-
Notifications
You must be signed in to change notification settings - Fork 746
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update io.github.java-diff-utils:java-diff-utils to 4.4 or higher #4081
Comments
Stephan202
added a commit
to PicnicSupermarket/error-prone
that referenced
this issue
Sep 13, 2023
This drops the indirect dependency on `org.eclipse.jgit`, guaranteeing that CVE-2023-4759 is mitigated. Resolves google#4081. See: - https://nvd.nist.gov/vuln/detail/CVE-2023-4759 - https://github.com/java-diff-utils/java-diff-utils/releases/tag/java-diff-utils-parent-4.12 - java-diff-utils/java-diff-utils@java-diff-utils-4.0...java-diff-utils-parent-4.12
It looks like this upgrade is runtime compatible, so yes you can upgrade. Source compatibility requires only minor changes; I filed #4085. |
copybara-service bot
pushed a commit
that referenced
this issue
Sep 13, 2023
This drops the indirect dependency on `org.eclipse.jgit`, guaranteeing that CVE-2023-4759 is mitigated. Resolves #4081. See: - https://nvd.nist.gov/vuln/detail/CVE-2023-4759 - https://github.com/java-diff-utils/java-diff-utils/releases/tag/java-diff-utils-parent-4.12 - java-diff-utils/java-diff-utils@java-diff-utils-4.0...java-diff-utils-parent-4.12 Fixes #4085 FUTURE_COPYBARA_INTEGRATE_REVIEW=#4085 from PicnicSupermarket:sschroevers/upgrade-java-diff-utils bf4e906 PiperOrigin-RevId: 565083922
copybara-service bot
pushed a commit
that referenced
this issue
Sep 13, 2023
This drops the indirect dependency on `org.eclipse.jgit`, guaranteeing that CVE-2023-4759 is mitigated. Resolves #4081. See: - https://nvd.nist.gov/vuln/detail/CVE-2023-4759 - https://github.com/java-diff-utils/java-diff-utils/releases/tag/java-diff-utils-parent-4.12 - java-diff-utils/java-diff-utils@java-diff-utils-4.0...java-diff-utils-parent-4.12 Fixes #4085 FUTURE_COPYBARA_INTEGRATE_REVIEW=#4085 from PicnicSupermarket:sschroevers/upgrade-java-diff-utils bf4e906 PiperOrigin-RevId: 565083922
copybara-service bot
pushed a commit
that referenced
this issue
Sep 13, 2023
This drops the indirect dependency on `org.eclipse.jgit`, guaranteeing that CVE-2023-4759 is mitigated. Resolves #4081. See: - https://nvd.nist.gov/vuln/detail/CVE-2023-4759 - https://github.com/java-diff-utils/java-diff-utils/releases/tag/java-diff-utils-parent-4.12 - java-diff-utils/java-diff-utils@java-diff-utils-4.0...java-diff-utils-parent-4.12 Fixes #4085 FUTURE_COPYBARA_INTEGRATE_REVIEW=#4085 from PicnicSupermarket:sschroevers/upgrade-java-diff-utils bf4e906 PiperOrigin-RevId: 565083922
copybara-service bot
pushed a commit
that referenced
this issue
Sep 14, 2023
This drops the indirect dependency on `org.eclipse.jgit`, guaranteeing that CVE-2023-4759 is mitigated. Resolves #4081. See: - https://nvd.nist.gov/vuln/detail/CVE-2023-4759 - https://github.com/java-diff-utils/java-diff-utils/releases/tag/java-diff-utils-parent-4.12 - java-diff-utils/java-diff-utils@java-diff-utils-4.0...java-diff-utils-parent-4.12 Fixes #4085 FUTURE_COPYBARA_INTEGRATE_REVIEW=#4085 from PicnicSupermarket:sschroevers/upgrade-java-diff-utils bf4e906 PiperOrigin-RevId: 565083922
copybara-service bot
pushed a commit
that referenced
this issue
Sep 14, 2023
This drops the indirect dependency on `org.eclipse.jgit`, guaranteeing that CVE-2023-4759 is mitigated. Resolves #4081. See: - https://nvd.nist.gov/vuln/detail/CVE-2023-4759 - https://github.com/java-diff-utils/java-diff-utils/releases/tag/java-diff-utils-parent-4.12 - java-diff-utils/java-diff-utils@java-diff-utils-4.0...java-diff-utils-parent-4.12 Fixes #4085 FUTURE_COPYBARA_INTEGRATE_REVIEW=#4085 from PicnicSupermarket:sschroevers/upgrade-java-diff-utils bf4e906 PiperOrigin-RevId: 565372382
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
The CVE-2023-4759 is reported against org.eclipse.jgit:org.eclipse.jgit, which is a transitive dependency from io.github.java-diff-utils:java-diff-utils:4.0 present error_prone_check_api.
I want to update io.github.java-diff-utils:java-diff-utils from 4.0 to 4.4 where org.eclipse.jgit:org.eclipse.jgit is not present.
Will there be any breaking changes in error_prone_check_api if I update?
Please let me know.
Kind regards,
Manjunath
The text was updated successfully, but these errors were encountered: