kapua
kapua copied to clipboard
eclipse
Upgraded Shiro dependencies from 1.8.0 to 1.10.0 - CVE-2022-40664 CVE-2022-32532
This PR upgrades the version of Apache Shiro dependencies from 1.8.0 to 1.10.0 solving following CVEs
- CVE-2022-40664
- CVE-2022-32532
Related Issue None
Description of the solution adopted Upgraded version
Screenshots None
Any side note on the changes made No other dependencies outside of the Apache Shiro's ones has been updated
Codecov Report
Merging #3626 (ea58abc) into develop (be27308) will decrease coverage by
24.88%. The diff coverage isn/a.
:exclamation: Current head ea58abc differs from pull request most recent head a7014cd. Consider uploading reports for the commit a7014cd to get more accurate results
@@ Coverage Diff @@
## develop #3626 +/- ##
=============================================
- Coverage 34.47% 9.59% -24.89%
+ Complexity 147 8 -139
=============================================
Files 1668 1668
Lines 31987 31987
Branches 2634 2634
=============================================
- Hits 11028 3068 -7960
- Misses 20071 28632 +8561
+ Partials 888 287 -601
| Impacted Files | Coverage Δ | |
|---|---|---|
| ...g/eclipse/kapua/kura/simulator/app/Descriptor.java | 0.00% <0.00%> (-100.00%) |
:arrow_down: |
| ...e/kapua/commons/crypto/setting/CryptoSettings.java | 0.00% <0.00%> (-100.00%) |
:arrow_down: |
| ...lipse/kapua/message/internal/KapuaPayloadImpl.java | 0.00% <0.00%> (-100.00%) |
:arrow_down: |
| ...pse/kapua/kura/simulator/GatewayConfiguration.java | 0.00% <0.00%> (-100.00%) |
:arrow_down: |
| ...ipse/kapua/message/internal/KapuaPositionImpl.java | 0.00% <0.00%> (-100.00%) |
:arrow_down: |
| ...ipse/kapua/message/internal/MessageErrorCodes.java | 0.00% <0.00%> (-100.00%) |
:arrow_down: |
| ...lipse/kapua/service/job/internal/JobQueryImpl.java | 0.00% <0.00%> (-100.00%) |
:arrow_down: |
| ...kapua/transport/mqtt/MqttResponseTimeoutTimer.java | 0.00% <0.00%> (-100.00%) |
:arrow_down: |
| ...apua/transport/mqtt/setting/MqttClientSetting.java | 0.00% <0.00%> (-100.00%) |
:arrow_down: |
| ...ua/transport/mqtt/MqttClientConnectionOptions.java | 0.00% <0.00%> (-100.00%) |
:arrow_down: |
| ... and 503 more |
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
/request-license-review
License review requests:
- maven/mavencentral/org.apache.shiro/shiro-config-ogdl/1.10.0
- maven/mavencentral/org.apache.shiro/shiro-cache/1.10.0
- maven/mavencentral/org.apache.shiro/shiro-core/1.10.0
- maven/mavencentral/org.apache.shiro/shiro-web/1.10.0
- maven/mavencentral/org.apache.shiro/shiro-lang/1.10.0
- maven/mavencentral/org.apache.shiro/shiro-event/1.10.0
- maven/mavencentral/org.apache.shiro/shiro-config-core/1.10.0
After all reviews have concluded, re-run the license-vetting check from the Github Actions web-interface to update its status.
Workflow run (with attached summary files): https://github.com/eclipse/kapua/actions/runs/3279632969
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}