Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor(all): update Gson dependency in main pom #1557

Merged
merged 1 commit into from
Jun 3, 2022
Merged

refactor(all): update Gson dependency in main pom #1557

merged 1 commit into from
Jun 3, 2022

Conversation

brycewang-microsoft
Copy link
Collaborator

Not exactly for Gson-related dependabot alerts here, as we are using patched version 2.8.9 already. The security alerts were triggered as dependabot could not determine the currently installed version.

@brycewang-microsoft
Copy link
Collaborator Author

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 4 pipeline(s).

abhipsaMisra
abhipsaMisra approved these changes Jun 2, 2022
View reviewed changes
Copy link
Member

@abhipsaMisra abhipsaMisra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The security alerts were triggered as dependabot could not determine the currently installed version.

Do we know how we can get dependabot to pick up the correct version?

@brycewang-microsoft
Copy link
Collaborator Author

The security alerts were triggered as dependabot could not determine the currently installed version.

Do we know how we can get dependabot to pick up the correct version?

Good question! I haven't got an answer for this but my guess is that dependabot cannot find the version of dependency (in children pom) which is inherited from the parent pom. I will reach out to dependabot-core for some insights on this.

@brycewang-microsoft brycewang-microsoft merged commit 2e2baf0 into main Jun 3, 2022
@brycewang-microsoft brycewang-microsoft deleted the gson_patch branch June 3, 2022 17:09
brycewang-microsoft added a commit to brycewang-microsoft/azure-iot-sdk-java that referenced this pull request Jun 3, 2022
@brycewang-microsoft
Revert "refactor(all): update Gson dependency in main pom (Azure#1557)"
4972f07 
This reverts commit 2e2baf0.
brycewang-microsoft added a commit to brycewang-microsoft/azure-iot-sdk-java that referenced this pull request Jun 3, 2022
@brycewang-microsoft
Revert "refactor(all): update Gson dependency in main pom (Azure#1557)"
17964ab 
This reverts commit 2e2baf0.
@brycewang-microsoft brycewang-microsoft mentioned this pull request Jul 7, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abhipsaMisra abhipsaMisra abhipsaMisra approved these changes

@drwill-ms drwill-ms drwill-ms approved these changes

@timtay-microsoft timtay-microsoft Awaiting requested review from timtay-microsoft timtay-microsoft is a code owner

@azabbasi azabbasi Awaiting requested review from azabbasi

@andyk-ms andyk-ms Awaiting requested review from andyk-ms andyk-ms is a code owner

@tmahmood-microsoft tmahmood-microsoft Awaiting requested review from tmahmood-microsoft tmahmood-microsoft is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@brycewang-microsoft @drwill-ms @abhipsaMisra