Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Forced ktlint to use logback-core:1.2.13, and logback-classic:1.2.13 to address CVE. #602

Merged
merged 1 commit into from
Feb 29, 2024
Merged

Forced ktlint to use logback-core:1.2.13, and logback-classic:1.2.13 to address CVE. #602

merged 1 commit into from
Feb 29, 2024

Conversation

AWSHurneyt
Copy link
Collaborator

Description

Forced ktlint to use logback-core:1.2.13, and logback-classic:1.2.13 to address CVE.

Issues Resolved

[List any issues this PR will resolve]

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@AWSHurneyt AWSHurneyt added backport 1.3 v1.3.15 Issues targeting release v1.3.15 labels Feb 29, 2024
@AWSHurneyt AWSHurneyt merged commit f650858 into opensearch-project:1.x Feb 29, 2024
9 checks passed
AWSHurneyt added a commit to AWSHurneyt/common-utils that referenced this pull request Feb 29, 2024
@AWSHurneyt
Forced ktlint to use logback-core:1.2.13, and logback-classic:1.2.13 …
a611e3c 
…to address CVE. (opensearch-project#602)

Signed-off-by: AWSHurneyt <[email protected]>
@AWSHurneyt AWSHurneyt mentioned this pull request Feb 29, 2024
Merged
5 tasks
AWSHurneyt added a commit to AWSHurneyt/common-utils that referenced this pull request Feb 29, 2024
@AWSHurneyt
Forced ktlint to use logback-core:1.2.13, and logback-classic:1.2.13 …
10966b8 
…to address CVE. (opensearch-project#602)

Signed-off-by: AWSHurneyt <[email protected]>
AWSHurneyt added a commit that referenced this pull request Feb 29, 2024
@AWSHurneyt @adityaj1107
@zhongnansu @dai-chen @joshuali925 @saratvemulapalli @skkosuri-amzn @VachaShah @dblock @bowenlan-amzn @thalurur @lezzago @downsrob @qreshi @mch2 @getsaurabh02 @ryanbogan @peternied @dbbaughe @mend-for-github-com @gaiksaya @opensearch-trigger-bot @opensearch-ci-bot @zelinh @prudhvigodithi @peterzhuamazon @sbcd90 @eirsep @cwperks
[Backport 1.3] Forced ktlint to use logback-core:1.2.13, and logback-…
a0baf55 
…classic:1.2.13 to address CVE. #602 (#603)

* Merge changes in the main branch to the 1.x branch. (#42)

* Update Release Notes for GA (#36)

* Update Release Notes for GA

* Update Release Notes for GA include RC1 Changes as well.

Signed-off-by: Aditya Jindal <[email protected]>

* add method type in CustomWebhook data model (#39)

Signed-off-by: Zhongnan Su <[email protected]>

* Fix class loader issue for notifications response (#40)

* Fix class loader issue for notifications

Signed-off-by: Joshua Li <[email protected]>

* Fix formatting

Signed-off-by: Joshua Li <[email protected]>

* Refactor creation of action listener object

Signed-off-by: Joshua Li <[email protected]>

* Fix indentation

Signed-off-by: Joshua Li <[email protected]>

* Remove unused suppresses

Signed-off-by: Joshua Li <[email protected]>

* Add UT for notification API

Signed-off-by: Chen Dai <[email protected]>

* Add UT for notification API

Signed-off-by: Chen Dai <[email protected]>

* Add UT for send notification API

Signed-off-by: Chen Dai <[email protected]>

* Fix Github workflow failure

Signed-off-by: Chen Dai <[email protected]>

* Fix Github workflow failure

Signed-off-by: Chen Dai <[email protected]>

* Refactor UT code

Signed-off-by: Chen Dai <[email protected]>

Co-authored-by: Joshua Li <[email protected]>

Co-authored-by: Zhongnan Su <[email protected]>
Co-authored-by: Chen Dai <[email protected]>
Co-authored-by: Joshua Li <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* [1.x] Bumping common-utils to build with OpenSearch(1.x) 1.1.0 (#52)

* Bumping common-utils to build with OpenSearch(main) 1.1.0 (#48)

Signed-off-by: Sarat Vemulapalli <[email protected]>

* Updating 1.x to work with OpenSearch 1.x

Signed-off-by: Sarat Vemulapalli <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Backport 1.1 changes to 1.x (#72)

