Skip to content

chore(SDBI-3897): Address security vulnerabilities associated with Va… #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
vruano wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(SDBI-3897): Address security vulnerabilities associated with Va… #1

vruano wants to merge 1 commit into from

Conversation

@vruano
Copy link
Collaborator

@vruano vruano commented Dec 4, 2024

…rdict.

  • Upgraded htsjdk to 3.0.5; this is not the latest available but the latest that does not carry compilation errors.
  • Upgraded additional transitive dependencies with vulnerabilities (ant, commons-compress and snappy-java)
  • Bumped version to 1.8.3.1
  • Deleted pre-builded release zip files.

@vruano vruano self-assigned this Dec 4, 2024
@vruano
chore(SDBI-3897): Address security vulnerabilities associated with Va…
1308511 
…rdict.

* Upgraded htsjdk to 3.0.5; this is not the latest available but the latest
  that does not carry compilation errors.
* Upgraded additional transitive dependencies with vulnerabilities (ant, commons-compress and snappy-java)
* Bumped version to 1.8.3.1
* Updated gradlew version to 6.9.3 as current one seems to be problematic to build a docker image.
* Explicitly point to maven repository provoding url as the default seems to be problematic when building a docker image.
* Deleted pre-builded release zip files.
@vruano vruano force-pushed the SDBI-3897-address-vulnerabilities-vardict branch from 3a748a0 to 1308511 Compare December 4, 2024 21:28
@vruano vruano requested a review from TechIsCool December 4, 2024 21:41
@TechIsCool
Copy link

TechIsCool commented Dec 5, 2024

I would suggest not removing the Binary files as its going to make it harder to upstream any changes to the original repo. https://github.com/AstraZeneca-NGS/VarDictJava Since they still have the versions in the repo.

@vruano
Copy link
Collaborator Author

vruano commented Dec 12, 2024

@TechIsCool Thanks. I rather keep it simple and leave as it is for now. If we do a pull request toward the original repo I'm ok with the additional work or even rather suggest to remove those earlier versions as in general is not a good idea hold on to them in the source code tree; they should we using some other tool to archive them.

@vruano vruano closed this Dec 12, 2024
@vruano vruano reopened this Dec 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TechIsCool TechIsCool Awaiting requested review from TechIsCool

At least 1 approving review is required to merge this pull request.

Assignees

@vruano vruano

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vruano @TechIsCool