Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cve): Remove maven-gpg-plugin and maven-shared-utils #1476

Merged
merged 1 commit into from
Jun 15, 2023
Merged

fix(cve): Remove maven-gpg-plugin and maven-shared-utils #1476

merged 1 commit into from
Jun 15, 2023

Conversation

MichaelsJP
Copy link
Member

@MichaelsJP MichaelsJP commented Jun 15, 2023
edited
Loading

Both packages are not used and only include unnecessary vulnerabilities. This was reapplied by the latest patches.

Pull Request Checklist

  • 1. I have rebased the latest version of the master branch into my feature branch and all conflicts
    have been resolved.
  • 2. I have added information about the change/addition to functionality to the CHANGELOG.md file under the
    [Unreleased] heading.
  • 3. I have documented my code using JDocs tags.
  • 4. I have removed unnecessary commented out code, imports and System.out.println statements.
  • 5. I have written JUnit tests for any new methods/classes and ensured that they pass.
  • 6. I have created API tests for any new functionality exposed to the API.
  • 7. If changes/additions are made to the ors-config.json file, I have added these to the ors config documentation
    along with a short description of what it is for, and documented this in the Pull Request (below).
  • 8. I have built graphs with my code of the Heidelberg.osm.gz file and run the api-tests with all test passing
  • 9. I have referenced the Issue Number in the Pull Request (if the changes were from an issue).
  • 10. For new features or changes involving building of graphs, I have tested on a larger dataset
    (at least Germany), and the graphs build without problems (i.e. no out-of-memory errors).
  • 11. For new features or changes involving the graphbuilding process (i.e. changing encoders, updating the
    importer etc.), I have generated longer distance routes for the affected profiles with different options
    (avoid features, max weight etc.) and compared these with the routes of the same parameters and start/end
    points generated from the current live ORS.
    If there are differences then the reasoning for these MUST be documented in the pull request.
  • 12. I have written in the Pull Request information about the changes made including their intended usage
    and why the change was needed.
  • 13. For changes touching the API documentation, I have tested that the API playground renders correctly.

Fixes # .

Information about the changes

  • Key functionality added:
  • Reason for change:

Examples and reasons for differences between live ORS routes, and those generated from this pull request

Required changes to ors config (if applicable)

@MichaelsJP MichaelsJP linked an issue Jun 15, 2023 that may be closed by this pull request
fix: Fix CVE by removing unused maven-shared-utils #1473
Closed
1 task
@MichaelsJP MichaelsJP enabled auto-merge June 15, 2023 15:39
@github-actions github-actions bot added fix and removed fix labels Jun 15, 2023
@github-actions github-actions bot added fix and removed fix labels Jun 15, 2023
@MichaelsJP @TheGreatRefrigerator
fix(cve): Remove maven-gpg-plugin and maven-shared-utils
913bfdc 
Both packages are not used and only include unnecessary vulnerabilities. This was reapplied by the latest patches.
@TheGreatRefrigerator TheGreatRefrigerator force-pushed the 1473-fix-fix-cve-by-removing-unused-maven-shared-utils branch from 8bd8690 to 913bfdc Compare June 15, 2023 16:02
TheGreatRefrigerator
TheGreatRefrigerator approved these changes Jun 15, 2023
View reviewed changes
Copy link
Contributor

@TheGreatRefrigerator TheGreatRefrigerator left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@MichaelsJP MichaelsJP merged commit d175044 into master Jun 15, 2023
@MichaelsJP MichaelsJP deleted the 1473-fix-fix-cve-by-removing-unused-maven-shared-utils branch June 15, 2023 16:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TheGreatRefrigerator TheGreatRefrigerator TheGreatRefrigerator approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

fix: Fix CVE by removing unused maven-shared-utils
2 participants
@MichaelsJP @TheGreatRefrigerator