* Add Commits related to Snapshot build of Common Utils on 1.1 (#67)

* Using 1.1 snapshot version for OpenSearch (#57)

Signed-off-by: Vacha <[email protected]>

* Build snapshot build by default with the same version as OpenSearch. (#58)

Signed-off-by: dblock <[email protected]>

* Update build.gradle to reflect 1.1.0.0 version

Co-authored-by: Vacha <[email protected]>
Co-authored-by: Daniel Doubrovkine (dB.) <[email protected]>

* Build snapshot build by default with the same version as OpenSearch. (#58) (#69)

Signed-off-by: dblock <[email protected]>

* Adding an utility method that allows consumers to set custom thread context property in InjectSecurity class (#47) (#70)

Signed-off-by: Ravi Thaluru <[email protected]>

Co-authored-by: Ravi <[email protected]>

* Add release notes for version 1.1.0.0

* Add release notes for version 1.1.0.0

Co-authored-by: Aditya Jindal <[email protected]>
Co-authored-by: Vacha <[email protected]>
Co-authored-by: Daniel Doubrovkine (dB.) <[email protected]>
Co-authored-by: Bowen Lan <[email protected]>
Co-authored-by: Ravi <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Backport main changes to 1.x (#93)

* Add themed logo to README (#41)

Signed-off-by: Miki <[email protected]>

* Updates common-utils version to 1.2 (#77)

* Updates common-utils version to 1.2 and Uses Maven for 1.2 dependencies

Signed-off-by: Clay Downs <[email protected]>

* Publish .md5 and .sha1 signatures. (#79) (#80)

* Publish .md5 and .sha1 signatures.

Signed-off-by: dblock <[email protected]>

* Use OpenSearch 1.1.

Signed-off-by: dblock <[email protected]>

* Publish source and javadoc checksums. (#81)

Signed-off-by: dblock <[email protected]>

* Update copyright notice (#90)

Signed-off-by: Mohammad Qureshi <[email protected]>

* Update maven publication to include cksums. (#91)

This change adds a local staging repo task that will include cksums.  It will also update build.sh to use this new task and copy the contents of the staging repo to the output directory.
The maven publish plugin will not include these cksums when publishing to maven local but will when published to a separate folder.

Signed-off-by: Marc Handalian <[email protected]>

* Add release notes for version 1.2.0.0 (#92)

* Add release notes for version 1.2.0.0

Signed-off-by: Ashish Agrawal <[email protected]>

Co-authored-by: Miki <[email protected]>
Co-authored-by: Clay Downs <[email protected]>
Co-authored-by: Daniel Doubrovkine (dB.) <[email protected]>
Co-authored-by: Mohammad Qureshi <[email protected]>
Co-authored-by: Marc Handalian <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Backport main changes to 1.x (#126)

* Fix copyright notice and add DCO check workflow (#94)

Signed-off-by: Ashish Agrawal <[email protected]>

* Update build.sh script to include optional platform param. (#95)

Signed-off-by: Marc Handalian <[email protected]>

* Add codeowners support for repo (#96)

Signed-off-by: Ryan Bogan <[email protected]>

* Bump version to 1.3 (#99)

Signed-off-by: Ashish Agrawal <[email protected]>

* Auto-increment version on new release tags. (#106)

Signed-off-by: Daniel Doubrovkine (dB.) <[email protected]>

* Remove jcenter repository (#115)

Signed-off-by: Peter Nied <[email protected]>

* Using Github App token to trigger CI for version increment PRs (#116)

Signed-off-by: Vacha Shah <[email protected]>

* Fixes copyright headers (#117)

Signed-off-by: Drew Baugher <[email protected]>

* Remove jcenter repository missed on first pass (#118)

Signed-off-by: Peter Nied <[email protected]>

* Run CI/CD on Java 8, 11, 14 and 17. (#121)

* Run CI/CD on Java 8, 11, 14 and 17.

Signed-off-by: Daniel Doubrovkine (dB.) <[email protected]>

* Add JDK 17.

Signed-off-by: Daniel Doubrovkine (dB.) <[email protected]>

* Add .whitesource configuration file (#109)

Co-authored-by: whitesource-for-github-com[bot] <50673670+whitesource-for-github-com[bot]@users.noreply.github.com>

Co-authored-by: Ashish Agrawal <[email protected]>
Co-authored-by: Marc Handalian <[email protected]>
Co-authored-by: Ryan Bogan <[email protected]>
Co-authored-by: Daniel Doubrovkine (dB.) <[email protected]>
Co-authored-by: Peter Nied <[email protected]>
Co-authored-by: Vacha Shah <[email protected]>
Co-authored-by: Drew Baugher <[email protected]>
Co-authored-by: Peter Nied <[email protected]>
Co-authored-by: whitesource-for-github-com[bot] <50673670+whitesource-for-github-com[bot]@users.noreply.github.com>
Signed-off-by: AWSHurneyt <[email protected]>

* Add release notes for version 1.3.0.0 (#134)

Signed-off-by: Saurabh Singh <[email protected]>

Co-authored-by: Saurabh Singh <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Bump version to 1.3.1 (#145)

Signed-off-by: Sayali Gaikawad <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Incremented version to 1.3.2 (#148)

Signed-off-by: Sayali Gaikawad <[email protected]>

Co-authored-by: opensearch-ci-bot <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Adding signoff option for version workflow PR (#143) (#150)

Signed-off-by: Vacha Shah <[email protected]>
(cherry picked from commit 6e78f69)

Co-authored-by: Vacha Shah <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Incremented version to 1.3.3. (#180)

Signed-off-by: dblock <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Incremented version to 1.3.4. (#198)

Signed-off-by: Zelin Hao <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Staging for version increment automation (#200) (#208)

* Version increment automation

Signed-off-by: pgodithi <[email protected]>

* Version increment automation: task rename updateVersion

Signed-off-by: pgodithi <[email protected]>
(cherry picked from commit 366bf16)
Signed-off-by: prudhvigodithi <[email protected]>

Signed-off-by: pgodithi <[email protected]>
Signed-off-by: prudhvigodithi <[email protected]>
Co-authored-by: Prudhvi Godithi <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* release 1.3.5 (#219)

Signed-off-by: prudhvigodithi <[email protected]>

Signed-off-by: prudhvigodithi <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Increment version to 1.3.6-SNAPSHOT (#243)

Signed-off-by: opensearch-ci-bot <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Change TrustStoreTest to use File.separator to support Windows path (#258) (#260)

Signed-off-by: Peter Zhu <[email protected]>

Signed-off-by: Peter Zhu <[email protected]>
(cherry picked from commit 7dcb3a0)

Co-authored-by: Peter Zhu <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* disable detekt so that snakeyaml <= 1.31 is not used (#266)

* disable detekt so that snakeyaml <= 1.31 is not used

Signed-off-by: AWSHurneyt <[email protected]>

* add release-notes for 1.3.6 (#267)

Signed-off-by: Subhobrata Dey <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* [AUTO] Increment version to 1.3.7-SNAPSHOT (#276)

* Increment version to 1.3.7-SNAPSHOT

Signed-off-by: opensearch-ci-bot <[email protected]>

* empty commit trigger

Signed-off-by: Peter Zhu <[email protected]>

Signed-off-by: opensearch-ci-bot <[email protected]>
Signed-off-by: Peter Zhu <[email protected]>
Co-authored-by: opensearch-ci-bot <[email protected]>
Co-authored-by: Peter Zhu <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Adding CI workflow for Windows OS (#333)

Signed-off-by: Subhobrata Dey <[email protected]>

Signed-off-by: Subhobrata Dey <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Increment version to 1.3.8-SNAPSHOT (#338)

Signed-off-by: opensearch-ci-bot <[email protected]>

Signed-off-by: opensearch-ci-bot <[email protected]>
Co-authored-by: opensearch-ci-bot <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Add auto-release workflow (#376) (#377)

Signed-off-by: Craig Perkins <[email protected]>
(cherry picked from commit 89b7457)

Co-authored-by: Craig Perkins <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Increment version to 1.3.9-SNAPSHOT (#355)

Signed-off-by: opensearch-ci-bot <[email protected]>
Co-authored-by: opensearch-ci-bot <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Incremented version to 1.3.10 (#388)

Signed-off-by: GitHub <[email protected]>
Co-authored-by: opensearch-ci-bot <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Increment version to 1.3.11-SNAPSHOT (#453)

Signed-off-by: opensearch-ci-bot <[email protected]>
Co-authored-by: opensearch-ci-bot <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Increment version to 1.3.12-SNAPSHOT (#471)

Signed-off-by: opensearch-ci-bot <[email protected]>
Co-authored-by: opensearch-ci-bot <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Increment version to 1.3.13-SNAPSHOT (#504)

Signed-off-by: opensearch-ci-bot <[email protected]>
Co-authored-by: opensearch-ci-bot <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Increment version to 1.3.14-SNAPSHOT (#540)

Signed-off-by: opensearch-ci-bot <[email protected]>
Co-authored-by: opensearch-ci-bot <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* [AUTO] Increment version to 1.3.15-SNAPSHOT (#575)

* Increment version to 1.3.15-SNAPSHOT

Signed-off-by: opensearch-ci-bot <[email protected]>

* Empty-Commit

Signed-off-by: Ashish Agrawal <[email protected]>

* Remove jdk 8 CI test

Signed-off-by: Ashish Agrawal <[email protected]>

---------

Signed-off-by: opensearch-ci-bot <[email protected]>
Signed-off-by: Ashish Agrawal <[email protected]>
Co-authored-by: opensearch-ci-bot <[email protected]>
Co-authored-by: Ashish Agrawal <[email protected]>
Signed-off-by: AWSHurneyt <[email protected]>

* Forced ktlint to use logback-core:1.2.13, and logback-classic:1.2.13 to address CVE. (#602)

Signed-off-by: AWSHurneyt <[email protected]>

---------

Signed-off-by: AWSHurneyt <[email protected]>
Signed-off-by: Sarat Vemulapalli <[email protected]>
Signed-off-by: Sayali Gaikawad <[email protected]>
Signed-off-by: dblock <[email protected]>
Signed-off-by: Zelin Hao <[email protected]>
Signed-off-by: pgodithi <[email protected]>
Signed-off-by: prudhvigodithi <[email protected]>
Signed-off-by: opensearch-ci-bot <[email protected]>
Signed-off-by: Subhobrata Dey <[email protected]>
Signed-off-by: Peter Zhu <[email protected]>
Signed-off-by: GitHub <[email protected]>
Signed-off-by: Ashish Agrawal <[email protected]>
Co-authored-by: Aditya Jindal <[email protected]>
Co-authored-by: Zhongnan Su <[email protected]>
Co-authored-by: Chen Dai <[email protected]>
Co-authored-by: Joshua Li <[email protected]>
Co-authored-by: Sarat Vemulapalli <[email protected]>
Co-authored-by: Sriram <[email protected]>
Co-authored-by: Vacha <[email protected]>
Co-authored-by: Daniel Doubrovkine (dB.) <[email protected]>
Co-authored-by: Bowen Lan <[email protected]>
Co-authored-by: Ravi <[email protected]>
Co-authored-by: Ashish Agrawal <[email protected]>
Co-authored-by: Miki <[email protected]>
Co-authored-by: Clay Downs <[email protected]>
Co-authored-by: Mohammad Qureshi <[email protected]>
Co-authored-by: Marc Handalian <[email protected]>
Co-authored-by: Saurabh Singh <[email protected]>
Co-authored-by: Ryan Bogan <[email protected]>
Co-authored-by: Peter Nied <[email protected]>
Co-authored-by: Drew Baugher <[email protected]>
Co-authored-by: Peter Nied <[email protected]>
Co-authored-by: whitesource-for-github-com[bot] <50673670+whitesource-for-github-com[bot]@users.noreply.github.com>
Co-authored-by: Saurabh Singh <[email protected]>
Co-authored-by: Sayali Gaikawad <[email protected]>
Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com>
Co-authored-by: opensearch-ci-bot <[email protected]>
Co-authored-by: Daniel (dB.) Doubrovkine <[email protected]>
Co-authored-by: Zelin Hao <[email protected]>
Co-authored-by: Prudhvi Godithi <[email protected]>
Co-authored-by: Peter Zhu <[email protected]>
Co-authored-by: Subhobrata Dey <[email protected]>
Co-authored-by: opensearch-ci-bot <[email protected]>
Co-authored-by: Surya Sashank Nistala <[email protected]>
Co-authored-by: Craig Perkins <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eirsep eirsep eirsep approved these changes

@riysaxen-amzn riysaxen-amzn riysaxen-amzn approved these changes

Assignees
No one assigned
Labels
backport 1.3 v1.3.15 Issues targeting release v1.3.15
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AWSHurneyt @eirsep @riysaxen-amzn