Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(fido2): remove weld dependency #8871

Merged
merged 5 commits into from
Jul 4, 2024
Merged

fix(fido2): remove weld dependency #8871

merged 5 commits into from
Jul 4, 2024

Conversation

yurem
Copy link
Contributor

@yurem yurem commented Jul 4, 2024
edited
Loading

Closes #8870,

  • I confirm that there is no impact on the docs due to the code changes in this PR.

@yurem
fix(fido2): remove weld dependency
7b71ece 
Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>
@yurem yurem requested review from yuriyz and yuremm July 4, 2024 13:22
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jul 4, 2024
edited
Loading

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Configured Codepaths Analyzer 0 findings
IDOR Analyzer 0 findings
Secrets Analyzer 0 findings
Authn/Authz Analyzer 0 findings
Server-Side Request Forgery Analyzer 0 findings
SQL Injection Analyzer 0 findings
Sensitive Files Analyzer 1 finding

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request primarily involve dependency management updates to the pom.xml file for the jans-fido2/model module. The key changes include the removal of Weld dependencies, the replacement of the jakarta.servlet dependency with jakarta.enterprise.cdi-api, and the addition of a new dependency on io.jans:jans-doc.

While the changes are not directly related to security-critical functionality, they are worth reviewing from an application security perspective. The removal of the Weld dependencies and the upgrade to the latest Jakarta EE specification could have broader architectural implications that should be evaluated. Additionally, the new dependency on io.jans:jans-doc should be investigated to understand its purpose and potential security implications.

Overall, the changes appear to be focused on dependency management and potential architectural changes, rather than directly addressing security-critical functionality. However, it is still important to review the broader context and understand how these changes may impact the application's security posture.

Files Changed:

  • jans-fido2/model/pom.xml: This file has been updated to manage the project's dependencies. The key changes include:
    1. Removal of the Weld dependencies (weld-servlet-core and weld-core-impl) and the jakarta.servlet-api dependency.
    2. Addition of a new dependency on io.jans:jans-doc.
    3. Replacement of the jakarta.servlet dependency with jakarta.enterprise:jakarta.enterprise.cdi-api.

Powered by DryRun Security

@mo-auto
Copy link
Member

mo-auto commented Jul 4, 2024

Error: Hi @yurem, You did not reference an open issue in your PR. I attempted to create an issue for you.
Please update that issues' title and body and make sure I correctly referenced it in the above PRs body.

@mo-auto mo-auto mentioned this pull request Jul 4, 2024
Closed
@mo-auto mo-auto added comp-jans-fido2 Component affected by issue or PR kind-bug Issue or PR is a bug in existing functionality labels Jul 4, 2024
@yuriyz yuriyz enabled auto-merge (squash) July 4, 2024 13:27
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Jul 4, 2024

Quality Gate Passed Quality Gate passed for 'Fido2 API'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

auto-merge was automatically disabled July 4, 2024 15:47

Base branch was modified

@yurem yurem enabled auto-merge (squash) July 4, 2024 15:47
@yurem yurem merged commit 6b4504f into main Jul 4, 2024
6 of 7 checks passed
@yurem yurem deleted the clean_fido2_deps branch July 4, 2024 15:47
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Jul 4, 2024

Quality Gate Passed Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

yuriyz added a commit that referenced this pull request Nov 7, 2024
@yurem @yuriyz @yuremm
fix(fido2): remove weld dependency (#8871)
a54bbe9 
Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>
Co-authored-by: YuriyZ <yzabrovarniy@gmail.com>
Co-authored-by: Yuriy M <95305560+yuremm@users.noreply.github.com>
Former-commit-id: 6b4504f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuremm yuremm yuremm approved these changes

@yuriyz yuriyz yuriyz approved these changes

Assignees
No one assigned
Labels
comp-jans-fido2 Component affected by issue or PR kind-bug Issue or PR is a bug in existing functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

fix(jans-fido2): model should not depends on Weld
4 participants
@yurem @mo-auto @yuriyz @yuremm