New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): update dependency org.apache.bcel:bcel to v6.7.0 #2278
Conversation
Looks like our build isn't ready for the newer BCEL. |
da2b468
to
de123b2
Compare
de123b2
to
67e690f
Compare
Adding link to the change log for bcel for easy reference while looking into this https://commons.apache.org/proper/commons-bcel/changes-report.html#a6.7.0. |
@hazendaz it seems to me that the issue is that we build with BCEL 6.7.0 and then we analyze the project with the SpotBugs Gradle plugin (which was built with the previous version of BCEL) but the plugin uses BCEL 6.7.0, not the version it was built with. |
Since bcel-6.5.0 has CVE-2022-42920 (CRITICAL) |
e0fe93e
to
61d86d8
Compare
As far as I can see, the current master is on bcel version 6.6.1, which is not affected by this problem. However, it would be great to have this PR in spotbugs 4.7.4, it is not critical. |
Several issues here, I noticed at least 2:
|
61d86d8
to
1cd103a
Compare
The relevant PR (apache/commons-bcel#221) got merged to bcel, so the next bcel version should work with the changes in this PR. However, I don't have any timeline info about the bcel release. |
letting renovate rebase again to see if docs is related to us or that process since all recent PRs are failing today. |
ac6f1db
to
fff629d
Compare
arggg...mistakenly messed this up. Will fix it... |
This PR contains the following updates:
6.6.1
->6.7.0
Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.