Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump springcloud springboot version to solve cve problems #4712

Merged
merged 1 commit into from
Feb 13, 2023

Conversation

shoothzj
Copy link
Member

@shoothzj shoothzj commented Jan 28, 2023

What's the purpose of this PR

Bump springcloud springboot version to solve cve problems

Brief changelog

  • Bump springcloud version from 2021.0.2 to 2021.0.5
  • Bump springboot version from 2.6.8 to 2.7.8

Follow this checklist to help us incorporate your contribution quickly and easily:

  • Read the Contributing Guide before making this pull request.
  • Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
  • Write necessary unit tests to verify the code.
  • Run mvn clean test to make sure this pull request doesn't break anything.
  • Update the CHANGES log.

@codecov
Copy link

codecov bot commented Jan 28, 2023

Codecov Report

Merging #4712 (5effd3e) into master (d9726af) will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master    #4712   +/-   ##
=========================================
  Coverage     47.21%   47.21%           
  Complexity     1660     1660           
=========================================
  Files           349      349           
  Lines         10691    10691           
  Branches       1062     1062           
=========================================
  Hits           5048     5048           
  Misses         5335     5335           
  Partials        308      308           

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@shoothzj shoothzj requested a review from nobodyiam January 28, 2023 08:16
@shoothzj
Copy link
Member Author

@nobodyiam PTAL when you have time, thanks :)

@nobodyiam
Copy link
Member

The 2.1.0 version has been tested and is ready to be released after apollo-java 2.1.0 is released.
It seems a lot of changes were introduced in Spring Boot 2.7, how about we upgrade spring boot and spring cloud version in the next apollo release?

@shoothzj
Copy link
Member Author

@nobodyiam +1, let's keep this PR open

@shoothzj
Copy link
Member Author

@nobodyiam PTAL again, thanks

@nobodyiam
Copy link
Member

As the default spring security version is upgraded to 5.7.6, I think the spring-security version could be removed.

apollo/pom.xml

Line 69 in a0c09b5

<spring-security.version>5.7.3</spring-security.version>

apollo/pom.xml

Lines 204 to 211 in a0c09b5

<!-- Spring-security BOMs -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-bom</artifactId>
<version>${spring-security.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>

@shoothzj
Copy link
Member Author

@nobodyiam PTAL again, thanks

Copy link
Member

@nobodyiam nobodyiam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@nobodyiam nobodyiam merged commit bf275f6 into apolloconfig:master Feb 13, 2023
@github-actions github-actions bot locked and limited conversation to collaborators Feb 13, 2023
@shoothzj shoothzj deleted the update-dep branch February 13, 2023 14:36
@nobodyiam nobodyiam added this to the 2.2.0 milestone Aug 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants