New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): update bcprov-jdk15on to bcprov-jdk18on #295
Conversation
… to bcpkix-jdk18on
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.bouncycastle</groupId> | ||
<artifactId>bcpkix-jdk15on</artifactId> | ||
<artifactId>bcpkix-jdk18on</artifactId> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While doing this task I noticed that this lib bcpkix-jdk15on was also moved to bcpkix-jdk18on so I bumped it up as well. I hope that's fine
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey, It's fine, but you need to create a PR in APIM with 5.8.2-apim-4028-update-to-bcprov-jdk18on-SNAPSHOT version of node and make sure all tests pass. I'm pretty sure it is used in the project (look at gravitee-gateway-test-sdk and integration-tests projects first.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pom.xml
gravitee-apim-rest-api/gravitee-apim-rest-api-standalone/gravitee-apim-rest-api-standalone-container/pom.xml
gravitee-apim-rest-api/gravitee-apim-rest-api-idp/gravitee-apim-rest-api-idp-core/pom.xml
gravitee-apim-gateway/gravitee-apim-gateway-security/gravitee-apim-gateway-security-jwt/pom.xml
gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/pom.xml
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Those files make ref to BC. Make sure it is up to date.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @benoitgravitee. Sure thing, here I created APIM PR with the changes you mentioned:
https://github.com/gravitee-io/gravitee-api-management/pull/6837/files
🎉 This PR is included in version 5.9.1 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
Issue
https://gravitee.atlassian.net/browse/APIM-4028
Description
The library https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on has been moved to https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk18on
The library https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk15on has been moved to
https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk18on
Additional context
The main goal of this task is to update the library and resolve vulnerability issues:
https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-6084022
Gravitee.io Automatic Deployment
🚀 A prerelease version of this package has been published on Gravitee's private artifactory, you can:
5.8.2-apim-4028-update-to-bcprov-jdk18on-SNAPSHOT