Skip to content

Bump json-smart and oauth2-oidc-sdk #122737

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jfreden merged 10 commits into from
Feb 18, 2025
Merged

Bump json-smart and oauth2-oidc-sdk #122737

jfreden merged 10 commits into from
Feb 18, 2025

Conversation

@jfreden
Copy link
Contributor

@jfreden jfreden commented Feb 17, 2025

Bump json-smart and oauth2-oidc-sdk

@jfreden jfreden marked this pull request as ready for review February 17, 2025 10:42
@jfreden jfreden requested a review from a team as a code owner February 17, 2025 10:42
@elasticsearchmachine elasticsearchmachine added the needs:triage Requires assignment of a team area label label Feb 17, 2025
@jfreden jfreden added :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) and removed needs:triage Requires assignment of a team area label labels Feb 17, 2025
@elasticsearchmachine elasticsearchmachine added the Team:Security Meta label for security team label Feb 17, 2025
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Feb 17, 2025

Pinging @elastic/es-security (Team:Security)

@elasticsearchmachine elasticsearchmachine added the Team:Security Meta label for security team label Feb 17, 2025
@jfreden jfreden added >upgrade auto-backport Automatically create backport pull requests when merged and removed Team:Security Meta label for security team labels Feb 17, 2025
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Feb 17, 2025

Hi @jfreden, I've created a changelog YAML for you.

@elasticsearchmachine elasticsearchmachine added the Team:Security Meta label for security team label Feb 17, 2025
@slobodanadamovic slobodanadamovic self-requested a review February 17, 2025 14:06
slobodanadamovic
slobodanadamovic reviewed Feb 17, 2025
View reviewed changes
slobodanadamovic
slobodanadamovic reviewed Feb 17, 2025
View reviewed changes
slobodanadamovic
slobodanadamovic reviewed Feb 17, 2025
View reviewed changes
slobodanadamovic
slobodanadamovic reviewed Feb 17, 2025
View reviewed changes
@jfreden
Copy link
Contributor Author

jfreden commented Feb 18, 2025

I've updated most of the transitive dependencies. There are a bunch of dependencies for oauth2-oidc-sdk that are very widely used and were not updated as part of the previous upgrade. For example commons-codec, bcprov-jdk18on and opensaml. Since those are optional and have a pretty large surface area, I think excluding updating them here makes sense.

jfreden
jfreden commented Feb 18, 2025
View reviewed changes
...urity/lib/nimbus-jose-jwt-modified/src/main/java/com/nimbusds/jose/util/JSONObjectUtils.java
}
}

public static Date getEpochSecondAsDate(final Map<String, Object> o, final String key) throws ParseException {
Copy link
Contributor Author

@jfreden jfreden Feb 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This method was added since we last upgraded: https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/bd59d30bfc33c6eb8ec9514f67a4261d95c894c4#Lsrc/main/java/com/nimbusds/jose/util/JSONObjectUtils.javaT519

slobodanadamovic
slobodanadamovic approved these changes Feb 18, 2025
View reviewed changes
Copy link
Contributor

@slobodanadamovic slobodanadamovic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@jfreden jfreden merged commit e166645 into elastic:main Feb 18, 2025
22 checks passed
jfreden added a commit to jfreden/elasticsearch that referenced this pull request Feb 18, 2025
@jfreden
Bump json-smart and oauth2-oidc-sdk (elastic#122737)
5079c54 
* Bump json-smart and oauth2-oidc-sdk

---------

Co-authored-by: elasticsearchmachine <[email protected]>
@jfreden jfreden mentioned this pull request Feb 18, 2025
Merged
jfreden added a commit to jfreden/elasticsearch that referenced this pull request Feb 18, 2025
@jfreden
Bump json-smart and oauth2-oidc-sdk (elastic#122737)
9b5e7d6 
* Bump json-smart and oauth2-oidc-sdk

---------

Co-authored-by: elasticsearchmachine <[email protected]>
@jfreden jfreden mentioned this pull request Feb 18, 2025
Merged
jfreden added a commit to jfreden/elasticsearch that referenced this pull request Feb 18, 2025
@jfreden
Bump json-smart and oauth2-oidc-sdk (elastic#122737)
25dc508 
* Bump json-smart and oauth2-oidc-sdk

---------

Co-authored-by: elasticsearchmachine <[email protected]>
@jfreden jfreden mentioned this pull request Feb 18, 2025
Merged
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Feb 18, 2025

💔 Backport failed

Status Branch Result
8.18
8.x
9.0
8.16 Commit could not be cherrypicked due to conflicts
8.17 Commit could not be cherrypicked due to conflicts

You can use sqren/backport to manually backport by running backport --upstream elastic/elasticsearch --pr 122737

@jfreden jfreden mentioned this pull request Feb 19, 2025
Merged
jfreden added a commit to jfreden/elasticsearch that referenced this pull request Feb 19, 2025
@jfreden
Bump json-smart and oauth2-oidc-sdk (elastic#122737)
849c1df 
* Bump json-smart and oauth2-oidc-sdk

---------

Co-authored-by: elasticsearchmachine <[email protected]>
(cherry picked from commit e166645)

# Conflicts:
#	gradle/verification-metadata.xml
@jfreden jfreden mentioned this pull request Feb 19, 2025
Merged
@jfreden
Copy link
Contributor Author

jfreden commented Feb 19, 2025

💚 All backports created successfully

Status Branch Result
8.17
8.16

Questions ?

