You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jmeter.apache.org by GitBox <gi...@apache.org> on 2021/06/07 12:34:33 UTC
[GitHub] [jmeter] sseide opened a new pull request #668: update json-smart to 2.4.7 (from 2.4.1), accessors-smart to 2.4.7 (from 1.3) and asm to 9.1 (from 9.0)
sseide opened a new pull request #668:
URL: https://github.com/apache/jmeter/pull/668
## Description
This PR updates the used net.minidev:json-smart library to version 2.4.7 to fix a security warning. The accessors-smart lib is updated too as it belongs to json-smart and is released together.
The asm 9.1 library is a dependency of accessors-smart as well as for the already updated tika-parsers 1.26. Within the recent update of tika-parsers the asm update was missing.
## Motivation and Context
fix a security warning for json-smart:
* [CVE-2021-31684](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31684)
## How Has This Been Tested?
run `gradlew check` and use it for some days on our own setup.
## Screenshots (if appropriate):
## Types of changes
- Bug fix (non-breaking change which fixes an issue)
## Checklist:
- [x] My code follows the [code style][style-guide] of this project.
- [x] I have updated the documentation accordingly.
[style-guide]: https://wiki.apache.org/jmeter/CodeStyleGuidelines
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jmeter] codecov-commenter commented on pull request #668: update json-smart to 2.4.7 (from 2.4.1), accessors-smart to 2.4.7 (from 1.3) and asm to 9.1 (from 9.0)
Posted by GitBox <gi...@apache.org>.
codecov-commenter commented on pull request #668:
URL: https://github.com/apache/jmeter/pull/668#issuecomment-855928374
# [Codecov](https://codecov.io/gh/apache/jmeter/pull/668?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#668](https://codecov.io/gh/apache/jmeter/pull/668?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (6c85779) into [master](https://codecov.io/gh/apache/jmeter/commit/ec1d462f362a9475384db38c0bd75dfb766336d2?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (ec1d462) will **increase** coverage by `0.00%`.
> The diff coverage is `n/a`.
> :exclamation: Current head 6c85779 differs from pull request most recent head 68c20b2. Consider uploading reports for the commit 68c20b2 to get more accurate results
[![Impacted file tree graph](https://codecov.io/gh/apache/jmeter/pull/668/graphs/tree.svg?width=650&height=150&src=pr&token=6Q7CI1wFSh&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)](https://codecov.io/gh/apache/jmeter/pull/668?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
```diff
@@ Coverage Diff @@
## master #668 +/- ##
=========================================
Coverage 55.40% 55.41%
Complexity 10216 10216
=========================================
Files 1047 1047
Lines 64462 64462
Branches 7311 7311
=========================================
+ Hits 35718 35719 +1
+ Misses 26243 26242 -1
Partials 2501 2501
```
| [Impacted Files](https://codecov.io/gh/apache/jmeter/pull/668?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [...n/java/org/apache/jmeter/reporters/Summariser.java](https://codecov.io/gh/apache/jmeter/pull/668/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3JjL2NvcmUvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2ptZXRlci9yZXBvcnRlcnMvU3VtbWFyaXNlci5qYXZh) | `84.73% <0.00%> (-0.77%)` | :arrow_down: |
| [...a/org/apache/jmeter/timers/PoissonRandomTimer.java](https://codecov.io/gh/apache/jmeter/pull/668/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3JjL2NvbXBvbmVudHMvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2ptZXRlci90aW1lcnMvUG9pc3NvblJhbmRvbVRpbWVyLmphdmE=) | `78.37% <0.00%> (+5.40%)` | :arrow_up: |
------
[Continue to review full report at Codecov](https://codecov.io/gh/apache/jmeter/pull/668?src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by [Codecov](https://codecov.io/gh/apache/jmeter/pull/668?src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Last update [ec1d462...68c20b2](https://codecov.io/gh/apache/jmeter/pull/668?src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jmeter] FSchumacher closed pull request #668: update json-smart to 2.4.7 (from 2.4.1), accessors-smart to 2.4.7 (from 1.3) and asm to 9.1 (from 9.0)
Posted by GitBox <gi...@apache.org>.
