Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[#9322] Remove unnecessary guava dependencies #9321

Merged
merged 1 commit into from
Oct 25, 2022
Merged

[#9322] Remove unnecessary guava dependencies #9321

merged 1 commit into from
Oct 25, 2022

Conversation

JaneQ9900
Copy link

What happened?

There are 2 security vulnerabilities found in com.google.guava:guava 14.0.1

What did I do?

Upgrade com.google.guava:guava from 14.0.1 to 30.0-jre for vulnerability fix

What did you expect to happen?

Ideally, no insecure libs should be used.

The specification of the pull request

PR Specification from OSCS

@CLAassistant
Copy link

CLAassistant commented Oct 25, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@emeroad emeroad linked an issue Oct 25, 2022 that may be closed by this pull request
Remove unnecessary guava dependency #9322
Closed
@emeroad emeroad added this to the 2.5.0 milestone Oct 25, 2022
@emeroad emeroad added security module:plugin dependencies Pull requests that update a dependency file labels Oct 25, 2022
@emeroad emeroad force-pushed the oscs_fix_cdbl89oau51rhne6lsa0 branch from 8b48bd7 to c4de8e5 Compare October 25, 2022 05:31
@emeroad emeroad changed the title fix(sec): upgrade com.google.guava:guava to 30.0-jre [pinpoint-apm#9322] Remove unnecessary guava dependencies Oct 25, 2022
@emeroad emeroad changed the title [pinpoint-apm#9322] Remove unnecessary guava dependencies [#9322] Remove unnecessary guava dependencies Oct 25, 2022
@codecov
Copy link

codecov bot commented Oct 25, 2022

Codecov Report

Merging #9321 (c4de8e5) into master (0db9607) will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master    #9321   +/-   ##
=========================================
  Coverage     39.44%   39.44%           
  Complexity    11770    11770           
=========================================
  Files          3400     3400           
  Lines         91121    91121           
  Branches      10114    10114           
=========================================
  Hits          35946    35946           
  Misses        52075    52075           
  Partials       3100     3100
Impacted Files Coverage Δ
...m/navercorp/pinpoint/rpc/client/ConnectFuture.java 70.83% <0.00%> (-8.34%) ⬇️
...tor/metric/datasource/DefaultDataSourceMetric.java 85.18% <0.00%> (-3.71%) ⬇️
...point/rpc/client/DefaultPinpointClientHandler.java 70.42% <0.00%> (-1.41%) ⬇️
...rc/main/java/com/navercorp/pinpoint/test/Item.java 72.22% <0.00%> (ø)
...ollector/cluster/zookeeper/ZookeeperJobWorker.java 79.67% <0.00%> (+1.60%) ⬆️
...java/com/navercorp/pinpoint/rpc/DefaultFuture.java 76.14% <0.00%> (+1.83%) ⬆️
...pinpoint/rpc/ChannelWriteFailListenableFuture.java 71.42% <0.00%> (+28.57%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@emeroad emeroad merged commit bcf6baa into pinpoint-apm:master Oct 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file module:plugin security
Projects
None yet
Milestone
2.5.0
Development

Successfully merging this pull request may close these issues.

Remove unnecessary guava dependency
3 participants
@JaneQ9900 @CLAassistant @emeroad