You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@dubbo.apache.org by GitBox <gi...@apache.org> on 2022/10/08 13:04:06 UTC
[GitHub] [dubbo] zhoumengyks opened a new pull request, #10708: fix(sec): upgrade org.bouncycastle:bcprov-ext-jdk15on to 1.69
zhoumengyks opened a new pull request, #10708:
URL: https://github.com/apache/dubbo/pull/10708
### What happened?
There are 1 security vulnerabilities found in org.bouncycastle:bcprov-ext-jdk15on 1.68
- [MPS-2022-54308](https://www.oscs1024.com/hd/MPS-2022-54308)
### What did I do?
Upgrade org.bouncycastle:bcprov-ext-jdk15on from 1.68 to 1.69 for vulnerability fix
### What did you expect to happen?
Ideally, no insecure libs should be used.
### The specification of the pull request
[PR Specification](https://www.oscs1024.com/docs/pr-specification/) from OSCS
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo] codecov-commenter commented on pull request #10708: fix(sec): upgrade org.bouncycastle:bcprov-ext-jdk15on to 1.69
Posted by GitBox <gi...@apache.org>.
codecov-commenter commented on PR #10708:
URL: https://github.com/apache/dubbo/pull/10708#issuecomment-1272330937
# [Codecov](https://codecov.io/gh/apache/dubbo/pull/10708?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#10708](https://codecov.io/gh/apache/dubbo/pull/10708?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (2116bdc) into [3.1](https://codecov.io/gh/apache/dubbo/commit/e893407dd8f76f56509262271816a04ccadb9f7b?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (e893407) will **decrease** coverage by `0.17%`.
> The diff coverage is `n/a`.
```diff
@@ Coverage Diff @@
## 3.1 #10708 +/- ##
============================================
- Coverage 65.20% 65.02% -0.18%
Complexity 493 493
============================================
Files 1336 1336
Lines 56932 56932
Branches 8438 8438
============================================
- Hits 37123 37022 -101
- Misses 15840 15939 +99
- Partials 3969 3971 +2
```
| [Impacted Files](https://codecov.io/gh/apache/dubbo/pull/10708?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [.../serialize/hessian2/Hessian2SerializerFactory.java](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZHViYm8tc2VyaWFsaXphdGlvbi9kdWJiby1zZXJpYWxpemF0aW9uLWhlc3NpYW4yL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kdWJiby9jb21tb24vc2VyaWFsaXplL2hlc3NpYW4yL0hlc3NpYW4yU2VyaWFsaXplckZhY3RvcnkuamF2YQ==) | `0.00% <0.00%> (-100.00%)` | :arrow_down: |
| [...sian2/dubbo/DefaultHessian2FactoryInitializer.java](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZHViYm8tc2VyaWFsaXphdGlvbi9kdWJiby1zZXJpYWxpemF0aW9uLWhlc3NpYW4yL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kdWJiby9jb21tb24vc2VyaWFsaXplL2hlc3NpYW4yL2R1YmJvL0RlZmF1bHRIZXNzaWFuMkZhY3RvcnlJbml0aWFsaXplci5qYXZh) | `0.00% <0.00%> (-100.00%)` | :arrow_down: |
| [...ize/hessian2/dubbo/Hessian2FactoryInitializer.java](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZHViYm8tc2VyaWFsaXphdGlvbi9kdWJiby1zZXJpYWxpemF0aW9uLWhlc3NpYW4yL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kdWJiby9jb21tb24vc2VyaWFsaXplL2hlc3NpYW4yL2R1YmJvL0hlc3NpYW4yRmFjdG9yeUluaXRpYWxpemVyLmphdmE=) | `0.00% <0.00%> (-60.00%)` | :arrow_down: |
| [...common/serialize/hessian2/Hessian2ObjectInput.java](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZHViYm8tc2VyaWFsaXphdGlvbi9kdWJiby1zZXJpYWxpemF0aW9uLWhlc3NpYW4yL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kdWJiby9jb21tb24vc2VyaWFsaXplL2hlc3NpYW4yL0hlc3NpYW4yT2JqZWN0SW5wdXQuamF2YQ==) | `0.00% <0.00%> (-51.86%)` | :arrow_down: |
| [...ian2/dubbo/AbstractHessian2FactoryInitializer.java](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZHViYm8tc2VyaWFsaXphdGlvbi9kdWJiby1zZXJpYWxpemF0aW9uLWhlc3NpYW4yL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kdWJiby9jb21tb24vc2VyaWFsaXplL2hlc3NpYW4yL2R1YmJvL0Fic3RyYWN0SGVzc2lhbjJGYWN0b3J5SW5pdGlhbGl6ZXIuamF2YQ==) | `0.00% <0.00%> (-50.00%)` | :arrow_down: |
| [...ommon/serialize/hessian2/Hessian2ObjectOutput.java](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZHViYm8tc2VyaWFsaXphdGlvbi9kdWJiby1zZXJpYWxpemF0aW9uLWhlc3NpYW4yL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kdWJiby9jb21tb24vc2VyaWFsaXplL2hlc3NpYW4yL0hlc3NpYW4yT2JqZWN0T3V0cHV0LmphdmE=) | `0.00% <0.00%> (-43.75%)` | :arrow_down: |
| [...mmon/serialize/hessian2/Hessian2Serialization.java](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZHViYm8tc2VyaWFsaXphdGlvbi9kdWJiby1zZXJpYWxpemF0aW9uLWhlc3NpYW4yL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kdWJiby9jb21tb24vc2VyaWFsaXplL2hlc3NpYW4yL0hlc3NpYW4yU2VyaWFsaXphdGlvbi5qYXZh) | `40.00% <0.00%> (-40.00%)` | :arrow_down: |
| [...nt/metadata/ServiceInstanceHostPortCustomizer.java](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZHViYm8tcmVnaXN0cnkvZHViYm8tcmVnaXN0cnktYXBpL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kdWJiby9yZWdpc3RyeS9jbGllbnQvbWV0YWRhdGEvU2VydmljZUluc3RhbmNlSG9zdFBvcnRDdXN0b21pemVyLmphdmE=) | `65.78% <0.00%> (-21.06%)` | :arrow_down: |
| [...bbo/remoting/buffer/ChannelBufferOutputStream.java](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZHViYm8tcmVtb3RpbmcvZHViYm8tcmVtb3RpbmctYXBpL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kdWJiby9yZW1vdGluZy9idWZmZXIvQ2hhbm5lbEJ1ZmZlck91dHB1dFN0cmVhbS5qYXZh) | `68.75% <0.00%> (-18.75%)` | :arrow_down: |
| [...common/serialize/DefaultMultipleSerialization.java](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-ZHViYm8tc2VyaWFsaXphdGlvbi9kdWJiby1zZXJpYWxpemF0aW9uLWFwaS9zcmMvbWFpbi9qYXZhL29yZy9hcGFjaGUvZHViYm8vY29tbW9uL3NlcmlhbGl6ZS9EZWZhdWx0TXVsdGlwbGVTZXJpYWxpemF0aW9uLmphdmE=) | `85.71% <0.00%> (-14.29%)` | :arrow_down: |
| ... and [40 more](https://codecov.io/gh/apache/dubbo/pull/10708/diff?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | |
:mega: We’re building smart automated test selection to slash your CI/CD build times. [Learn more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo] AlbumenJ merged pull request #10708: fix(sec): upgrade org.bouncycastle:bcprov-ext-jdk15on to 1.69
Posted by GitBox <gi...@apache.org>.
AlbumenJ merged PR #10708:
URL: https://github.com/apache/dubbo/pull/10708
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org