You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@airavata.apache.org by PJ Fanning <fa...@apache.org> on 2022/04/05 11:09:55 UTC

github PRs for lib upgrades

Hi,
I have a couple of PRs in github [1] to upgrade some lib dependencies
that have CVEs open against them.

Would any Airavata committer be in a position to review them?

Regards,
PJ

[1] https://github.com/apache/airavata/pulls

Re: [External] github PRs for lib upgrades

Posted by "Pierce, Marlon" <ma...@iu.edu>.

Hi PJ, thanks for the nudge, we will review.

Marlon

From: PJ Fanning <fa...@apache.org>
Date: Tuesday, April 5, 2022 at 7:11 AM
To: dev@airavata.apache.org <de...@airavata.apache.org>
Subject: [External] github PRs for lib upgrades
[You don't often get email from fanningpj@apache.org. Learn why this is important at http://aka.ms/LearnAboutSenderIdentification.]<http://aka.ms/LearnAboutSenderIdentification.%5d>

This message was sent from a non-IU address. Please exercise caution when clicking links or opening attachments from external sources.
-------

Hi,
I have a couple of PRs in github [1] to upgrade some lib dependencies
that have CVEs open against them.

Would any Airavata committer be in a position to review them?

Regards,
PJ

[1] https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fairavata%2Fpulls&amp;data=04%7C01%7Cmarpierc%40iu.edu%7C8f168528bf114a7fb50208da16f4dcf2%7C1113be34aed14d00ab4bcdd02510be91%7C0%7C0%7C637847538624516035%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&amp;sdata=KLTZQLQBDvzdZMNeBrd8J1nmVOGx4JpDCvcoIdlfWQg%3D&amp;reserved=0

Re: github PRs for lib upgrades

Posted by PJ Fanning <fa...@apache.org>.

Hi everyone,
These 4 PRs plus a new one for xerces (raised by dependabot) are still open for review. Would someone be able to have a look? https://github.com/apache/airavata/pulls

Regards,
PJ

On 2022/04/17 22:26:07 PJ Fanning wrote:
> Hi everyone,
> I added another batch of jar upgrades for libs that have security issues. There are 4 PRs at top of list on https://github.com/apache/airavata/pulls - would anyone be in a position to review them?
> 
> Regards,
> PJ
> 
> On 2022/04/05 11:09:55 PJ Fanning wrote:
> > Hi,
> > I have a couple of PRs in github [1] to upgrade some lib dependencies
> > that have CVEs open against them.
> > 
> > Would any Airavata committer be in a position to review them?
> > 
> > Regards,
> > PJ
> > 
> > [1] https://github.com/apache/airavata/pulls
> > 
>

Re: github PRs for lib upgrades

Posted by PJ Fanning <fa...@apache.org>.

Hi everyone,
I added another batch of jar upgrades for libs that have security issues. There are 4 PRs at top of list on https://github.com/apache/airavata/pulls - would anyone be in a position to review them?

Regards,
PJ

On 2022/04/05 11:09:55 PJ Fanning wrote:
> Hi,
> I have a couple of PRs in github [1] to upgrade some lib dependencies
> that have CVEs open against them.
> 
> Would any Airavata committer be in a position to review them?
> 
> Regards,
> PJ
> 
> [1] https://github.com/apache/airavata/pulls
>