Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

updated spring dependencies #329

Merged
merged 1 commit into from
Apr 4, 2022
Merged

updated spring dependencies #329

merged 1 commit into from
Apr 4, 2022

Conversation

bhautikpip
Copy link
Contributor

Issue #, if available:
Spring RCE issue: https://tanzu.vmware.com/security/cve-2022-22965

Description of changes:
Updated spring dependencies

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@bhautikpip bhautikpip requested a review from a team as a code owner April 4, 2022 20:30
@codecov-commenter
Copy link

Codecov Report

Merging #329 (1c906b1) into master (3442c27) will increase coverage by 0.05%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##             master     #329      +/-   ##
============================================
+ Coverage     58.86%   58.92%   +0.05%     
  Complexity     1206     1206              
============================================
  Files           131      131              
  Lines          5066     5066              
  Branches        593      593              
============================================
+ Hits           2982     2985       +3     
+ Misses         1809     1806       -3     
  Partials        275      275
Impacted Files Coverage Δ
...va/com/amazonaws/xray/entities/SubsegmentImpl.java 76.05% <0.00%> (+4.22%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a2bc1ad...1c906b1. Read the comment docs.

srprash
srprash reviewed Apr 4, 2022
View reviewed changes
aws-xray-recorder-sdk-spring/build.gradle.kts
@@ -9,11 +9,11 @@ dependencies {
api("org.aspectj:aspectjrt:1.8.11")

// TODO(anuraaga): Remove most of these? Seems only Configurable annotation is used
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@anuraaga 's comment hints that these dependencies could be removed. If it is not a big effort, maybe this is a good time to do so?
Otherwise LGTM.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah Good callout. I think it's a small change relatively but in order to ensure nothing breaks and SDK works as expected we might need to do some additional testing so I have scoped that work out of this PR if that makes sense.

@bhautikpip bhautikpip merged commit cd3b9e7 into aws:master Apr 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@srprash srprash srprash approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@bhautikpip @codecov-commenter @srprash