Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: update graphhopper to v4.9.5 #1918

Merged
merged 2 commits into from
Nov 29, 2024

Conversation

jhaeu
Copy link
Contributor

@jhaeu jhaeu commented Nov 29, 2024

with fix for CVE-2024-7254

Pull Request Checklist

  • 1. I have rebased the latest version of the main branch into my feature branch and all conflicts
    have been resolved.
  • 2. I have added information about the change/addition to functionality to the CHANGELOG.md file under the
    [Unreleased] heading.
  • 3. I have documented my code using JDocs tags.
  • 4. I have removed unnecessary commented out code, imports and System.out.println statements.
  • 5. I have written JUnit tests for any new methods/classes and ensured that they pass.
  • 6. I have created API tests for any new functionality exposed to the API.
  • 7. If changes/additions are made to the ors-config.json file, I have added these to the ors config documentation
    along with a short description of what it is for, and documented this in the Pull Request (below).
  • 8. I have built graphs with my code of the Heidelberg.osm.gz file and run the api-tests with all test passing
  • 9. I have referenced the Issue Number in the Pull Request (if the changes were from an issue).
  • 10. For new features or changes involving building of graphs, I have tested on a larger dataset
    (at least Germany), and the graphs build without problems (i.e. no out-of-memory errors).
  • 11. For new features or changes involving the graphbuilding process (i.e. changing encoders, updating the
    importer etc.), I have generated longer distance routes for the affected profiles with different options
    (avoid features, max weight etc.) and compared these with the routes of the same parameters and start/end
    points generated from the current live ORS.
    If there are differences then the reasoning for these MUST be documented in the pull request.
  • 12. I have written in the Pull Request information about the changes made including their intended usage
    and why the change was needed.
  • 13. For changes touching the API documentation, I have tested that the API playground renders correctly.

Fixes # .

Information about the changes

The existing graphhopper version has vulnerability CVE-2024-7254

Examples and reasons for differences between live ORS routes, and those generated from this pull request

Required changes to ors config (if applicable)

@jhaeu jhaeu requested a review from aoles November 29, 2024 11:02
@jhaeu jhaeu enabled auto-merge November 29, 2024 11:04
@jhaeu jhaeu disabled auto-merge November 29, 2024 11:07
@jhaeu jhaeu marked this pull request as draft November 29, 2024 11:07
@MichaelsJP MichaelsJP requested review from aoles and MichaelsJP and removed request for aoles November 29, 2024 11:09
@jhaeu jhaeu marked this pull request as ready for review November 29, 2024 11:13
@jhaeu jhaeu enabled auto-merge November 29, 2024 11:13
Copy link
Member

@MichaelsJP MichaelsJP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@MichaelsJP MichaelsJP force-pushed the chore/update-graphhopper-with-protobuf-vuln-fix branch from c47ebd8 to db990bb Compare November 29, 2024 11:27
@MichaelsJP MichaelsJP removed the request for review from aoles November 29, 2024 11:28
Copy link
Member

@aoles aoles left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, cheers! 🚀

@jhaeu jhaeu merged commit c3b9d47 into main Nov 29, 2024
31 checks passed
@jhaeu jhaeu deleted the chore/update-graphhopper-with-protobuf-vuln-fix branch November 29, 2024 11:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants