Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependencies to address CVE-2022-38752 #231

Merged
merged 1 commit into from Sep 21, 2022
Merged

Update dependencies to address CVE-2022-38752 #231

merged 1 commit into from Sep 21, 2022

Conversation

bestbeforetoday
Copy link
Member

@bestbeforetoday bestbeforetoday commented Sep 20, 2022
edited

@bestbeforetoday
Update dependencies to address CVE-2022-38752
7094021 
Upgrade snakeyaml to v1.32 for vulnerability fix:

- https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081

Signed-off-by: Mark S. Lewis <mark_lewis@uk.ibm.com>
@bestbeforetoday bestbeforetoday marked this pull request as ready for review September 21, 2022 10:41
@bestbeforetoday bestbeforetoday requested a review from a team as a code owner September 21, 2022 10:41
@andrew-coleman andrew-coleman merged commit 195393f into hyperledger:main Sep 21, 2022
@bestbeforetoday
Copy link
Member Author

https://github.com/Mergifyio backport release-2.2

mergify bot pushed a commit that referenced this pull request Sep 21, 2022
@bestbeforetoday @mergify
Update dependencies to address CVE-2022-38752 (#231)
028bf57 
Upgrade snakeyaml to v1.32 for vulnerability fix:

- https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081

Signed-off-by: Mark S. Lewis <mark_lewis@uk.ibm.com>

Signed-off-by: Mark S. Lewis <mark_lewis@uk.ibm.com>
(cherry picked from commit 195393f)
@mergify mergify bot mentioned this pull request Sep 21, 2022
Merged
@mergify
Copy link
Contributor

mergify bot commented Sep 21, 2022

backport release-2.2

✅ Backports have been created

bestbeforetoday added a commit that referenced this pull request Sep 21, 2022
@mergify @bestbeforetoday
Update dependencies to address CVE-2022-38752 (#231) (#233)
234774d 
Upgrade snakeyaml to v1.32 for vulnerability fix:

- https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081

(cherry picked from commit 195393f)

Signed-off-by: Mark S. Lewis <mark_lewis@uk.ibm.com>
Co-authored-by: Mark S. Lewis <Mark.S.Lewis@outlook.com>
@bestbeforetoday bestbeforetoday deleted the snakeyaml branch September 21, 2022 17:28
marcopaulocova added a commit to VOID-SOFTWARE/fabric-sdk-java that referenced this pull request Oct 4, 2022
@marcopaulocova
Merge branch 'release-2.2-github' into release-2.2
7f9ef3e 
* release-2.2-github:
  Release v2.2.17 (hyperledger#235)
  Update dependencies to address CVE-2022-38752 (hyperledger#231) (hyperledger#233)
  Update dependencies to support Apple silicon (M1 / arm64) (hyperledger#232)
  release v2.2.16 (hyperledger#227)
  Fix CVE-2022-25857 (hyperledger#224) (hyperledger#225)
  Release v2.2.15 (hyperledger#220)
  GitHub Actions build (hyperledger#218)
  Update chaincode dependencies to avoid dependabot alerts (hyperledger#217)
  Performance improvement for CryptoPrimitives (hyperledger#214)
  Disabled scehduled security vulnerability scan (hyperledger#213)
  Release v2.2.14 (hyperledger#202)
  Address security vulnerability CVE-2022-25647 (hyperledger#199) (hyperledger#200)

# Conflicts:
#	pom.xml
#	src/main/java/org/hyperledger/fabric/sdk/LifecycleChaincodePackage.java
marcopaulocova added a commit to VOID-SOFTWARE/fabric-sdk-java that referenced this pull request Oct 4, 2022
@marcopaulocova
Merge branch 'release-2.2'
6ee61ce 
* release-2.2:
  Release v2.2.17 (hyperledger#235)
  Update dependencies to address CVE-2022-38752 (hyperledger#231) (hyperledger#233)
  Update dependencies to support Apple silicon (M1 / arm64) (hyperledger#232)
  release v2.2.16 (hyperledger#227)
  Fix CVE-2022-25857 (hyperledger#224) (hyperledger#225)
  Release v2.2.15 (hyperledger#220)
  GitHub Actions build (hyperledger#218)
  Update chaincode dependencies to avoid dependabot alerts (hyperledger#217)
  Performance improvement for CryptoPrimitives (hyperledger#214)
  Disabled scehduled security vulnerability scan (hyperledger#213)
  Release v2.2.14 (hyperledger#202)
  Address security vulnerability CVE-2022-25647 (hyperledger#199) (hyperledger#200)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrew-coleman andrew-coleman andrew-coleman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bestbeforetoday @andrew-coleman