Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump springdoc-openapi to the newest #47

Merged
merged 1 commit into from
Mar 12, 2024
Merged

Bump springdoc-openapi to the newest #47

merged 1 commit into from
Mar 12, 2024

Conversation

autumnust
Copy link
Collaborator

Summary

This is again trying to resolve the ELR issues when OpenHouse is pulled back to LinkedIn internal. The previous attempt was not successful as its transitive dependencies still are identified as security vulnerable:

  • org.springframework.data:spring-data-rest-core:3.7.0
  • org.springframework.hateoas:spring-hateoas:1.5.0

Both of them came from org.springdoc:springdoc-openapi-ui

1.7.0 is the newest release for springdoc-openapi-ui (reference: https://github.com/springdoc/springdoc-openapi)
And it is still pulling spring-hateoas:1.5.4. Will give this a try and if failed, we will need to find workaround to allow this to happen.

Changes

  • Client-facing API Changes
  • Internal API Changes
  • Bug Fixes
  • New Features
  • Performance Improvements
  • Code Style
  • Refactoring
  • Documentation
  • Tests

For all the boxes checked, please include additional details of the changes made in this pull request.

Testing

  • Manually Tested on local docker setup. Please include commands ran, and their output.
  • Added new tests for the changes made.
  • Updated existing tests to reflect the changes made.
  • No tests added or updated. Please explain why. If unsure, please feel free to ask for help.
  • Some other form of testing like staging or soak time in production. Please explain.

Verified the Build Scan and at least spring-data-rest-core is in the right security range.

For all the boxes checked, include a detailed description of the testing done for the changes made in this pull request.

Additional Information

  • Breaking Changes
  • Deprecations
  • Large PR broken into smaller PRs, and PR plan linked in the description.

For all the boxes checked, include additional details of the changes made in this pull request.

@autumnust
Copy link
Collaborator Author

The reported build issue ./gradlew :apps:openhouse-spark-apps_2.12:spotbugsMain works fine locally, will close and re-open to trigger to re-test.

@autumnust autumnust closed this Mar 12, 2024
@autumnust autumnust reopened this Mar 12, 2024
@autumnust autumnust merged commit fe35329 into linkedin:main Mar 12, 2024
1 of 2 checks passed
@autumnust autumnust deleted the security_vul branch March 12, 2024 23:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sumedhsakdeo sumedhsakdeo sumedhsakdeo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@autumnust @sumedhsakdeo