Skip to content
This repository has been archived by the owner on Apr 5, 2024. It is now read-only.

Update library dependencies #509

Merged
merged 2 commits into from
Jun 21, 2023
Merged

Update library dependencies #509

merged 2 commits into from
Jun 21, 2023

Conversation

jframe
Copy link
Contributor

@jframe jframe commented Jun 21, 2023
edited

PR Description

Update libraries to address vulnerabilities.

  • Updated GRPC to address CVE-2023-32732. We pull in this library for use in the metrics. But can't update to latest version from Besu as we don't have Java 17 support
  • Update guava to address CVE-2023-2976 and remove suppression for fixed guava CVE-2020-8908
  • Updated jackson databind to the latest version
  • Updated bouncy castle to address CVE-2023-33201. Needed to switch to jdk18on version as the jdk15on has not been updated. The jdk18on is multi-version and will work with Java 11

Fixed Issue(s)

Documentation

  • I thought about documentation and added the doc-change-required label to this PR if updates are required.

Changelog

  • I thought about adding a changelog entry, and added one if I deemed necessary.

@jframe jframe requested a review from usmansaleem June 21, 2023 04:36
usmansaleem
usmansaleem approved these changes Jun 21, 2023
View reviewed changes
Copy link
Contributor

@usmansaleem usmansaleem left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jframe jframe merged commit cc546da into Consensys:master Jun 21, 2023
9 checks passed
@jframe jframe deleted the update_libraries branch June 21, 2023 05:03
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@usmansaleem usmansaleem usmansaleem approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jframe @usmansaleem