Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump springboot from 2.7.9 to 2.7.11 #4828

Merged
merged 1 commit into from
Apr 24, 2023
Merged

Bump springboot from 2.7.9 to 2.7.11 #4828

merged 1 commit into from
Apr 24, 2023

Conversation

shoothzj
Copy link
Member

@shoothzj shoothzj commented Apr 1, 2023
edited
Loading

Brief changelog

Bump springboot from 2.7.9 to 2.7.11.

Follow this checklist to help us incorporate your contribution quickly and easily:

  • Read the Contributing Guide before making this pull request.
  • Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
  • Write necessary unit tests to verify the code.
  • Run mvn clean test to make sure this pull request doesn't break anything.
  • Update the CHANGES log.

@codecov
Copy link

codecov bot commented Apr 1, 2023
edited
Loading

Codecov Report

Merging #4828 (c5a00e5) into master (8a7a149) will decrease coverage by 0.13%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##             master    #4828      +/-   ##
============================================
- Coverage     48.48%   48.36%   -0.13%     
+ Complexity     1726     1722       -4     
============================================
  Files           346      346              
  Lines         10827    10827              
  Branches       1078     1078              
============================================
- Hits           5250     5237      -13     
- Misses         5255     5268      +13     
  Partials        322      322

see 2 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@nobodyiam
Copy link
Member

It looks like the snakeyml version referenced in 2.7.10 is still 1.30.

image

@shoothzj
Copy link
Member Author

shoothzj commented Apr 2, 2023

@nobodyiam My apologizes, I will wait for next springboot release.

@nobodyiam
Copy link
Member

review again

@nobodyiam Flows.network Integration
Copy link
Member

Hello, I am a serverless review bot on flows.network. Here are my reviews of code commits in this PR.

Commit 1

The patch is about upgrading the version of Spring Boot from 2.7.9 to 2.7.10. There are no potential problems identified in this patch, and it appears to be a straightforward update.

Anilople
Anilople reviewed Apr 21, 2023
View reviewed changes
pom.xml Outdated Show resolved Hide resolved
@shoothzj shoothzj changed the title Bump springboot from 2.7.9 to 2.7.10 Bump springboot from 2.7.9 to 2.7.11 Apr 24, 2023
@shoothzj
Copy link
Member Author

@nobodyiam @Anilople Although this springboot version doesn't bump snakeyaml's version. But I think it's also worth to update it because it also solve other cves. Like CVE-2023-20863 etc.

nobodyiam
nobodyiam approved these changes Apr 24, 2023
View reviewed changes
Copy link
Member

@nobodyiam nobodyiam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@nobodyiam nobodyiam merged commit a4df1a3 into apolloconfig:master Apr 24, 2023
@github-actions github-actions bot locked and limited conversation to collaborators Apr 24, 2023
@shoothzj shoothzj deleted the spring-boot-update branch April 24, 2023 03:02
@nobodyiam nobodyiam added this to the 2.2.0 milestone Aug 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Anilople Anilople Anilople left review comments

@nobodyiam nobodyiam nobodyiam approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.2.0
Development

Successfully merging this pull request may close these issues.
3 participants
@shoothzj @nobodyiam @Anilople