Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove credentials dependency from build.gradle #534

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Remove credentials dependency from build.gradle #534

wants to merge 2 commits into from

Conversation

zelinh
Copy link
Member

@zelinh zelinh commented Oct 16, 2024
edited
Loading

Description

Remove explicit credentials dependency in the build.gradle file.

Issues Resolved

#518
#519

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@codecov Codecov
Copy link

codecov bot commented Oct 16, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 84.72%. Comparing base (4e94ed7) to head (d937315).
Report is 2 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff            @@
##               main     #534   +/-   ##
=========================================
  Coverage     84.72%   84.72%           
  Complexity      105      105           
=========================================
  Files           115      115           
  Lines           648      648           
  Branches         71       71           
=========================================
  Hits            549      549           
  Misses           29       29           
  Partials         70       70

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

peterzhuamazon
peterzhuamazon reviewed Oct 16, 2024
View reviewed changes
build.gradle Outdated
@@ -76,7 +76,7 @@ sharedLibrary {
dependency('org.jenkins-ci.plugins.workflow', 'workflow-multibranch', '2.26.1')
dependency('org.jenkins-ci.plugins', 'pipeline-input-step', '456.vd8a_957db_5b_e9') // https://repo.jenkins-ci.org/public/org/jenkins-ci/plugins/pipeline-input-step/
dependency('org.jenkins-ci.plugins', 'script-security', '1229.v4880b_b_e905a_6')
dependency('org.jenkins-ci.plugins', 'credentials', '1112.vc87b_7a_3597f6')
dependency('org.jenkins-ci.plugins', 'credentials', '1381.v2c3a_12074da_b_')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it normal for such as big bump?
Also shall we keep the same version of this as the one on jenkins docker image?
cc: @gaiksaya Thanks.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would recommend removing the dependency from here. I believe it was added to resolve CVE.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just removed this dependency from the file. Please take another look. Thanks!

@zelinh zelinh changed the title Update credentials version to fix CVE Remove credentials dependency from build.gradle Oct 21, 2024
gaiksaya
gaiksaya approved these changes Oct 22, 2024
View reviewed changes
Copy link
Member

@gaiksaya gaiksaya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Waiting for mend to give CVE scanning results

@zelinh
Copy link
Member Author

zelinh commented Oct 22, 2024

Waiting for mend to give CVE scanning results

Seems like it's failing again. I contacted Mend support on the same previous issue and they are investigating on the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peterzhuamazon peterzhuamazon peterzhuamazon left review comments

@gaiksaya gaiksaya gaiksaya approved these changes

@prudhvigodithi prudhvigodithi Awaiting requested review from prudhvigodithi prudhvigodithi is a code owner

@rishabh6788 rishabh6788 Awaiting requested review from rishabh6788 rishabh6788 is a code owner

@Divyaasm Divyaasm Awaiting requested review from Divyaasm Divyaasm is a code owner

Assignees
No one assigned
Labels
None yet
Projects
Engineering Effectiveness Board
Status: 👀 In review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@zelinh @gaiksaya @peterzhuamazon