Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade com.carrotsearch:hppc from 0.8.1 to 0.9.1 #1308

Merged
merged 2 commits into from
Mar 10, 2023
Merged

[Snyk] Upgrade com.carrotsearch:hppc from 0.8.1 to 0.9.1 #1308

merged 2 commits into from
Mar 10, 2023

Conversation

MichaelsJP
Copy link
Member

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade com.carrotsearch:hppc from 0.8.1 to 0.9.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 5 versions ahead of your current version.
  • The recommended version was released a year ago, on 2021-12-15.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@takb takb added this to To do in ors general Mar 4, 2023
@takb takb moved this from To do to Review in ors general Mar 7, 2023
@MichaelsJP MichaelsJP added this to the Release 7.1.0 milestone Mar 9, 2023
@MichaelsJP
Copy link
Member Author

MichaelsJP commented Mar 9, 2023
edited

Collides with the dependency version 0.8 from Graphhopper https://github.com/GIScience/graphhopper/blob/ors_4.0/pom.xml#L108.

We should remove this dependency and not double declare deps from graphhopper.

snyk-bot and others added 2 commits March 9, 2023 18:38
@MichaelsJP
fix: upgrade com.carrotsearch:hppc from 0.8.1 to 0.9.1
1b4cd45 
Snyk has created this PR to upgrade com.carrotsearch:hppc from 0.8.1 to 0.9.1.

See this package in Maven Repository:
https://mvnrepository.com/artifact/com.carrotsearch/hppc/

See this project in Snyk:
https://app.snyk.io/org/heigit/project/7b599213-469d-44ea-950e-75825f44d3e7?utm_source=github&utm_medium=referral&page=upgrade-pr
@MichaelsJP
build(maven): Remove duplicate dependency from ors pom
ccc1d6c 
Our Graphhopper fork already provides this dependency. Adding it here can mix up different versions and is not necessary.
@MichaelsJP MichaelsJP force-pushed the snyk-upgrade-b2b41c59b6c17f60cebd3bd14d85e00e branch from 86c4340 to ccc1d6c Compare March 9, 2023 17:38
@MichaelsJP MichaelsJP self-assigned this Mar 9, 2023
@MichaelsJP MichaelsJP requested a review from takb March 9, 2023 17:39
takb
takb approved these changes Mar 10, 2023
View reviewed changes
Copy link
Contributor

@takb takb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, but we should upgrade the dependency on our GH fork ASAP.

@MichaelsJP MichaelsJP merged commit 209da20 into master Mar 10, 2023
ors general automation moved this from Review to Awaiting release Mar 10, 2023
@MichaelsJP MichaelsJP deleted the snyk-upgrade-b2b41c59b6c17f60cebd3bd14d85e00e branch March 13, 2023 09:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@takb takb takb approved these changes

Assignees

@MichaelsJP MichaelsJP

Labels
None yet
Projects
ors general
  
Awaiting release
Milestone
Release 7.1.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@MichaelsJP @takb @snyk-bot