those are locked at the latest version

github-actions · 2022-12-01T21:54:24Z

Unit Test Results (build & test)

621 tests ±0 617 ✔️ ±0 15m 39s ⏱️ -17s
157 suites ±0     4 💤 ±0
157 files ±0     0 ❌ ±0

Results for commit 66b14c0. ± Comparison against base commit 6fe9ad4.

RyanHolstien

LGTM :) minor comment for consistency

RyanHolstien · 2022-12-01T22:28:46Z

buildSrc/build.gradle

@@ -10,7 +10,7 @@ dependencies {
    exclude group: 'com.google.guava', module: 'guava'
  }
  compile 'com.google.guava:guava:27.0.1-jre'
-  compile 'com.fasterxml.jackson.core:jackson-databind:2.9.10.7'
-  compile 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.8.11'
+  compile 'com.fasterxml.jackson.core:jackson-databind:2.13.4.2'


Variable replacement here too

This can't be done in the buildSrc like normal, unless the version config is refactored out of its current location.

david-leifker and others added 2 commits December 1, 2022 15:21

fix(security): security version updates

25c9571

Merge branch 'master' into security-fixes-12-01

66b14c0

github-actions bot added the product PR or Issue related to the DataHub UI/UX label Dec 1, 2022

david-leifker added platform PR-s that make changes to core parts of the platform and removed product PR or Issue related to the DataHub UI/UX labels Dec 1, 2022

david-leifker commented Dec 1, 2022

View reviewed changes

david-leifker requested review from RyanHolstien and jjoyce0510 December 1, 2022 22:05

RyanHolstien approved these changes Dec 1, 2022

View reviewed changes

david-leifker merged commit 83b21b0 into datahub-project:master Dec 1, 2022

david-leifker mentioned this pull request Dec 1, 2022

fix(security): update common-text and shiro versions #6599

Closed

5 tasks

cccs-Dustin pushed a commit to CybercentreCanada/datahub that referenced this pull request Feb 1, 2023

fix(security): security version updates (datahub-project#6602)

67b5dd1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(security): security version updates #6602

fix(security): security version updates #6602

david-leifker commented Dec 1, 2022

david-leifker Dec 1, 2022

github-actions bot commented Dec 1, 2022

RyanHolstien left a comment

RyanHolstien Dec 1, 2022

david-leifker Dec 1, 2022 •

edited

Loading

fix(security): security version updates #6602

fix(security): security version updates #6602

Conversation

david-leifker commented Dec 1, 2022

Checklist

david-leifker Dec 1, 2022

Choose a reason for hiding this comment

github-actions bot commented Dec 1, 2022

Unit Test Results (build & test)

RyanHolstien left a comment

Choose a reason for hiding this comment

RyanHolstien Dec 1, 2022

Choose a reason for hiding this comment

david-leifker Dec 1, 2022 • edited Loading

Choose a reason for hiding this comment

david-leifker Dec 1, 2022 •

edited

Loading