Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependecies for CVE #13834

Merged
merged 2 commits into from Oct 31, 2022
Merged

Update dependecies for CVE #13834

merged 2 commits into from Oct 31, 2022

Conversation

Zomzog
Copy link
Contributor

@Zomzog Zomzog commented Oct 26, 2022

fix #13772

Update of multiple lib for CVE (found with Snyk)

PR checklist

  • Read the contribution guidelines.
  • Pull Request title clearly describes the work in the pull request and Pull Request description provides details about how to validate the work. Missing information here may result in delayed response from the community.
  • Run the following to build the project and update samples: 
    ./mvnw clean package 
./bin/generate-samples.sh
./bin/utils/export_docs_generators.sh
    Commit all changed files.
    This is important, as CI jobs will verify all generator outputs of your HEAD commit as it would merge with master.
    These must match the expectations made by your contribution.
    You may regenerate an individual generator by passing the relevant config(s) as an argument to the script, for example ./bin/generate-samples.sh bin/configs/java*.
    For Windows users, please run the script in Git BASH.
  • File the PR against the correct branch: master (6.1.0) (minor release - breaking changes with fallbacks), 7.0.x (breaking changes without fallbacks)
  • If your PR is targeting a particular programming language, @mention the technical committee members, so they are more likely to review the pull request.

@Zomzog Zomzog closed this Oct 26, 2022
@Zomzog Zomzog reopened this Oct 27, 2022
wing328
wing328 reviewed Oct 28, 2022
View reviewed changes
modules/openapi-generator/src/test/resources/3_0/helidon/petstore-for-testing.yaml
@@ -72,7 +72,10 @@ paths:
- 'write:pets'
- 'read:pets'
requestBody:
$ref: '#/components/schemas/Pet'
content:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI. @tjquinno there are changes to helidon test spec and files

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes because the spec was no valid. I've fixed another one in samples.

wing328
wing328 reviewed Oct 28, 2022
View reviewed changes
pom.xml
@@ -1517,7 +1518,7 @@
<maven-surefire-plugin.version>3.0.0-M6</maven-surefire-plugin.version>
<openrewrite.version>7.22.0</openrewrite.version>
<swagger-parser-groupid.version>io.swagger.parser.v3</swagger-parser-groupid.version>
<swagger-parser.version>2.1.1</swagger-parser.version>
<swagger-parser.version>2.1.6</swagger-parser.version>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@OpenAPITools/generator-core-team FYI. swagger parser and other dependencies version update.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It solve multiple cve. It's this part that make the contract validation more accurate.

@wing328 wing328 added this to the 6.2.1 milestone Oct 28, 2022
@wing328
Copy link
Member

wing328 commented Oct 28, 2022

I'll merge it over the weekend if no question/feedback from anyone.

@tjquinno
Copy link
Contributor

@wing328 William, thanks for the heads-up on these changes.

I checked out this branch and built it locally.

I can build the generated Helidon samples successfully, but when I try to start them I'm getting runtime errors.

For example:

cd samples/server/petstore/java-helidon-server/mp
mvn package
java -jar target/petstore-helidon-server-mp.jar

and also

cd samples/server/petstore/java-helidon-server/se
mvn package
java -jar target/petstore-helidon-server-se.jar

I get different runtime errors, but both of these fail.

I will look into this right away, but if possible please do not merge until we understand what's happening.

Thanks.

@tjquinno
Copy link
Contributor

@wing328

The problems with running the generated Helidon servers do not seem to come from this PR. I rebuilt openapi-generator on master and got the same errors.

I see no reason to wait to merge this PR.

I will open a separate issue for resolving the Helidon server problems. I would very much like to fix that before the 6.2.1 release.

@wing328 wing328 merged commit 1b65ef3 into OpenAPITools:master Oct 31, 2022
@sunakan sunakan mentioned this pull request Nov 2, 2022
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wing328 wing328 wing328 left review comments

Assignees
No one assigned
Labels
Enhancement: Compatibility Enhancement: Security
Projects
None yet
Milestone
6.2.1
Development

Successfully merging this pull request may close these issues.

[REQ] [Java] Update Commons-text to 1.10
3 participants
@Zomzog @wing328 @tjquinno