Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependencies, in particular OkHttp to fix CVE. #2058

Merged
merged 1 commit into from
Apr 29, 2024

Conversation

tychobrailleur
Copy link
Collaborator

This fixes CVE-2023-3635, cf. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3635

  1. changes proposed in this pull request:

cf. above

  1. src/main/resources/release_notes.md ...
  • has been updated
  • does not require update
  1. [Optional] suggested person to review this PR @wsbrenk

@wsbrenk
Copy link
Collaborator

wsbrenk commented Apr 28, 2024

@tychobrailleur If this should be merged to the master branch, please set version to 9.0.

@tychobrailleur tychobrailleur changed the base branch from master to release/8 April 28, 2024 16:02
@tychobrailleur
Copy link
Collaborator Author

This is to fix a security issue, so I think this should go into the 8.x release - I have updated the base branch.

@wsbrenk wsbrenk merged commit 13dc635 into release/8 Apr 29, 2024
1 check passed
wsbrenk added a commit that referenced this pull request May 5, 2024
* #1797 create beta (#2052)

* Fix build (#2054)

* #1797 create beta

* #1797 fix build

* build DEV_STAGE = 0

* #2055 release_notes.md

* #2055 fix slow opening of team analyzer panel (#2056)

* update release_notes.md

* #2055 remove unused info label

* #2055 remove unused info label (code analysis results)

* #2055 release_notes.md

* #2055 release_notes.md

* Use SwingWorker to properly fix hanging UI. (#2057)

* Update dependencies, in particular OkHttp to fix CVE. (#2058)

This fixes CVE-2023-3635, cf. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3635

---------

Co-authored-by: Sébastien Le Callonnec <sebastien@weblogism.com>
wsbrenk added a commit that referenced this pull request May 10, 2024
* #1797 create beta (#2052)

* Fix build (#2054)

* #1797 create beta

* #1797 fix build

* #2055 fix slow opening of team analyzer panel (#2056)

* update release_notes.md

* #2055 remove unused info label

* #2055 remove unused info label (code analysis results)

* #2055 release_notes.md

* #2055 release_notes.md

* Use SwingWorker to properly fix hanging UI. (#2057)

* Update dependencies, in particular OkHttp to fix CVE. (#2058)

This fixes CVE-2023-3635, cf. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3635

* #2059 fix currency error in team analyzer's total salary column (#2060)

* #2065 truncate match report if string is too long for database column

* #2065 set maximum match report size to 40000 characters

* #2065 new column "nullable" in sql editor table

* #2065 rename AbstractTable.truncateString

---------

Co-authored-by: Sébastien Le Callonnec <sebastien@weblogism.com>
wsbrenk added a commit that referenced this pull request May 21, 2024
* #1797 create beta (#2052)

* Fix build (#2054)

* #1797 create beta

* #1797 fix build

* #2055 fix slow opening of team analyzer panel (#2056)

* update release_notes.md

* #2055 remove unused info label

* #2055 remove unused info label (code analysis results)

* #2055 release_notes.md

* #2055 release_notes.md

* Use SwingWorker to properly fix hanging UI. (#2057)

* Update dependencies, in particular OkHttp to fix CVE. (#2058)

This fixes CVE-2023-3635, cf. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3635

* #2059 fix currency error in team analyzer's total salary column (#2060)

* #2063 add 5 new countries to international flags module (#2064)

* #2063 add 5 new countries to international flags module

* #2063 add 5 new countries to international flags module (review)

* release_notes.md translator

* #2063 the flag files

* #2065 truncate match report if string is too long for database column (#2066)

* #2065 truncate match report if string is too long for database column

* #2065 rename AbstractTable.truncateString

* #2063 Guinea (#2068)

* #2063 download missing world details (#2070)

* #2063 download missing world details

* #2063 download missing world details

* #2063 download missing world details

* #2063 fix database error on matches reload

---------

Co-authored-by: Sébastien Le Callonnec <sebastien@weblogism.com>
wsbrenk added a commit that referenced this pull request Jun 6, 2024
* #1797 create beta (#2052)

* Fix build (#2054)

* #1797 create beta

* #1797 fix build

* #2055 fix slow opening of team analyzer panel (#2056)

