openvsx icon indicating copy to clipboard operation
openvsx copied to clipboard

Published 20 hours ago verified publisher icon eclipse

Fix OpenVSX vulnerabilities

Open amvanbaren opened this issue 3 years ago • 5 comments

Fixes #465, log4j-core version updated to 2.17.2 Fixes #467, spring-webmvc version updated to 5.3.20

Update Spring Boot from 2.4.0 to 2.7.0 Update gradle wrapper to 6.9.1, so that it's compatible with Spring Boot 2.7.0 Replace springfox with springdoc Resolve circular dependency by moving download count logic to DownloadCountService Update API documentation to OpenAPI 3 Fix ElasticSearch search result constructors

amvanbaren avatar Jun 17 '22 08:06 amvanbaren

@amtadev Can you verify that the vulnerabilities mentioned in #465 and #467 are fixed by this PR? Below you find the output of the ./gradlew dependencies command: dependencies-new.txt

amvanbaren avatar Jun 17 '22 09:06 amvanbaren

Yes they are. thank you

amtadev avatar Jun 20 '22 12:06 amtadev

@amvanbaren when do you reckon this PR will be ready to be merged and changes deployed as a docker image? thanks

amtadev avatar Jun 23 '22 09:06 amtadev

@amtadev I'm currently waiting on feedback, so that the current release can be deployed to production: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/1377

Once that release is deployed, then this (and other) PRs will be merged for a new release.

amvanbaren avatar Jun 23 '22 09:06 amvanbaren

@amvanbaren any idea when will this PR be merged and deployed? thanks

amtadev avatar Aug 03 '22 15:08 amtadev

@amvanbaren Hi, when do you think this PR will be merged?

amtadev avatar Aug 25 '22 10:08 amtadev