-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Enhancement] Fixing CVEs #54749
base: main
Are you sure you want to change the base?
[Enhancement] Fixing CVEs #54749
Conversation
5d879b2
to
092b5a3
Compare
Signed-off-by: Vikas Attiguppa <[email protected]>
092b5a3
to
c98cb2b
Compare
@Astralidea @kevincai could you please review this PR I closed out the older one #53224 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would be good to remove the corresponding CVE from .trivyignore
@va-os-commits better to remove related CVE from .trivyignore, to see if it passes our trivy check. |
Signed-off-by: Vikas Attiguppa <[email protected]>
Head branch was pushed to by a user without write access
Quality Gate passedIssues Measures |
@kevincai looks like there was a timeout in VULN scanning phase of the build. Is there a way to re-trigger it? |
[Java-Extensions Incremental Coverage Report]✅ pass : 0 / 0 (0%) |
[FE Incremental Coverage Report]✅ pass : 0 / 0 (0%) |
[BE Incremental Coverage Report]✅ pass : 0 / 0 (0%) |
Why I'm doing:
https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEAVRO-8161188
What I'm doing:
Bumping up the versions of libraries for in which CVEs have been fixed
Fixes #issue
What type of PR is this:
Does this PR entail a change in behavior?
If yes, please specify the type of change:
Checklist:
Bugfix cherry-pick branch check: