Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update io.github.java-diff-utils:java-diff-utils to 4.4 or higher #4081

Closed
D074360 opened this issue Sep 13, 2023 · 1 comment
Closed

Update io.github.java-diff-utils:java-diff-utils to 4.4 or higher #4081

D074360 opened this issue Sep 13, 2023 · 1 comment

Comments

@D074360
Copy link

D074360 commented Sep 13, 2023

Hi,

The CVE-2023-4759 is reported against org.eclipse.jgit:org.eclipse.jgit, which is a transitive dependency from io.github.java-diff-utils:java-diff-utils:4.0 present error_prone_check_api.

I want to update io.github.java-diff-utils:java-diff-utils from 4.0 to 4.4 where org.eclipse.jgit:org.eclipse.jgit is not present.

Will there be any breaking changes in error_prone_check_api if I update?

Please let me know.

Kind regards,
Manjunath
Stephan202 added a commit to PicnicSupermarket/error-prone that referenced this issue Sep 13, 2023
@Stephan202
Upgrade java-diff-utils 4.0 -> 4.12
bf4e906 
This drops the indirect dependency on `org.eclipse.jgit`, guaranteeing
that CVE-2023-4759 is mitigated.

Resolves google#4081.

See:
- https://nvd.nist.gov/vuln/detail/CVE-2023-4759
- https://github.com/java-diff-utils/java-diff-utils/releases/tag/java-diff-utils-parent-4.12
- java-diff-utils/java-diff-utils@java-diff-utils-4.0...java-diff-utils-parent-4.12
@Stephan202 Stephan202 mentioned this issue Sep 13, 2023
Closed
@Stephan202
Copy link
Contributor

It looks like this upgrade is runtime compatible, so yes you can upgrade. Source compatibility requires only minor changes; I filed #4085.

copybara-service bot pushed a commit that referenced this issue Sep 13, 2023
@Stephan202
Upgrade java-diff-utils 4.0 -> 4.12
f385a05 
This drops the indirect dependency on `org.eclipse.jgit`, guaranteeing
that CVE-2023-4759 is mitigated.

Resolves #4081.

See:
- https://nvd.nist.gov/vuln/detail/CVE-2023-4759
- https://github.com/java-diff-utils/java-diff-utils/releases/tag/java-diff-utils-parent-4.12
- java-diff-utils/java-diff-utils@java-diff-utils-4.0...java-diff-utils-parent-4.12

Fixes #4085

FUTURE_COPYBARA_INTEGRATE_REVIEW=#4085 from PicnicSupermarket:sschroevers/upgrade-java-diff-utils bf4e906
PiperOrigin-RevId: 565083922
@copybara-service copybara-service bot mentioned this issue Sep 13, 2023
Closed
copybara-service bot pushed a commit that referenced this issue Sep 13, 2023
@Stephan202
Upgrade java-diff-utils 4.0 -> 4.12
a4d38d2 
This drops the indirect dependency on `org.eclipse.jgit`, guaranteeing
that CVE-2023-4759 is mitigated.

Resolves #4081.

See:
- https://nvd.nist.gov/vuln/detail/CVE-2023-4759
- https://github.com/java-diff-utils/java-diff-utils/releases/tag/java-diff-utils-parent-4.12
- java-diff-utils/java-diff-utils@java-diff-utils-4.0...java-diff-utils-parent-4.12

Fixes #4085

FUTURE_COPYBARA_INTEGRATE_REVIEW=#4085 from PicnicSupermarket:sschroevers/upgrade-java-diff-utils bf4e906
PiperOrigin-RevId: 565083922
copybara-service bot pushed a commit that referenced this issue Sep 13, 2023
@Stephan202
Upgrade java-diff-utils 4.0 -> 4.12
84c7705 
This drops the indirect dependency on `org.eclipse.jgit`, guaranteeing
that CVE-2023-4759 is mitigated.

Resolves #4081.

See:
- https://nvd.nist.gov/vuln/detail/CVE-2023-4759
- https://github.com/java-diff-utils/java-diff-utils/releases/tag/java-diff-utils-parent-4.12
- java-diff-utils/java-diff-utils@java-diff-utils-4.0...java-diff-utils-parent-4.12

Fixes #4085

FUTURE_COPYBARA_INTEGRATE_REVIEW=#4085 from PicnicSupermarket:sschroevers/upgrade-java-diff-utils bf4e906
PiperOrigin-RevId: 565083922
copybara-service bot pushed a commit that referenced this issue Sep 14, 2023
@Stephan202
Upgrade java-diff-utils 4.0 -> 4.12
36bbe30 
This drops the indirect dependency on `org.eclipse.jgit`, guaranteeing
that CVE-2023-4759 is mitigated.

Resolves #4081.

See:
- https://nvd.nist.gov/vuln/detail/CVE-2023-4759
- https://github.com/java-diff-utils/java-diff-utils/releases/tag/java-diff-utils-parent-4.12
- java-diff-utils/java-diff-utils@java-diff-utils-4.0...java-diff-utils-parent-4.12

Fixes #4085

FUTURE_COPYBARA_INTEGRATE_REVIEW=#4085 from PicnicSupermarket:sschroevers/upgrade-java-diff-utils bf4e906
PiperOrigin-RevId: 565083922
copybara-service bot pushed a commit that referenced this issue Sep 14, 2023
@Stephan202
Upgrade java-diff-utils 4.0 -> 4.12
8ba8436 
This drops the indirect dependency on `org.eclipse.jgit`, guaranteeing
that CVE-2023-4759 is mitigated.

Resolves #4081.

See:
- https://nvd.nist.gov/vuln/detail/CVE-2023-4759
- https://github.com/java-diff-utils/java-diff-utils/releases/tag/java-diff-utils-parent-4.12
- java-diff-utils/java-diff-utils@java-diff-utils-4.0...java-diff-utils-parent-4.12

Fixes #4085

FUTURE_COPYBARA_INTEGRATE_REVIEW=#4085 from PicnicSupermarket:sschroevers/upgrade-java-diff-utils bf4e906
PiperOrigin-RevId: 565372382
@copybara-service copybara-service bot mentioned this issue Sep 14, 2023
Closed
@carterkozak carterkozak mentioned this issue Oct 23, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@Stephan202 @D074360