Please refer to the Backport tool documentation

jfreden added a commit to jfreden/elasticsearch that referenced this pull request Feb 19, 2025
@jfreden
Bump json-smart and oauth2-oidc-sdk (elastic#122737)
be16b2d 
* Bump json-smart and oauth2-oidc-sdk

---------

Co-authored-by: elasticsearchmachine <[email protected]>
(cherry picked from commit e166645)

# Conflicts:
#	gradle/verification-metadata.xml
jfreden added a commit that referenced this pull request Feb 19, 2025
@jfreden
[8.16] Bump json-smart and oauth2-oidc-sdk (#122737) (#122915)
33f973b 
* Bump json-smart and oauth2-oidc-sdk (#122737)

* Bump json-smart and oauth2-oidc-sdk

---------

Co-authored-by: elasticsearchmachine <[email protected]>
(cherry picked from commit e166645)

# Conflicts:
#	gradle/verification-metadata.xml

* fixup! Add back verification data for test dep
jfreden added a commit that referenced this pull request Feb 19, 2025
@jfreden
[8.17] Bump json-smart and oauth2-oidc-sdk (#122737) (#122914)
bf56ea3 
* Bump json-smart and oauth2-oidc-sdk (#122737)

* Bump json-smart and oauth2-oidc-sdk

---------

Co-authored-by: elasticsearchmachine <[email protected]>
(cherry picked from commit e166645)

# Conflicts:
#	gradle/verification-metadata.xml

* fixup! Add back verification data for test dep
kezhenxu94 pushed a commit to tetrateio/elasticsearch that referenced this pull request Feb 20, 2025
@jfreden @kezhenxu94
[8.16] Bump json-smart and oauth2-oidc-sdk (elastic#122737) (elastic#…
c379ea7 
…122915)

* Bump json-smart and oauth2-oidc-sdk (elastic#122737)

* Bump json-smart and oauth2-oidc-sdk

---------

Co-authored-by: elasticsearchmachine <[email protected]>
(cherry picked from commit e166645)

# Conflicts:
#	gradle/verification-metadata.xml

* fixup! Add back verification data for test dep
kezhenxu94 pushed a commit to tetrateio/elasticsearch that referenced this pull request Feb 20, 2025
@jfreden @kezhenxu94
[8.16] Bump json-smart and oauth2-oidc-sdk (elastic#122737) (elastic#…
69e1475 
…122915)

* Bump json-smart and oauth2-oidc-sdk (elastic#122737)

* Bump json-smart and oauth2-oidc-sdk

---------

Co-authored-by: elasticsearchmachine <[email protected]>
(cherry picked from commit e166645)

# Conflicts:
#	gradle/verification-metadata.xml

* fixup! Add back verification data for test dep
elasticsearchmachine pushed a commit that referenced this pull request Feb 21, 2025
@jfreden
[8.x] Bump json-smart and oauth2-oidc-sdk (#122737) (#122835)
d85e487 
* Bump json-smart and oauth2-oidc-sdk (#122737)

* Bump json-smart and oauth2-oidc-sdk

---------

Co-authored-by: elasticsearchmachine <[email protected]>

* fixup! Add back verification data for test dep

---------

Co-authored-by: elasticsearchmachine <[email protected]>
elasticsearchmachine pushed a commit that referenced this pull request Feb 21, 2025
@jfreden
Bump json-smart and oauth2-oidc-sdk (#122737) (#122836)
4765745 
* Bump json-smart and oauth2-oidc-sdk

---------

Co-authored-by: elasticsearchmachine <[email protected]>
elasticsearchmachine pushed a commit that referenced this pull request Feb 21, 2025
@jfreden
[8.18] Bump json-smart and oauth2-oidc-sdk (#122737) (#122834)
9a5fc3f 
* Bump json-smart and oauth2-oidc-sdk (#122737)

* Bump json-smart and oauth2-oidc-sdk

---------

Co-authored-by: elasticsearchmachine <[email protected]>

* fixup! Add back verification data for test dep

---------

Co-authored-by: elasticsearchmachine <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@slobodanadamovic slobodanadamovic slobodanadamovic approved these changes

Assignees

No one assigned

Labels

auto-backport Automatically create backport pull requests when merged backport pending :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) Team:Security Meta label for security team >upgrade v8.16.5 v8.17.3 v8.18.1 v8.19.0 v9.0.1 v9.1.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jfreden @elasticsearchmachine @slobodanadamovic