Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency updates (not dependabot detected) #5212

Closed
planetf1 opened this issue May 20, 2021 · 4 comments · Fixed by #5691
Closed

Dependency updates (not dependabot detected) #5212

planetf1 opened this issue May 20, 2021 · 4 comments · Fixed by #5691
Assignees
@planetf1 @lpalashevski
Labels
external-dependency Related to an external dependency (ie maven package etc). Bug or update pinned Keep open (do not time out)

Comments

@planetf1
Copy link
Member

planetf1 commented May 20, 2021
edited
Loading

Evaluate Updating versions of

  • libthrift ((0.9.2/0.13.0 -> 0.14.1) [fvts, canonical glossary]
  • elasticsearch-client (7.6.2-> 7.12.1) [janusgraph]
  • jakarta.el (3.0.2 -> 4.0.1) [springboot]

to address documented security issues
@planetf1 planetf1 added the external-dependency Related to an external dependency (ie maven package etc). Bug or update label Jun 2, 2021
@planetf1
Copy link
Member Author

planetf1 commented Jun 2, 2021

Also need to check the following ignored dependencies:
org.apache.jena:jena-core
org.apache.jena:jena-arq

@planetf1
Copy link
Member Author

planetf1 commented Jun 2, 2021

  • jena is now updated in June 2021 dependabot updates (part 2) #5309
  • jakarta-el is not needed
  • thrift will be removed as part of continuing cassandra work including Cassandra Dependency (scope/security) #2671
  • elasticsearch is not a direct dependency, only transitive, via janusgraph-es . We generally only mandate versions due to security issues or consistency, this case doesn;t meet this criteria so there seems no requirement to force an updated version

All issues therefore resolved so closing

@planetf1 planetf1 closed this as completed Jun 2, 2021
@planetf1
Copy link
Member Author

planetf1 commented Jun 2, 2021

Unable to merge jena update -- requires Java 11.
Reopening

@planetf1 planetf1 reopened this Jun 2, 2021
@github-actions
Copy link

github-actions bot commented Aug 2, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 20 days if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the no-issue-activity Issues automatically marked as stale because they have not had recent activity. label Aug 2, 2021
@planetf1 planetf1 added pinned Keep open (do not time out) and removed no-issue-activity Issues automatically marked as stale because they have not had recent activity. labels Aug 2, 2021
planetf1 added a commit to planetf1/egeria that referenced this issue Sep 15, 2021
@planetf1
odpi#5212 upgrade jena
691c64c 
Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
@planetf1 planetf1 mentioned this issue Sep 15, 2021
Merged
planetf1 added a commit that referenced this issue Sep 15, 2021
@planetf1
Merge pull request #5691 from planetf1/issue5212
4c51105 
#5212 upgrade jena
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@planetf1 planetf1

@lpalashevski lpalashevski

Labels
external-dependency Related to an external dependency (ie maven package etc). Bug or update pinned Keep open (do not time out)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

#5212 upgrade jena planetf1/egeria
2 participants
@planetf1 @lpalashevski