Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump Gson from 2.8.6 to 2.9.0 #23703

Merged
merged 2 commits into from
Feb 15, 2022
Merged

Bump Gson from 2.8.6 to 2.9.0 #23703

merged 2 commits into from
Feb 15, 2022

Conversation

knutwannheden
Copy link
Contributor

Upgrade due to CVE WS-2021-0419 (see also protocolbuffers/protobuf#9457 and google/gson#1991).

@knutwannheden
Bump Gson from 2.8.6 to 2.9.0
109b92e 
Upgrade due to CVE WS-2021-0419 (see also protocolbuffers/protobuf#9457 and google/gson#1991).
@quarkus-bot quarkus-bot bot added the area/dependencies Pull requests that update a dependency file label Feb 15, 2022
@famod
Copy link
Member

famod commented Feb 15, 2022

@loicmathieu WDYT about adding gson to dependabot?

@loicmathieu
Copy link
Contributor

@famod this should be safe to upgrade it as soon as new releases occurs except for major releases as it needs to be compatible with the version used in the Google Cloud Function framework.
I'm OK to add it to dependabot.

@quarkus-bot
Copy link

quarkus-bot bot commented Feb 15, 2022
edited
Loading

This workflow status is outdated as a new workflow run has been triggered.

Failing Jobs - Building 109b92e

Status Name Step Failures Logs Raw logs
Gradle Tests - JDK 11 Windows Build Failures Logs Raw logs

Full information is available in the Build summary check run.

Failures

⚙️ Gradle Tests - JDK 11 Windows #

- Failing: integration-tests/gradle

📦 integration-tests/gradle

io.quarkus.gradle.devmode.MultiSourceProjectDevModeTest.main line 22 - More details - Source on GitHub

org.awaitility.core.ConditionTimeoutException: Condition with lambda expression in io.quarkus.test.devmode.util.DevModeTestUtils that uses java.util.function.Supplier, java.util.function.Supplierjava.util.concurrent.atomic.AtomicReference, java.util.concurrent.atomic.AtomicReferencejava.lang.String, java.lang.Stringboolean was not fulfilled within 1 minutes.
	at org.awaitility.core.ConditionAwaiter.await(ConditionAwaiter.java:164)
	at org.awaitility.core.CallableCondition.await(CallableCondition.java:78)

@quarkus-bot quarkus-bot bot added the area/infra-automation anything related to CI, bots, etc. that are used to automated our infrastructure label Feb 15, 2022
famod
famod approved these changes Feb 15, 2022
View reviewed changes
Copy link
Member

@famod famod left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added gson to dependabot.

@famod famod added the triage/waiting-for-ci Ready to merge when CI successfully finishes label Feb 15, 2022
@famod
Copy link
Member

famod commented Feb 15, 2022

No need to wait for CI, that one previous test failure is a known flake.

@famod famod merged commit 633d679 into quarkusio:main Feb 15, 2022
@quarkus-bot quarkus-bot bot added this to the 2.8 - main milestone Feb 15, 2022
@quarkus-bot quarkus-bot bot removed the triage/waiting-for-ci Ready to merge when CI successfully finishes label Feb 15, 2022
@famod
Copy link
Member

famod commented Feb 15, 2022

Thanks @knutwannheden!

@gsmet gsmet modified the milestones: 2.8 - main, 2.7.2.Final Feb 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@famod famod famod approved these changes

Assignees
No one assigned
Labels
area/dependencies Pull requests that update a dependency file area/infra-automation anything related to CI, bots, etc. that are used to automated our infrastructure
Projects
None yet
Milestone
2.7.2.Final
Development

Successfully merging this pull request may close these issues.
5 participants
@knutwannheden @famod @loicmathieu @sberyozkin @gsmet