Upgrade groovy-all dependency
Description
None
Acceptance / Success Criteria
has to be started together with
Lucidchart Diagrams
Activity
Show:
Benjamin Reed May 4, 2022 at 1:42 PM
Merged to foundation-2019
Benjamin Reed May 2, 2022 at 8:16 PM
Barring complications that would require us to move to Groovy 3 (or 4), this is done.
Benjamin Reed May 2, 2022 at 8:09 PM
I am currently evaluating upgrading groovy-all to the latest 2.5.x, since it has no associated CVEs and is still maintained. Is there a specific need for Groovy 3, or is it just because of potential security issues?
Long term, we should probably make the jump right to Groovy 4, but it should only be develop – it's a lot of churn to backport to a Meridian foundation branch.
Fixed
Details
Assignee
Benjamin ReedBenjamin ReedReporter
Jeff GehlbachJeff GehlbachLabels
HB Grooming Date
Apr 26, 2022HB Backlog Status
SprintFD#
1098Story Points
3Components
Sprint
NoneAffects versions
Priority
Minor
Details
Details
Assignee
Benjamin ReedReporter
Jeff GehlbachLabels
HB Grooming Date
Apr 26, 2022
HB Backlog Status
Sprint
FD#
1098
Story Points
3
Components
Sprint
None
Affects versions
Priority
Minor
PagerDuty
PagerDuty Incident
PagerDuty
PagerDuty Incident
PagerDuty
PagerDuty Incident
Created April 25, 2022 at 7:20 PM
Updated June 27, 2023 at 9:45 PM
Resolved May 4, 2022 at 1:42 PM
Need to update the
groovy-alldependency to at least version 3.0.10 to address a vulnerability in the 2.4.5 release we currently distribute.The original reporter attempted to make this change in-house, but it broke their build.