Skip to content

[1.13] up versions to be secure and fix issues due to deprecation #1187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Jan 6, 2025
Merged

[1.13] up versions to be secure and fix issues due to deprecation #1187

merged 11 commits into from
Jan 6, 2025

Conversation

@cicoyle
Copy link
Contributor

@cicoyle cicoyle commented Jan 3, 2025

Updates the dapr-sdk-autogen & dapr-sdk-actors pkgs to explicitly include secure versions of the following dependencies:

  • protobuf-java
  • okio
  • kotlin-stdlib

These dependencies were transitive, but were not properly included with secure versions, so I explicitly set them.

I also had to address the deprecation of GeneratedMessageV3 in the newer version of protobuf-java

@cicoyle
up versions to be secure and fix issues due to deprecation
6e7107e 
Signed-off-by: Cassandra Coyle <cassie@diagrid.io>
@cicoyle cicoyle requested review from a team as code owners January 3, 2025 21:52
cicoyle added 4 commits January 3, 2025 16:20
@cicoyle
see if this fixes it
7df4078 
Signed-off-by: Cassandra Coyle <cassie@diagrid.io>
@cicoyle
check if protoc is in ci
a81236b 
Signed-off-by: Cassandra Coyle <cassie@diagrid.io>
@cicoyle
see if changes from this PR (dapr#1182) fix it
a0152bb 
Signed-off-by: Cassandra Coyle <cassie@diagrid.io>
@cicoyle
3.25.5 version protobuf-java
886c916 
Signed-off-by: Cassandra Coyle <cassie@diagrid.io>
@cicoyle cicoyle marked this pull request as draft January 3, 2025 22:56
cicoyle added 6 commits January 3, 2025 17:33
@cicoyle
rm explicit versions and fix deprecation dependency to new one
6dd3de1 
Signed-off-by: Cassandra Coyle <cassie@diagrid.io>
@cicoyle
Merge branch 'release-1.13' into 1.13-fix-more-vulnerabilities
5a272be
@cicoyle
merge in release branch and lower protoc versions to match
645c734 
Signed-off-by: Cassandra Coyle <cassie@diagrid.io>
@cicoyle
force upped version
d4994ae 
Signed-off-by: Cassandra Coyle <cassie@diagrid.io>
@cicoyle
use protobuf.version 3.25.5 (secure)
003994d 
Signed-off-by: Cassandra Coyle <cassie@diagrid.io>
@cicoyle
use correct protobuf for sdk tests
f05ee83 
Signed-off-by: Cassandra Coyle <cassie@diagrid.io>
@cicoyle cicoyle marked this pull request as ready for review January 6, 2025 18:47
@artursouza artursouza merged commit 88ec8c9 into dapr:release-1.13 Jan 6, 2025
8 checks passed
cicoyle added a commit to cicoyle/java-sdk that referenced this pull request Jan 6, 2025
@cicoyle
[1.13] up versions to be secure and fix issues due to deprecation (da…
57ac88e 
…pr#1187)

* up versions to be secure and fix issues due to deprecation

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* see if this fixes it

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* check if protoc is in ci

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* see if changes from this PR (dapr#1182) fix it

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* 3.25.5 version protobuf-java

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* rm explicit versions and fix deprecation dependency to new one

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* merge in release branch and lower protoc versions to match

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* force upped version

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* use protobuf.version 3.25.5 (secure)

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

* use correct protobuf for sdk tests

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>

---------

Signed-off-by: Cassandra Coyle <cassie@diagrid.io>
@cicoyle cicoyle mentioned this pull request Jan 6, 2025
Merged
artursouza pushed a commit that referenced this pull request Jan 8, 2025
@cicoyle
[1.13] up versions to be secure and fix issues due to deprecation (#1187
9cd6db2 
) (#1188)
@artur-ciocanu artur-ciocanu mentioned this pull request Jan 25, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@artursouza artursouza artursouza approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cicoyle @artursouza