FSchumacher closed pull request #668:
URL: https://github.com/apache/jmeter/pull/668
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jmeter] codecov-commenter edited a comment on pull request #668: update json-smart to 2.4.7 (from 2.4.1), accessors-smart to 2.4.7 (from 1.3) and asm to 9.1 (from 9.0)
Posted by GitBox <gi...@apache.org>.
codecov-commenter edited a comment on pull request #668:
URL: https://github.com/apache/jmeter/pull/668#issuecomment-855928374
# [Codecov](https://codecov.io/gh/apache/jmeter/pull/668?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#668](https://codecov.io/gh/apache/jmeter/pull/668?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (e51e2a3) into [master](https://codecov.io/gh/apache/jmeter/commit/ec1d462f362a9475384db38c0bd75dfb766336d2?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (ec1d462) will **decrease** coverage by `0.00%`.
> The diff coverage is `n/a`.
> :exclamation: Current head e51e2a3 differs from pull request most recent head 68c20b2. Consider uploading reports for the commit 68c20b2 to get more accurate results
[![Impacted file tree graph](https://codecov.io/gh/apache/jmeter/pull/668/graphs/tree.svg?width=650&height=150&src=pr&token=6Q7CI1wFSh&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)](https://codecov.io/gh/apache/jmeter/pull/668?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
```diff
@@ Coverage Diff @@
## master #668 +/- ##
============================================
- Coverage 55.40% 55.40% -0.01%
+ Complexity 10216 10214 -2
============================================
Files 1047 1047
Lines 64462 64462
Branches 7311 7311
============================================
- Hits 35718 35716 -2
Misses 26243 26243
- Partials 2501 2503 +2
```
| [Impacted Files](https://codecov.io/gh/apache/jmeter/pull/668?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [...ache/jmeter/reporters/SummariserRunningSample.java](https://codecov.io/gh/apache/jmeter/pull/668/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3JjL2NvcmUvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2ptZXRlci9yZXBvcnRlcnMvU3VtbWFyaXNlclJ1bm5pbmdTYW1wbGUuamF2YQ==) | `83.58% <0.00%> (-1.50%)` | :arrow_down: |
| [...n/java/org/apache/jmeter/reporters/Summariser.java](https://codecov.io/gh/apache/jmeter/pull/668/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3JjL2NvcmUvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2ptZXRlci9yZXBvcnRlcnMvU3VtbWFyaXNlci5qYXZh) | `84.73% <0.00%> (-0.77%)` | :arrow_down: |
------
[Continue to review full report at Codecov](https://codecov.io/gh/apache/jmeter/pull/668?src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by [Codecov](https://codecov.io/gh/apache/jmeter/pull/668?src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Last update [ec1d462...68c20b2](https://codecov.io/gh/apache/jmeter/pull/668?src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jmeter] sseide commented on pull request #668: update json-smart to 2.4.7 (from 2.4.1), accessors-smart to 2.4.7 (from 1.3) and asm to 9.1 (from 9.0)
Posted by GitBox <gi...@apache.org>.
sseide commented on pull request #668:
URL: https://github.com/apache/jmeter/pull/668#issuecomment-855893634
with commit 68c20b2 i update the `gradle.properties` file too to use asm version 9.1 instead of 9.0.
But even without this update of the `gradle.properties` file the newer version 9.1 was already used as a dependency of `accessors-smart` and `tika-parsers`. At least the `gradle check` run fetches the newer 9.1 and complained about wrong jar sizes in the `expected_release_jars.csv` file without updateing the information from 9.0 to 9.1.
Therfore i do not know if this updateto the porperties file is really needed or something within the gradle build not working as expected...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jmeter] FSchumacher commented on pull request #668: update json-smart to 2.4.7 (from 2.4.1), accessors-smart to 2.4.7 (from 1.3) and asm to 9.1 (from 9.0)
Posted by GitBox <gi...@apache.org>.
FSchumacher commented on pull request #668:
URL: https://github.com/apache/jmeter/pull/668#issuecomment-856213785
Thanks for the PR. It has been merged into master.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org