openapi-generator icon indicating copy to clipboard operation
openapi-generator copied to clipboard

fix: Upgrade testng to avoid CVE-2022-4065

Open EstebanDugueperoux2 opened this issue 1 year ago • 1 comments

A testNG upgrade to fix a critical CVE.

PR checklist

  • [X] Read the contribution guidelines.
  • [X] Pull Request title clearly describes the work in the pull request and Pull Request description provides details about how to validate the work. Missing information here may result in delayed response from the community.
  • [X] Run the following to build the project and update samples:
    ./mvnw clean package 
    ./bin/generate-samples.sh ./bin/configs/*.yaml
    ./bin/utils/export_docs_generators.sh
    

EstebanDugueperoux2 avatar May 10 '24 20:05 EstebanDugueperoux2

Hi @wing328, @etherealjoy,

Would it be possible to have this PR integrated in a 7.5.1 release? Because without that, the 7.5.0 release is not usable through Nexus IQ Server or Artifactory due to security scanner leveraging this critical CVE.

Regards.

EstebanDugueperoux2 avatar May 10 '24 21:05 EstebanDugueperoux2

thanks for the PR.

can you please fix the build failure when you've time?

we should be able to release v7.6.0 this week accordingly to the schedule

wing328 avatar May 11 '24 04:05 wing328

Hi @wing328,

Thanks for the fast reply. About CI failure, this seems not related to my change. I have closed and reopened this PR and the CI seems good now.

Regards.

EstebanDugueperoux2 avatar May 11 '24 08:05 EstebanDugueperoux2

does it build for you locally with mvn clean install?

wing328 avatar May 11 '24 10:05 wing328

Hum indeed from release 7.6.1 of TestNG a deprecated method has been removed (https://github.com/testng-team/testng/pull/2762/files). It should be ok now.

EstebanDugueperoux2 avatar May 11 '24 12:05 EstebanDugueperoux2

cc @OpenAPITools/generator-core-team

wing328 avatar May 11 '24 13:05 wing328

thanks for the fix, which has been merged into master

have a nice weekend

wing328 avatar May 11 '24 15:05 wing328

Hi @wing328,

Do you plan always a 7.6.0 release today?

Regards.

EstebanDugueperoux2 avatar May 17 '24 15:05 EstebanDugueperoux2

released yesterday. please check it out when you've time.

thanks again for the PR

wing328 avatar May 21 '24 06:05 wing328