Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade gson to 2.8.9 #354

Merged
merged 1 commit into from
Jan 11, 2022
Merged

upgrade gson to 2.8.9 #354

merged 1 commit into from
Jan 11, 2022

Conversation

ylwu-amzn
Copy link
Collaborator

Signed-off-by: Yaliang Wu [email protected]

Description

Upgrade Gson to 2.8.9

Check List

  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@ylwu-amzn
upgrade gson to 2.8.9
1448c94 
Signed-off-by: Yaliang Wu <[email protected]>
@ylwu-amzn ylwu-amzn requested review from a team, amitgalitz and ohltyler January 11, 2022 19:43
amitgalitz
amitgalitz approved these changes Jan 11, 2022
View reviewed changes
Copy link
Member

@amitgalitz amitgalitz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM if CI passes, thanks for making this change. Read over https://github.com/google/gson/blob/master/CHANGELOG.md and no breaking change seems to be introduced. Are we backporting this to 1.2 then?

@ylwu-amzn
Copy link
Collaborator Author

LGTM if CI passes, thanks for making this change. Read over https://github.com/google/gson/blob/master/CHANGELOG.md and no breaking change seems to be introduced. Are we backporting this to 1.2 then?

We can backport to all old versions. The vulnerability is from writeReplace method which not used in AD. So should be ok if we don't backfill.
We met some issue before as AD and other components used different versions of Gson. We should test on every version before backporting.

@codecov-commenter
Copy link

Codecov Report

Merging #354 (1448c94) into main (c8e8d5a) will decrease coverage by 0.09%.
The diff coverage is n/a.

Impacted file tree graph

@@             Coverage Diff              @@
##               main     #354      +/-   ##
============================================
- Coverage     79.39%   79.30%   -0.10%     
+ Complexity     4103     4095       -8     
============================================
  Files           295      295              
  Lines         17207    17207              
  Branches       1826     1826              
============================================
- Hits          13662    13646      -16     
- Misses         2648     2658      +10     
- Partials        897      903       +6
Flag Coverage Δ
plugin 79.30% <ø> (-0.10%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...opensearch/ad/transport/AnomalyResultResponse.java 71.96% <0.00%> (-12.13%) ⬇️
...g/opensearch/ad/model/DetectorValidationIssue.java 64.91% <0.00%> (-3.51%) ⬇️
.../main/java/org/opensearch/ad/cluster/HashRing.java 79.35% <0.00%> (-2.03%) ⬇️
...ain/java/org/opensearch/ad/task/ADTaskManager.java 75.39% <0.00%> (-1.29%) ⬇️
...opensearch/ad/indices/AnomalyDetectionIndices.java 72.09% <0.00%> (-0.19%) ⬇️
...ava/org/opensearch/ad/task/ADHCBatchTaskCache.java 91.35% <0.00%> (+2.46%) ⬆️
...java/org/opensearch/ad/task/ADBatchTaskRunner.java 85.71% <0.00%> (+3.49%) ⬆️

@ylwu-amzn ylwu-amzn merged commit af2763c into opensearch-project:main Jan 11, 2022
ylwu-amzn added a commit to ylwu-amzn/anomaly-detection-2 that referenced this pull request Jan 11, 2022
@ylwu-amzn
upgrade gson to 2.8.9 (opensearch-project#354)
7025fef 
Signed-off-by: Yaliang Wu <[email protected]>
ylwu-amzn added a commit to ylwu-amzn/anomaly-detection-2 that referenced this pull request Jan 11, 2022
@ylwu-amzn
upgrade gson to 2.8.9 (opensearch-project#354)
9d5be4b 
Signed-off-by: Yaliang Wu <[email protected]>
ylwu-amzn added a commit to ylwu-amzn/anomaly-detection-2 that referenced this pull request Jan 11, 2022
@ylwu-amzn
upgrade gson to 2.8.9 (opensearch-project#354)
2a566ce 
Signed-off-by: Yaliang Wu <[email protected]>
ylwu-amzn added a commit to ylwu-amzn/anomaly-detection-2 that referenced this pull request Jan 11, 2022
@ylwu-amzn
upgrade gson to 2.8.9 (opensearch-project#354)
2b9a0d0 
Signed-off-by: Yaliang Wu <[email protected]>
@ylwu-amzn ylwu-amzn mentioned this pull request Jan 11, 2022
Merged
1 task
ylwu-amzn added a commit that referenced this pull request Jan 11, 2022
@ylwu-amzn
upgrade gson to 2.8.9 (#354)
b6b6960 
Signed-off-by: Yaliang Wu <[email protected]>
ylwu-amzn added a commit that referenced this pull request Jan 12, 2022
@ylwu-amzn
upgrade gson to 2.8.9 (#354)
d1d8e60 
Signed-off-by: Yaliang Wu <[email protected]>
@amitgalitz amitgalitz added the enhancement New feature or request label Jan 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amitgalitz amitgalitz amitgalitz approved these changes

@ohltyler ohltyler ohltyler approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ylwu-amzn @codecov-commenter @ohltyler @amitgalitz