* update release_notes.md

* #2055 remove unused info label

* #2055 remove unused info label (code analysis results)

* #2055 release_notes.md

* #2055 release_notes.md

* Use SwingWorker to properly fix hanging UI. (#2057)

* Update dependencies, in particular OkHttp to fix CVE. (#2058)

This fixes CVE-2023-3635, cf. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3635

* #2059 fix currency error in team analyzer's total salary column (#2060)

* #2063 add 5 new countries to international flags module (#2064)

* #2063 add 5 new countries to international flags module

* #2063 add 5 new countries to international flags module (review)

* release_notes.md translator

* #2063 the flag files

* #2065 truncate match report if string is too long for database column (#2066)

* #2065 truncate match report if string is too long for database column

* #2065 rename AbstractTable.truncateString

* #2063 Guinea (#2068)

* #2063 download missing world details (#2070)

* #2063 download missing world details

* #2063 download missing world details

* #2063 download missing world details

* #2063 fix database error on matches reload

* #2069 (#2072)

* #2069 reduce space between team summary labels

* #2069 release_notes.md

* #1455 Initialize series table if no matches are played yet (#2073)

* #2069 reduce space between team summary labels

* #2069 release_notes.md

* #1455 initialize series table if no matches are played yet

* #1455 fix initial order of series table

* #1455 review

* #1455 review

* #1455 review

* #1455 review

* #1455 review

* #2074 update ratings when team spirit is changed (#2075)

* #1455 review

* #2074 update ratings when team spirit is changed

* #2076 sorting of youth table average column (#2077)

* #2078 ts forecast loads all trainer data (#2079)

* #2078 ts forecast loads all trainer data

* #2078 release_notes.md

---------

Co-authored-by: Sébastien Le Callonnec <sebastien@weblogism.com>
@tychobrailleur tychobrailleur deleted the fix/update_cve branch June 23, 2024 07:23
wsbrenk added a commit that referenced this pull request Jun 23, 2024
* #1797 create beta (#2052)

* Fix build (#2054)

* #1797 create beta

* #1797 fix build

* #2055 fix slow opening of team analyzer panel (#2056)

* update release_notes.md

* #2055 remove unused info label

* #2055 remove unused info label (code analysis results)

* #2055 release_notes.md

* #2055 release_notes.md

* Use SwingWorker to properly fix hanging UI. (#2057)

* Update dependencies, in particular OkHttp to fix CVE. (#2058)

This fixes CVE-2023-3635, cf. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3635

* #2059 fix currency error in team analyzer's total salary column (#2060)

* #2063 add 5 new countries to international flags module (#2064)

* #2063 add 5 new countries to international flags module

* #2063 add 5 new countries to international flags module (review)

* release_notes.md translator

* #2063 the flag files

* #2065 truncate match report if string is too long for database column (#2066)

* #2065 truncate match report if string is too long for database column

* #2065 rename AbstractTable.truncateString

* #2063 Guinea (#2068)

* #2063 download missing world details (#2070)

* #2063 download missing world details

* #2063 download missing world details

* #2063 download missing world details

* #2063 fix database error on matches reload

* #2069 (#2072)

* #2069 reduce space between team summary labels

* #2069 release_notes.md

* #1455 Initialize series table if no matches are played yet (#2073)

* #2069 reduce space between team summary labels

* #2069 release_notes.md

* #1455 initialize series table if no matches are played yet

* #1455 fix initial order of series table

* #1455 review

* #1455 review

* #1455 review

* #1455 review

* #1455 review

* #2074 update ratings when team spirit is changed (#2075)

* #1455 review

* #2074 update ratings when team spirit is changed

* #2076 sorting of youth table average column (#2077)

* #2078 ts forecast loads all trainer data (#2079)

* #2078 ts forecast loads all trainer data

* #2078 release_notes.md

* Create `stable` tag when `tag_stable` is created. (#2083) (#2085)

* Release/8 (#2084)

* Create `stable` tag when `tag_stable` is created.

