Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ISSUE-3144: CVE fixes, Springboot upd #3624

Merged
merged 7 commits into from
Apr 7, 2023
Merged

ISSUE-3144: CVE fixes, Springboot upd #3624

merged 7 commits into from
Apr 7, 2023

Conversation

iliax
Copy link
Contributor

@iliax iliax commented Apr 4, 2023

  • Breaking change? (if so, please describe the impact and migration path for existing application instances)

What changes did you make? (Give an overview)

Spring boot version bump to 3.0.5, snakeyaml upd

Is there anything you'd like reviewers to focus on?

How Has This Been Tested? (put an "x" (case-sensitive!) next to an item)

  • No need to
  • Manually (please, describe, if necessary)
  • Unit checks
  • Integration checks
  • Covered by existing automation

Checklist (put an "x" (case-sensitive!) next to all the items, otherwise the build will fail)

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation (e.g. ENVIRONMENT VARIABLES)
  • My changes generate no new warnings (e.g. Sonar is happy)
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged

Check out Contributing and Code of Conduct

A picture of a cute animal (not mandatory but encouraged)

@iliax iliax requested a review from a team as a code owner April 4, 2023 11:34
@github-actions github-actions bot added the status/triage Issues pending maintainers triage label Apr 4, 2023
@iliax iliax requested a review from Haarolean April 4, 2023 11:46
@iliax iliax changed the title ISSUE-3144: CVE fixes, Springboot upd [WIP] ISSUE-3144: CVE fixes, Springboot upd Apr 4, 2023
@iliax iliax changed the title [WIP] ISSUE-3144: CVE fixes, Springboot upd ISSUE-3144: CVE fixes, Springboot upd Apr 5, 2023
@iliax iliax linked an issue Apr 5, 2023 that may be closed by this pull request
CVE fixes, Dec. 2022 #3144
Closed
Haarolean
Haarolean approved these changes Apr 7, 2023
View reviewed changes
@Haarolean Haarolean added scope/backend type/security Pull requests that address a security vulnerability and removed status/triage Issues pending maintainers triage labels Apr 7, 2023
@sonarqubecloud
Copy link

sonarqubecloud bot commented Apr 7, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@iliax iliax merged commit ee1cd72 into master Apr 7, 2023
@iliax iliax deleted the ISSUE-3144_cve_fixes_dec2022 branch April 7, 2023 13:31
@iliax iliax mentioned this pull request Apr 10, 2023
Closed
13 tasks
Haarolean pushed a commit that referenced this pull request Apr 13, 2023
@iliax @Haarolean
ISSUE-3144: CVE fixes, Springboot upd (#3624)
b991fb3 
* ISSUE-3144: Spring boot version bump to 3.0.5, snakeyaml upd
* explicit spring security dependency removed
* openapi plugin updated to 6.5
* Some javax.annotation imports migrated to jakarta.annotation
* base container sha specified
* Update CognitoAuthorityExtractor

(cherry picked from commit ee1cd72)
@Haarolean Haarolean mentioned this pull request Jun 5, 2023
Closed
@Haarolean Haarolean mentioned this pull request Aug 30, 2023
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Haarolean Haarolean Haarolean approved these changes

Assignees
No one assigned
Labels
scope/backend type/security Pull requests that address a security vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CVE fixes, Dec. 2022
2 participants
@iliax @Haarolean