Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(pom,cve): Upgrade geotools to the latest version #1422

Merged
merged 2 commits into from
Apr 28, 2023

Conversation

MichaelsJP
Copy link
Member

@MichaelsJP MichaelsJP commented Apr 28, 2023

The current version 28.2 has a High CVE. This fixes it. Unfortunately, it's only available from geotools own maven repository https://maven.geo-solutions.it.### Pull Request Checklist

  • 1. I have rebased the latest version of the master branch into my feature branch and all conflicts
    have been resolved.
  • 2. I have added information about the change/addition to functionality to the CHANGELOG.md file under the
    [Unreleased] heading.
  • 3. I have documented my code using JDocs tags.
  • 4. I have removed unnecessary commented out code, imports and System.out.println statements.
  • 5. I have written JUnit tests for any new methods/classes and ensured that they pass.
  • 6. I have created API tests for any new functionality exposed to the API.
  • 7. If changes/additions are made to the ors-config.json file, I have added these to the ors config documentation
    along with a short description of what it is for, and documented this in the Pull Request (below).
  • 8. I have built graphs with my code of the Heidelberg.osm.gz file and run the api-tests with all test passing
  • 9. I have referenced the Issue Number in the Pull Request (if the changes were from an issue).
  • 10. For new features or changes involving building of graphs, I have tested on a larger dataset
    (at least Germany), and the graphs build without problems (i.e. no out-of-memory errors).
  • 11. For new features or changes involving the graphbuilding process (i.e. changing encoders, updating the
    importer etc.), I have generated longer distance routes for the affected profiles with different options
    (avoid features, max weight etc.) and compared these with the routes of the same parameters and start/end
    points generated from the current live ORS.
    If there are differences then the reasoning for these MUST be documented in the pull request.
  • 12. I have written in the Pull Request information about the changes made including their intended usage
    and why the change was needed.
  • 13. For changes touching the API documentation, I have tested that the API playground renders correctly.

Fixes #1421 .

Information about the changes

  • Key functionality added:
  • Reason for change:

Examples and reasons for differences between live ORS routes, and those generated from this pull request

Required changes to ors config (if applicable)

@MichaelsJP MichaelsJP linked an issue Apr 28, 2023 that may be closed by this pull request
@MichaelsJP MichaelsJP force-pushed the fix/1421-fix-orggeotoolsgt-main-cve branch from b4094fd to 0982643 Compare April 28, 2023 13:00
@MichaelsJP MichaelsJP marked this pull request as ready for review April 28, 2023 13:15
@MichaelsJP MichaelsJP enabled auto-merge April 28, 2023 13:16
@MichaelsJP MichaelsJP requested a review from aoles April 28, 2023 13:59
@MichaelsJP MichaelsJP self-assigned this Apr 28, 2023
@MichaelsJP MichaelsJP requested a review from takb April 28, 2023 14:03
Copy link
Member

@aoles aoles left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good up to a minor issue with the CHANGELOG entries, see the inline comment. Cheers!

CHANGELOG.md Outdated Show resolved Hide resolved
@MichaelsJP MichaelsJP force-pushed the fix/1421-fix-orggeotoolsgt-main-cve branch from 0982643 to ab36cdb Compare April 28, 2023 17:01
The current version 28.2 has a High CVE. This fixes it.
@MichaelsJP MichaelsJP force-pushed the fix/1421-fix-orggeotoolsgt-main-cve branch from ab36cdb to 03db603 Compare April 28, 2023 17:01
@MichaelsJP MichaelsJP requested a review from aoles April 28, 2023 17:01
@MichaelsJP
Copy link
Member Author

Looks good up to a minor issue with the CHANGELOG entries, see the inline comment. Cheers!

Fixed

…8.2 to 29.0

Also adjust the wrong pull request reference for the snakeyaml fix
@MichaelsJP MichaelsJP force-pushed the fix/1421-fix-orggeotoolsgt-main-cve branch from 03db603 to ee40f3c Compare April 28, 2023 17:42
@MichaelsJP MichaelsJP merged commit d959957 into master Apr 28, 2023
@MichaelsJP MichaelsJP deleted the fix/1421-fix-orggeotoolsgt-main-cve branch April 28, 2023 18:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Fix org.geotools:gt-main CVE
2 participants