* release stable HO8

* release stable HO8

---------

Co-authored-by: Sébastien Le Callonnec <sebastien@weblogism.com>

---------

Co-authored-by: Sébastien Le Callonnec <sebastien@weblogism.com>
wsbrenk added a commit that referenced this pull request Jun 23, 2024
* #1797 create beta (#2052)

* Fix build (#2054)

* #1797 create beta

* #1797 fix build

* #2055 fix slow opening of team analyzer panel (#2056)

* update release_notes.md

* #2055 remove unused info label

* #2055 remove unused info label (code analysis results)

* #2055 release_notes.md

* #2055 release_notes.md

* Use SwingWorker to properly fix hanging UI. (#2057)

* Update dependencies, in particular OkHttp to fix CVE. (#2058)

This fixes CVE-2023-3635, cf. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3635

* #2059 fix currency error in team analyzer's total salary column (#2060)

* #2063 add 5 new countries to international flags module (#2064)

* #2063 add 5 new countries to international flags module

* #2063 add 5 new countries to international flags module (review)

* release_notes.md translator

* #2063 the flag files

* #2065 truncate match report if string is too long for database column (#2066)

* #2065 truncate match report if string is too long for database column

* #2065 rename AbstractTable.truncateString

* #2063 Guinea (#2068)

* #2063 download missing world details (#2070)

* #2063 download missing world details

* #2063 download missing world details

* #2063 download missing world details

* #2063 fix database error on matches reload

* #2069 (#2072)

* #2069 reduce space between team summary labels

* #2069 release_notes.md

* #1455 Initialize series table if no matches are played yet (#2073)

* #2069 reduce space between team summary labels

* #2069 release_notes.md

* #1455 initialize series table if no matches are played yet

* #1455 fix initial order of series table

* #1455 review

* #1455 review

* #1455 review

* #1455 review

* #1455 review

* #2074 update ratings when team spirit is changed (#2075)

* #1455 review

* #2074 update ratings when team spirit is changed

* #2076 sorting of youth table average column (#2077)

* #2078 ts forecast loads all trainer data (#2079)

* #2078 ts forecast loads all trainer data

* #2078 release_notes.md

* Create `stable` tag when `tag_stable` is created. (#2083) (#2085)

* Release/8 (#2084)

* Create `stable` tag when `tag_stable` is created.

* release stable HO8

* release stable HO8

---------

Co-authored-by: Sébastien Le Callonnec <sebastien@weblogism.com>

* release stable HO8

* release stable HO8

---------

Co-authored-by: Sébastien Le Callonnec <sebastien@weblogism.com>
wsbrenk added a commit that referenced this pull request Jul 4, 2024
* #1797 create beta (#2052)

* Fix build (#2054)

* #1797 create beta

* #1797 fix build

* #2055 fix slow opening of team analyzer panel (#2056)

* update release_notes.md

* #2055 remove unused info label

* #2055 remove unused info label (code analysis results)

* #2055 release_notes.md

* #2055 release_notes.md

* Use SwingWorker to properly fix hanging UI. (#2057)

* Update dependencies, in particular OkHttp to fix CVE. (#2058)

This fixes CVE-2023-3635, cf. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3635

* #2059 fix currency error in team analyzer's total salary column (#2060)

* #2063 add 5 new countries to international flags module (#2064)

* #2063 add 5 new countries to international flags module

* #2063 add 5 new countries to international flags module (review)

* release_notes.md translator

* #2063 the flag files

* #2065 truncate match report if string is too long for database column (#2066)

* #2065 truncate match report if string is too long for database column

* #2065 rename AbstractTable.truncateString

* #2063 Guinea (#2068)

* #2063 download missing world details (#2070)

* #2063 download missing world details

* #2063 download missing world details

* #2063 download missing world details

* #2063 fix database error on matches reload

* #2069 (#2072)

* #2069 reduce space between team summary labels

* #2069 release_notes.md

* #1455 Initialize series table if no matches are played yet (#2073)

* #2069 reduce space between team summary labels

* #2069 release_notes.md

* #1455 initialize series table if no matches are played yet

* #1455 fix initial order of series table

* #1455 review

* #1455 review

* #1455 review

* #1455 review

* #1455 review

* #2074 update ratings when team spirit is changed (#2075)

* #1455 review

* #2074 update ratings when team spirit is changed

* #2076 sorting of youth table average column (#2077)

* #2078 ts forecast loads all trainer data (#2079)

* #2078 ts forecast loads all trainer data

* #2078 release_notes.md

* Create `stable` tag when `tag_stable` is created. (#2083) (#2085)

* Release/8 (#2084)

* Create `stable` tag when `tag_stable` is created.

