Skip to content

Update dependecies for CVE#13834

Merged
wing328 merged 2 commits intoOpenAPITools:masterfrom
Zomzog:zomzog/13772_CVEs
Oct 31, 2022
Merged

Update dependecies for CVE#13834
wing328 merged 2 commits intoOpenAPITools:masterfrom
Zomzog:zomzog/13772_CVEs

Conversation

@Zomzog
Copy link
Copy Markdown
Contributor

@Zomzog Zomzog commented Oct 26, 2022

fix #13772

Update of multiple lib for CVE (found with Snyk)

PR checklist

  • Read the contribution guidelines.
  • Pull Request title clearly describes the work in the pull request and Pull Request description provides details about how to validate the work. Missing information here may result in delayed response from the community.
  • Run the following to build the project and update samples: 
    ./mvnw clean package 
./bin/generate-samples.sh
./bin/utils/export_docs_generators.sh
    Commit all changed files.
    This is important, as CI jobs will verify all generator outputs of your HEAD commit as it would merge with master.
    These must match the expectations made by your contribution.
    You may regenerate an individual generator by passing the relevant config(s) as an argument to the script, for example ./bin/generate-samples.sh bin/configs/java*.
    For Windows users, please run the script in Git BASH.
  • File the PR against the correct branch: master (6.1.0) (minor release - breaking changes with fallbacks), 7.0.x (breaking changes without fallbacks)
  • If your PR is targeting a particular programming language, @mention the technical committee members, so they are more likely to review the pull request.

@Zomzog Zomzog force-pushed the zomzog/13772_CVEs branch from 43989fa to f6604e3 Compare October 26, 2022 23:27
@Zomzog Zomzog closed this Oct 26, 2022
@Zomzog Zomzog reopened this Oct 27, 2022
wing328
wing328 reviewed Oct 28, 2022
View reviewed changes
Comment thread modules/openapi-generator/src/test/resources/3_0/helidon/petstore-for-testing.yaml
- 'read:pets'
requestBody:
$ref: '#/components/schemas/Pet'
content:
Copy link
Copy Markdown
Member

@wing328 wing328 Oct 28, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI. @tjquinno there are changes to helidon test spec and files

Copy link
Copy Markdown
Contributor Author

@Zomzog Zomzog Oct 28, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes because the spec was no valid. I've fixed another one in samples.

wing328
wing328 reviewed Oct 28, 2022
View reviewed changes
Comment thread pom.xml
<openrewrite.version>7.22.0</openrewrite.version>
<swagger-parser-groupid.version>io.swagger.parser.v3</swagger-parser-groupid.version>
<swagger-parser.version>2.1.1</swagger-parser.version>
<swagger-parser.version>2.1.6</swagger-parser.version>
Copy link
Copy Markdown
Member

@wing328 wing328 Oct 28, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@OpenAPITools/generator-core-team FYI. swagger parser and other dependencies version update.

Copy link
Copy Markdown
Contributor Author

@Zomzog Zomzog Oct 28, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It solve multiple cve. It's this part that make the contract validation more accurate.

@wing328 wing328 added this to the 6.2.1 milestone Oct 28, 2022
@wing328
Copy link
Copy Markdown
Member

wing328 commented Oct 28, 2022

I'll merge it over the weekend if no question/feedback from anyone.

@tjquinno
Copy link
Copy Markdown
Contributor

tjquinno commented Oct 28, 2022

@wing328 William, thanks for the heads-up on these changes.

I checked out this branch and built it locally.

I can build the generated Helidon samples successfully, but when I try to start them I'm getting runtime errors.

For example:

cd samples/server/petstore/java-helidon-server/mp
mvn package
java -jar target/petstore-helidon-server-mp.jar

and also

cd samples/server/petstore/java-helidon-server/se
mvn package
java -jar target/petstore-helidon-server-se.jar

I get different runtime errors, but both of these fail.

I will look into this right away, but if possible please do not merge until we understand what's happening.

Thanks.

@tjquinno
Copy link
Copy Markdown
Contributor

tjquinno commented Oct 28, 2022

@wing328

The problems with running the generated Helidon servers do not seem to come from this PR. I rebuilt openapi-generator on master and got the same errors.

I see no reason to wait to merge this PR.

I will open a separate issue for resolving the Helidon server problems. I would very much like to fix that before the 6.2.1 release.

@wing328 wing328 merged commit 1b65ef3 into OpenAPITools:master Oct 31, 2022
@sunakan sunakan mentioned this pull request Nov 2, 2022
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wing328 wing328 wing328 left review comments

Assignees

No one assigned

Labels

Enhancement: Compatibility Enhancement: Security

Projects

None yet

Milestone

6.2.1

Development

Successfully merging this pull request may close these issues.

[REQ] [Java] Update Commons-text to 1.10

3 participants

@Zomzog @wing328 @tjquinno