Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade google guava 32.0.1 to resolve CVE CVE-2023-2976 #1094

Merged
merged 1 commit into from
Aug 17, 2023
Merged

upgrade google guava 32.0.1 to resolve CVE CVE-2023-2976 #1094

merged 1 commit into from
Aug 17, 2023

Conversation

eirsep
Copy link
Member

@eirsep eirsep commented Aug 16, 2023

Exclude <v32 version of google guava in google java format and add google guava 32.0.1 to resolve CVE CVE-2023-2976

@eirsep
exclude <v32 versoin of google guava in google java and add google gu…
11c9a8a 
…ava 32.0.1 to resolve CVE CVE-2023-2976

Signed-off-by: Surya Sashank Nistala <[email protected]>
@codecov
Copy link

codecov bot commented Aug 16, 2023
edited
Loading

Codecov Report

Merging #1094 (11c9a8a) into main (6e7a16b) will decrease coverage by 0.02%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##               main    #1094      +/-   ##
============================================
- Coverage     67.77%   67.75%   -0.02%     
  Complexity      105      105              
============================================
  Files           160      160              
  Lines         10343    10343              
  Branches       1522     1522              
============================================
- Hits           7010     7008       -2     
- Misses         2670     2671       +1     
- Partials        663      664       +1

see 1 file with indirect coverage changes

@lezzago lezzago self-requested a review August 16, 2023 23:43
@eirsep eirsep merged commit 778e7ce into opensearch-project:main Aug 17, 2023
opensearch-trigger-bot bot pushed a commit that referenced this pull request Aug 17, 2023
@github-actions
exclude <v32 version of google guava dependency from google java form…
f1a1206 
…at and add google guava 32.0.1 to resolve CVE CVE-2023-2976 (#1094)

Signed-off-by: Surya Sashank Nistala <[email protected]>
(cherry picked from commit 778e7ce)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Aug 17, 2023
Merged
lezzago pushed a commit that referenced this pull request Aug 23, 2023
@opensearch-trigger-bot @github-actions
exclude <v32 version of google guava dependency from google java form…
b6d4cd1 
…at and add google guava 32.0.1 to resolve CVE CVE-2023-2976 (#1094) (#1095)

(cherry picked from commit 778e7ce)

Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AWSHurneyt AWSHurneyt AWSHurneyt approved these changes

@lezzago lezzago lezzago approved these changes

@sbcd90 sbcd90 Awaiting requested review from sbcd90 sbcd90 is a code owner

@getsaurabh02 getsaurabh02 Awaiting requested review from getsaurabh02 getsaurabh02 is a code owner

@praveensameneni praveensameneni Awaiting requested review from praveensameneni praveensameneni is a code owner

@qreshi qreshi Awaiting requested review from qreshi

@bowenlan-amzn bowenlan-amzn Awaiting requested review from bowenlan-amzn bowenlan-amzn is a code owner

@rishabhmaurya rishabhmaurya Awaiting requested review from rishabhmaurya rishabhmaurya is a code owner

Assignees
No one assigned
Labels
backport 2.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@eirsep @lezzago @AWSHurneyt