* release stable HO8

* release stable HO8

---------

Co-authored-by: Sébastien Le Callonnec <sebastien@weblogism.com>

* #2094 youth scout comment column length

---------

Co-authored-by: Sébastien Le Callonnec <sebastien@weblogism.com>
wsbrenk added a commit that referenced this pull request Jul 6, 2024
* #1797 create beta (#2052)

* Fix build (#2054)

* #1797 create beta

* #1797 fix build

* #2055 fix slow opening of team analyzer panel (#2056)

* update release_notes.md

* #2055 remove unused info label

* #2055 remove unused info label (code analysis results)

* #2055 release_notes.md

* #2055 release_notes.md

* Use SwingWorker to properly fix hanging UI. (#2057)

* Update dependencies, in particular OkHttp to fix CVE. (#2058)

This fixes CVE-2023-3635, cf. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3635

* #2059 fix currency error in team analyzer's total salary column (#2060)

* #2063 add 5 new countries to international flags module (#2064)

* #2063 add 5 new countries to international flags module

* #2063 add 5 new countries to international flags module (review)

* release_notes.md translator

* #2063 the flag files

* #2065 truncate match report if string is too long for database column (#2066)

* #2065 truncate match report if string is too long for database column

* #2065 rename AbstractTable.truncateString

* #2063 Guinea (#2068)

* #2063 download missing world details (#2070)

* #2063 download missing world details

* #2063 download missing world details

* #2063 download missing world details

* #2063 fix database error on matches reload

* #2069 (#2072)

* #2069 reduce space between team summary labels

* #2069 release_notes.md

* #1455 Initialize series table if no matches are played yet (#2073)

* #2069 reduce space between team summary labels

* #2069 release_notes.md

* #1455 initialize series table if no matches are played yet

* #1455 fix initial order of series table

* #1455 review

* #1455 review

* #1455 review

* #1455 review

* #1455 review

* #2074 update ratings when team spirit is changed (#2075)

* #1455 review

* #2074 update ratings when team spirit is changed

* #2076 sorting of youth table average column (#2077)

* #2078 ts forecast loads all trainer data (#2079)

* #2078 ts forecast loads all trainer data

* #2078 release_notes.md

* Create `stable` tag when `tag_stable` is created. (#2083) (#2085)

* Release/8 (#2084)

* Create `stable` tag when `tag_stable` is created.

* release stable HO8

* release stable HO8

---------

Co-authored-by: Sébastien Le Callonnec <sebastien@weblogism.com>

* Select suffix in extension block, as it then becomes immutable. (#2093)

* Fix issue with incorrect `-DEV` suffix in release.

The elvis operator returns the alternate branch if the condition is an empty string:

```groovy
groovy:000> "" ?: "pouet"
===> pouet

```

* Revert stable tag change to see if this is the root cause.

* Update version if GH action.

* Restore code.

* Re-create buid after manual delete of tags.

* Update release-dev.yml

Try using patched version to delete released version.

* Update release-dev.yml

Using the full SHA, as apparently this is required...

...although GH is even able to tell me which exact SHA to use!!  Also set the new option to true to trigger the deletion of non-draft.

* Update release-dev.yml

Latest version of GH action.

* Update release-dev.yml

* Update release-dev.yml

* #2094 youth scout comment sql error (#2095)

* #2094 youth scout comment sql error

* #2094 start 8.1 beta

* #2094 start 8.1 beta

* #2092 Fix skill tester rating predictions (#2098)

* #2092 Fix skill tester rating predictions

* #2092 typo

* #2097 Fix exception in youth player substitution (#2099)

* #2094 youth scout comment sql error

* #2094 start 8.1 beta

* #2094 start 8.1 beta

* #2092 typo

* #2097 Fix MatchLineupTeam.examineSubstitution

* #2097 build.gradle git reporting of v8.1

* #2097 Fix npe in MatchLineupTeam.initMinutesOfPlayersInSectors (#2101)

---------

Co-authored-by: Sébastien Le Callonnec <sebastien@weblogism.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants