Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scala 2.13.10 (was 2.13.8) #16074

Merged
merged 1 commit into from
Oct 18, 2022
Merged

Scala 2.13.10 (was 2.13.8) #16074

merged 1 commit into from
Oct 18, 2022

Conversation

SethTisue
Copy link
Member

No description provided.

@SethTisue SethTisue marked this pull request as draft September 19, 2022 21:02
@SethTisue SethTisue force-pushed the scala-2.13.9 branch 2 times, most recently from b5ba9f0 to 4892433 Compare October 13, 2022 12:43
@SethTisue SethTisue changed the title Scala 2.13.9 (was 2.13.8) Scala 2.13.10 (was 2.13.8) Oct 13, 2022
@SethTisue SethTisue mentioned this pull request Oct 17, 2022
Merged
@SethTisue SethTisue force-pushed the scala-2.13.9 branch 2 times, most recently from 6bf3697 to 9143bee Compare October 17, 2022 08:52
@SethTisue SethTisue mentioned this pull request Oct 17, 2022
Closed
@SethTisue
Copy link
Member Author

SethTisue commented Oct 17, 2022
edited
Loading

community build: JsonMemoryFootprintSpec, in play-json, needs an update

I've submitted playframework/play-json#813 and hopefully the play-json folks will confirm that there's not some regression

@SethTisue SethTisue added the backport:nominated If we agree to backport this PR, replace this tag with "backport:accepted", otherwise delete it. label Oct 17, 2022
@SethTisue
Copy link
Member Author

The play-json folks say it's good/expected. I've pushed the fix to dotty-staging.

@SethTisue SethTisue marked this pull request as ready for review October 17, 2022 15:06
@SethTisue
Copy link
Member Author

This is ready for review. I suggest this be included in a Scala 3.2.x release, so that people who are crossbuilding on 2 and 3 can be on the same standard library version.

@SethTisue
Copy link
Member Author

SethTisue commented Oct 17, 2022
edited
Loading

One reason to fast-track this, that I should have mentioned earlier, is the LazyList deserialization CVE on 2.13.8 (and all earlier 2.13.0 versions). In practice, I doubt many users are truly affected by it. But in practice, many shops don't really analyze the contents of CVEs — any CVE is considered a big red flag, and the affected version is considered guilty unless proven innocent.

@Kordyjan Kordyjan merged commit 3636ee6 into scala:main Oct 18, 2022
@Kordyjan Kordyjan added backport:accepted This PR needs to be backported, once it's been backported replace this tag by "backport:done" and removed backport:nominated If we agree to backport this PR, replace this tag with "backport:accepted", otherwise delete it. labels Oct 18, 2022
@Kordyjan Kordyjan mentioned this pull request Oct 18, 2022
Merged
Kordyjan added a commit that referenced this pull request Oct 18, 2022
@Kordyjan
Backport "Scala 2.13.10 (was 2.13.8)" (#16203)
f99262d 
Backports #16074
@SethTisue SethTisue deleted the scala-2.13.9 branch October 18, 2022 12:04
@Kordyjan Kordyjan added backport:done This PR was successfully backported. and removed backport:accepted This PR needs to be backported, once it's been backported replace this tag by "backport:done" labels Oct 18, 2022
@SethTisue SethTisue mentioned this pull request Oct 26, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Kordyjan Kordyjan Kordyjan approved these changes

@anatoliykmetyuk anatoliykmetyuk Awaiting requested review from anatoliykmetyuk

Assignees
No one assigned
Labels
backport:done This PR was successfully backported.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@SethTisue @Kordyjan