kubernetes-client icon indicating copy to clipboard operation
kubernetes-client copied to clipboard

Published 20 hours ago verified publisher icon fabric8io

deps: bump OkHttp to 3.14.9

Open manusa opened this issue 3 years ago • 7 comments

Description

deps: bump OkHttp to 3.14.9

Type of change

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [ ] Feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to change
  • [x] Chore (non-breaking change which doesn't affect codebase; test, version modification, documentation, etc.)

Checklist

  • [ ] Code contributed by me aligns with current project license: Apache 2.0
  • [ ] I Added CHANGELOG entry regarding this change
  • [ ] I have implemented unit tests to cover my changes
  • [ ] I have added/updated the javadocs and other documentation accordingly
  • [ ] No new bugs, code smells, etc. in SonarCloud report
  • [ ] I tested my code in Kubernetes
  • [ ] I tested my code in OpenShift

manusa avatar Jul 22 '22 12:07 manusa

We need a 3.14.9 bundle too.

I upgraded the ServiceMix bundle dependency to 3.14.1_2, but it's based on 3.14.1. I'm unsure of the behavior this might cause.

manusa avatar Jul 22 '22 12:07 manusa

It might work, but some of the problems will show up only in OSGi runtime at runtime.. The best solution is going ahead with this PR. We'll need to add a 3.14.9 bundle to the next Servicemix bundles release and then upgrade here.

oscerd avatar Jul 22 '22 12:07 oscerd

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

sonarqubecloud[bot] avatar Jul 22 '22 13:07 sonarqubecloud[bot]

Any plans to upgrade to 4.10.x which has fix for CVE PRISMA-2022-0239 (https://github.com/square/okhttp/issues/6738) ?

mkdev0101 avatar Aug 10 '22 12:08 mkdev0101

@mkdev0101 : OkHttp v4 is based on kotlin which we want to avoid. Please read https://github.com/fabric8io/kubernetes-client/issues/4290#issuecomment-1192194532 for more details

rohanKanojia avatar Aug 10 '22 12:08 rohanKanojia

Bundle version has been updated too (3.14.9_1)

manusa avatar Sep 05 '22 11:09 manusa

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

sonarqubecloud[bot] avatar Sep 05 '22 12:09 sonarqubecloud[bot]

Considering Quarkus no longer depends on the OkHttp client (at least for production), we should move forward to use OkHttp 4 instead.

Closing this PR and #5134 in favor of #2632

manusa avatar May 29 '23 07:05 manusa