Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update bcprov-jdk15on to bcprov-jdk18on #295

Merged
merged 1 commit into from Mar 7, 2024
Merged

fix(deps): update bcprov-jdk15on to bcprov-jdk18on #295

merged 1 commit into from Mar 7, 2024

Conversation

JedrzejJanasiak
Copy link

@JedrzejJanasiak JedrzejJanasiak commented Mar 5, 2024
edited by graviteeio

Issue

https://gravitee.atlassian.net/browse/APIM-4028

Description

The library https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on has been moved to https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk18on
The library https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk15on has been moved to
https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk18on

Additional context

The main goal of this task is to update the library and resolve vulnerability issues:
https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-6084022

Gravitee.io Automatic Deployment

🚀 A prerelease version of this package has been published on Gravitee's private artifactory, you can:

  • use it directly by updating your project with version: 5.8.2-apim-4028-update-to-bcprov-jdk18on-SNAPSHOT
  • download it from Artifactory here

@JedrzejJanasiak JedrzejJanasiak requested a review from a team as a code owner March 5, 2024 12:03
JedrzejJanasiak
JedrzejJanasiak commented Mar 5, 2024
View reviewed changes
gravitee-node-certificates/pom.xml
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<artifactId>bcpkix-jdk18on</artifactId>
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While doing this task I noticed that this lib bcpkix-jdk15on was also moved to bcpkix-jdk18on so I bumped it up as well. I hope that's fine

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey, It's fine, but you need to create a PR in APIM with 5.8.2-apim-4028-update-to-bcprov-jdk18on-SNAPSHOT version of node and make sure all tests pass. I'm pretty sure it is used in the project (look at gravitee-gateway-test-sdk and integration-tests projects first.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pom.xml
gravitee-apim-rest-api/gravitee-apim-rest-api-standalone/gravitee-apim-rest-api-standalone-container/pom.xml
gravitee-apim-rest-api/gravitee-apim-rest-api-idp/gravitee-apim-rest-api-idp-core/pom.xml
gravitee-apim-gateway/gravitee-apim-gateway-security/gravitee-apim-gateway-security-jwt/pom.xml
gravitee-apim-gateway/gravitee-apim-gateway-handlers/gravitee-apim-gateway-handlers-api/pom.xml

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Those files make ref to BC. Make sure it is up to date.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @benoitgravitee. Sure thing, here I created APIM PR with the changes you mentioned:
https://github.com/gravitee-io/gravitee-api-management/pull/6837/files

@JedrzejJanasiak JedrzejJanasiak merged commit 81314e4 into master Mar 7, 2024
8 checks passed
@JedrzejJanasiak JedrzejJanasiak deleted the apim-4028-update-to-bcprov-jdk18on branch March 7, 2024 16:17
@graviteeio
Copy link
Contributor

🎉 This PR is included in version 5.9.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jgiovaresco jgiovaresco jgiovaresco approved these changes

@benoitgravitee benoitgravitee benoitgravitee approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
4 participants
@JedrzejJanasiak @graviteeio @jgiovaresco @benoitgravitee