Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Upgrade groovy-all dependency

Description

None

Acceptance / Success Criteria

Need to update the groovy-all dependency to at least version 3.0.10 to address a vulnerability in the 2.4.5 release we currently distribute.

The original reporter attempted to make this change in-house, but it broke their build.

has to be started together with

Confluence content

mentioned on

Lucidchart Diagrams

Activity

Show:

Benjamin Reed May 4, 2022 at 1:42 PM

Merged to foundation-2019

Benjamin Reed May 2, 2022 at 8:16 PM

Barring complications that would require us to move to Groovy 3 (or 4), this is done.

PR: https://github.com/OpenNMS/opennms/pull/4631

Benjamin Reed May 2, 2022 at 8:09 PM

I am currently evaluating upgrading groovy-all to the latest 2.5.x, since it has no associated CVEs and is still maintained. Is there a specific need for Groovy 3, or is it just because of potential security issues?

Long term, we should probably make the jump right to Groovy 4, but it should only be develop – it's a lot of churn to backport to a Meridian foundation branch.

Fixed

Details

Assignee

Reporter

Labels

HB Grooming Date

HB Backlog Status

FD#

Story Points

Components

Sprint

Fix versions

Affects versions

Priority

Parent

PagerDuty

Created April 25, 2022 at 7:20 PM
Updated June 27, 2023 at 9:45 PM
Resolved May 4, 2022 at 1:42 PM

Flag notifications