Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update json-smart to 2.4.7 (from 2.4.1), accessors-smart to 2.4.7 (from 1.3) and asm to 9.1 (from 9.0) #668

Closed
wants to merge 3 commits into from

Conversation

sseide
Copy link
Contributor

@sseide sseide commented Jun 7, 2021

Description

This PR updates the used net.minidev:json-smart library to version 2.4.7 to fix a security warning. The accessors-smart lib is updated too as it belongs to json-smart and is released together.

The asm 9.1 library is a dependency of accessors-smart as well as for the already updated tika-parsers 1.26. Within the recent update of tika-parsers the asm update was missing.

Motivation and Context

fix a security warning for json-smart:

How Has This Been Tested?

run gradlew check and use it for some days on our own setup.

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)

Checklist:

  • My code follows the code style of this project.
  • I have updated the documentation accordingly.

@sseide
Copy link
Contributor Author

sseide commented Jun 7, 2021

with commit 68c20b2 i update the gradle.properties file too to use asm version 9.1 instead of 9.0.

But even without this update of the gradle.properties file the newer version 9.1 was already used as a dependency of accessors-smart and tika-parsers. At least the gradle check run fetches the newer 9.1 and complained about wrong jar sizes in the expected_release_jars.csv file without updateing the information from 9.0 to 9.1.

Therfore i do not know if this updateto the porperties file is really needed or something within the gradle build not working as expected...

@codecov-commenter
Copy link

codecov-commenter commented Jun 7, 2021

Codecov Report

Merging #668 (e51e2a3) into master (ec1d462) will decrease coverage by 0.00%.
The diff coverage is n/a.

❗ Current head e51e2a3 differs from pull request most recent head 68c20b2. Consider uploading reports for the commit 68c20b2 to get more accurate results
Impacted file tree graph

@@             Coverage Diff              @@
##             master     #668      +/-   ##
============================================
- Coverage     55.40%   55.40%   -0.01%     
+ Complexity    10216    10214       -2     
============================================
  Files          1047     1047              
  Lines         64462    64462              
  Branches       7311     7311              
============================================
- Hits          35718    35716       -2     
  Misses        26243    26243              
- Partials       2501     2503       +2     
Impacted Files Coverage Δ
...ache/jmeter/reporters/SummariserRunningSample.java 83.58% <0.00%> (-1.50%) ⬇️
...n/java/org/apache/jmeter/reporters/Summariser.java 84.73% <0.00%> (-0.77%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ec1d462...68c20b2. Read the comment docs.

@FSchumacher
Copy link
Contributor

Thanks for the PR. It has been merged into master.

@FSchumacher FSchumacher closed this Jun 7, 2021
@sseide sseide deleted the update_jsonsmart branch October 21, 2021 10:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants