Skip to content

Source Clear Improvements #203

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 10, 2018
Merged

Source Clear Improvements #203

merged 4 commits into from
Aug 10, 2018

Conversation

shihpatrick
Copy link
Contributor

Summary/Background

Results from Source Clear were 1 vulnerability and several suggested library updates. The following changes were made largely with the suggestions Source Clear made. All the information below is also in our Source Clear account.

Vulnerability

Apache httpclient 4.5.2 had a security vulnerability, in which Source Clear suggests a package update. Looking through the Source Clear Vulnerability Database, 4.5.6 does not have any vulnerabilities and is the most recent package. (There were also 5.0 beta versions that were breaking our code.)

Libraries

There were several libraries that were outdated, in which some libraries were dependent on other libraries. The only library upgrade suggestion that I did not follow was SLF4J 1.8.0-beta2, and I upgraded it to 1.7.25 instead. 1.8.0-beta2 broke the code, so I elected to upgrade it to the most current 1.7.x version. We were also using findBugsVersion on two different libraries annotations and jsr305. One required an update, so I chose to specify the versions for the two libraries.

Testing

Build with ./gradlew build had no errors. Ran and passed ./gradlew test, and ./gradlew check.

aliabbasrizvi
aliabbasrizvi approved these changes Aug 10, 2018
View reviewed changes
Copy link
Contributor

@aliabbasrizvi aliabbasrizvi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

Let's wait for tests to report success and then this is good to merge.

@coveralls
Copy link

Pull Request Test Coverage Report for Build 572

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 89.373%
Totals Coverage Status
Change from base Build 570: 0.0%
Covered Lines: 2338
Relevant Lines: 2616
💛 - Coveralls

@shihpatrick shihpatrick merged commit 9b5d6a8 into master Aug 10, 2018
@shihpatrick shihpatrick deleted the pshih/source-clear-improvements branch August 10, 2018 18:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thomaszurkan-optimizely thomaszurkan-optimizely Awaiting requested review from thomaszurkan-optimizely

1 more reviewer

@aliabbasrizvi aliabbasrizvi aliabbasrizvi approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@shihpatrick @coveralls @aliabbasrizvi @patrickshih-optimizely