Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Specify Versions of commons-compress and protobuf-java in Main Standalone Jar #15764

Closed
mn-mikke opened this issue Sep 15, 2023 · 0 comments · Fixed by #15765
Closed

Specify Versions of commons-compress and protobuf-java in Main Standalone Jar #15764

mn-mikke opened this issue Sep 15, 2023 · 0 comments · Fixed by #15765
Assignees
@mn-mikke
Milestone
3.44.0.1

Comments

@mn-mikke
Copy link
Collaborator

META-INF/maven contains pom files for all versions. Prisma scan seems to use this path for vulnerability scan although the below command and Snyk scan say different:

./gradlew :h2o-assemblies:main:dependencyInsight --dependency protobuf-java --configuration runtimeClasspath

Explicit version specification should fix the problem.
@mn-mikke mn-mikke added this to the 3.44.0.1 milestone Sep 15, 2023
@mn-mikke mn-mikke self-assigned this Sep 15, 2023
mn-mikke added a commit that referenced this issue Sep 15, 2023
@mn-mikke
[GH-15764] Specify Versions of commons-compress and protobuf-java in …
05b1b2e 
…Main Standalone Jar
@mn-mikke mn-mikke mentioned this issue Sep 15, 2023
Merged
mn-mikke added a commit that referenced this issue Sep 15, 2023
@mn-mikke
Merge branch 'master' into mn/GH-15764
935239b
mn-mikke added a commit that referenced this issue Sep 18, 2023
@mn-mikke
Merge pull request #15765 from h2oai/mn/GH-15764
d1c11e4 
[GH-15764] Specify Versions of commons-compress and protobuf-java in Main Standalone Jar
hannah-tillman added a commit that referenced this issue Oct 10, 2023
@hannah-tillman
ht/initial draft release notes (37 issues)
c64a45b 
excluding internal-only facing issues (6):
- GH-15795: Included GitHub issue numbers in PR descriptions for gradle checks.
- GH-15787: Included GitHub issue links in PR descriptions for gradle checks.
- GH-15764: Forced Prisma to use specific path to scan for vulnerability by specifying versions of commons-compress and protobuf-java in Main Standalone Jar.
- GH-15737: Removed unused developer files.
- GH-15691: Fixed broken JIRA links from the R documentation.
- GH-15470: Upgraded Hadoop Libraries to 3.3.5 in Main Standalone Jar.
@hannah-tillman hannah-tillman mentioned this issue Oct 10, 2023
Merged
mn-mikke added a commit that referenced this issue Oct 15, 2023
@hannah-tillman @mn-mikke
[GH-15811] 3.44.0.1 Release Notes [no check] (#15812)
cdb6ce3 
* ht/initial draft release notes (37 issues)

excluding internal-only facing issues (6):
- GH-15795: Included GitHub issue numbers in PR descriptions for gradle checks.
- GH-15787: Included GitHub issue links in PR descriptions for gradle checks.
- GH-15764: Forced Prisma to use specific path to scan for vulnerability by specifying versions of commons-compress and protobuf-java in Main Standalone Jar.
- GH-15737: Removed unused developer files.
- GH-15691: Fixed broken JIRA links from the R documentation.
- GH-15470: Upgraded Hadoop Libraries to 3.3.5 in Main Standalone Jar.

* ht/added 15815 & 15470; removed jetty v#

* Postpone release date

---------

Co-authored-by: Marek Novotny <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mn-mikke mn-mikke

Labels
None yet
Projects
None yet
Milestone
3.44.0.1
Development

Successfully merging a pull request may close this issue.

[GH-15764] Specify Versions of commons-compress and protobuf-java in Main Standalone Jar h2oai/h2o-3
1 participant
@mn-mikke