[2.19] Bump dependencies to address CVEs#22292
Conversation
PR Code Analyzer ❗AI-powered 'Code-Diff-Analyzer' found issues on commit 29961d6.
The table above displays the top 10 most important findings. Pull Requests Author(s): Please update your Pull Request according to the report above. Repository Maintainer(s): You can Thanks. |
29961d6 to
155560a
Compare
PR Reviewer Guide 🔍(Review updated until commit 0771e07)Here are some key observations to aid the review process:
|
|
❌ Gradle check result for 155560a: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
|
❌ Gradle check result for 155560a: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
|
❌ Gradle check result for 155560a: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
|
❌ Gradle check result for 155560a: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
|
❌ Gradle check result for 155560a: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
|
❌ Gradle check result for 155560a: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
|
❌ Gradle check result for 155560a: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
|
❌ Gradle check result for 155560a: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
- Bump log4j from 2.25.3 to 2.25.4 (CVE-2026-34480, CVE-2026-34478, CVE-2026-34477) - Bump jetty from 9.4.57 to 9.4.58 (CVE-2026-2332) - Upgrade maven-model from 3.9.6 to 3.9.16, add plexus-xml 3.0.1 (CVE-2025-67030) - Force log4j-core to 2.25.4 in buildSrc - Bump commons-configuration2 from 2.11.0/2.13.0 to 2.15.0 (CVE-2026-34479) - Bump jsoup from 1.20.1 to 1.22.2 (CVE-2026-5598, CVE-2025-33042) - Bump Jackson from 2.18.6 to 2.18.8 (CVE-2026-0636, CVE-2026-5588) - Bump reactor-netty from 1.2.9 to 1.2.18, reactor-core from 3.7.5 to 3.7.19 (CVE-2026-24281, CVE-2026-24308) Signed-off-by: Andrew Ross <andrross@amazon.com>
155560a to
0771e07
Compare
|
Persistent review updated to latest commit 0771e07 |
|
❌ Gradle check result for 0771e07: null Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## 2.19 #22292 +/- ##
============================================
+ Coverage 71.92% 72.00% +0.07%
+ Complexity 66009 64441 -1568
============================================
Files 5342 5121 -221
Lines 307392 300231 -7161
Branches 44862 44090 -772
============================================
- Hits 221105 216171 -4934
+ Misses 67823 65921 -1902
+ Partials 18464 18139 -325 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.