Skip to content

[1.13] up versions to be secure and fix issues due to deprecation #1187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Jan 6, 2025
Merged

[1.13] up versions to be secure and fix issues due to deprecation #1187

merged 11 commits into from
Jan 6, 2025
+33 −12

Conversation

@cicoyle
Copy link
Contributor

@cicoyle cicoyle commented Jan 3, 2025

Updates the dapr-sdk-autogen & dapr-sdk-actors pkgs to explicitly include secure versions of the following dependencies:

  • protobuf-java
  • okio
  • kotlin-stdlib

These dependencies were transitive, but were not properly included with secure versions, so I explicitly set them.

I also had to address the deprecation of GeneratedMessageV3 in the newer version of protobuf-java

@cicoyle cicoyle requested review from a team as code owners January 3, 2025 21:52
cicoyle added 4 commits January 3, 2025 16:20
@cicoyle
see if this fixes it
7df4078 
Signed-off-by: Cassandra Coyle <[email protected]>
@cicoyle
check if protoc is in ci
a81236b 
Signed-off-by: Cassandra Coyle <[email protected]>
@cicoyle
see if changes from this PR (dapr#1182) fix it
a0152bb 
Signed-off-by: Cassandra Coyle <[email protected]>
@cicoyle
3.25.5 version protobuf-java
886c916 
Signed-off-by: Cassandra Coyle <[email protected]>
@cicoyle cicoyle marked this pull request as draft January 3, 2025 22:56
@cicoyle cicoyle marked this pull request as ready for review January 6, 2025 18:47
@artursouza artursouza merged commit 88ec8c9 into dapr:release-1.13 Jan 6, 2025
8 checks passed
cicoyle added a commit to cicoyle/java-sdk that referenced this pull request Jan 6, 2025
@cicoyle
[1.13] up versions to be secure and fix issues due to deprecation (da…
57ac88e 
…pr#1187)

* up versions to be secure and fix issues due to deprecation

Signed-off-by: Cassandra Coyle <[email protected]>

* see if this fixes it

Signed-off-by: Cassandra Coyle <[email protected]>

* check if protoc is in ci

Signed-off-by: Cassandra Coyle <[email protected]>

* see if changes from this PR (dapr#1182) fix it

Signed-off-by: Cassandra Coyle <[email protected]>

* 3.25.5 version protobuf-java

Signed-off-by: Cassandra Coyle <[email protected]>

* rm explicit versions and fix deprecation dependency to new one

Signed-off-by: Cassandra Coyle <[email protected]>

* merge in release branch and lower protoc versions to match

Signed-off-by: Cassandra Coyle <[email protected]>

* force upped version

Signed-off-by: Cassandra Coyle <[email protected]>

* use protobuf.version 3.25.5 (secure)

Signed-off-by: Cassandra Coyle <[email protected]>

* use correct protobuf for sdk tests

Signed-off-by: Cassandra Coyle <[email protected]>

---------

Signed-off-by: Cassandra Coyle <[email protected]>
@cicoyle cicoyle mentioned this pull request Jan 6, 2025
Merged
artursouza pushed a commit that referenced this pull request Jan 8, 2025
@cicoyle
[1.13] up versions to be secure and fix issues due to deprecation (#1187
9cd6db2 
) (#1188)
@artur-ciocanu artur-ciocanu mentioned this pull request Jan 25, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@artursouza artursouza artursouza approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cicoyle @artursouza