Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exclude xstream version affected by CVE #3785

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Exclude xstream version affected by CVE #3785

wants to merge 5 commits into from
+9 −0

Conversation

yesamer
Copy link
Contributor

@yesamer yesamer commented Nov 19, 2024

Many thanks for submitting your Pull Request ❤️!

Closes/Fixes/Resolves #ISSUE-NUMBER

Description:

Please make sure that your PR meets the following requirements:

  • You have read the contributors guide
  • Your code is properly formatted according to this configuration
  • Pull Request title is properly formatted: Issue-XYZ Subject
  • Pull Request title contains the target branch if not targeting main: [0.9.x] Issue-XYZ Subject
  • Pull Request contains link to the JIRA issue
  • Pull Request contains link to any dependent or related Pull Request
  • Pull Request contains description of the issue
  • Pull Request does not include fixes for issues other than the main ticket
How to replicate CI configuration locally?

Build Chain tool does "simple" maven build(s), the builds are just Maven commands, but because the repositories relates and depends on each other and any change in API or class method could affect several of those repositories there is a need to use build-chain tool to handle cross repository builds and be sure that we always use latest version of the code for each repository.

build-chain tool is a build tool which can be used on command line locally or in Github Actions workflow(s), in case you need to change multiple repositories and send multiple dependent pull requests related with a change you can easily reproduce the same build by executing it on Github hosted environment or locally in your development environment. See local execution details to get more information about it.

@yesamer yesamer changed the title exclude_xstream Exclude xstream version affected by CVE Nov 19, 2024
gitgabrio
gitgabrio approved these changes Nov 19, 2024
View reviewed changes
Copy link
Contributor

@gitgabrio gitgabrio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @yesamer LGTM!

@kie-ci3
Copy link
Contributor

kie-ci3 commented Nov 19, 2024

PR job #2 was: UNSTABLE
Possible explanation: This should be test failures

Reproducer

build-chain build full_downstream -f 'https://raw.githubusercontent.com/${AUTHOR:apache}/incubator-kie-kogito-pipelines/${BRANCH:main}/.ci/buildchain-config-pr-cdb.yaml' -o 'bc' -p apache/incubator-kie-kogito-runtimes -u #3785 --skipParallelCheckout

NOTE: To install the build-chain tool, please refer to https://github.com/kiegroup/github-action-build-chain#local-execution

Please look here: https://ci-builds.apache.org/job/KIE/job/kogito/job/main/job/pullrequest_jobs/job/kogito-runtimes-pr/job/PR-3785/2/display/redirect

Test results:

  • PASSED: 3369
  • FAILED: 23

Those are the test failures:

org.kie.kogito.addon.quarkus.messaging.common.message.http.CloudEventHttpOutgoingDecoratorTest.verifyOutgoingHttpMetadataIsSet java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.kie.kogito.process.dynamic.DynamicCallResourceTest.testConcurrentDynamicCalls java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.kie.kogito.events.mongodb.QuarkusMongoDBEventPublisherTest.userTasksEventsCollection java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.kie.kogito.addons.quarkus.fabric8.k8s.service.catalog.DeploymentUtilsTest.testDeploymentWithServiceWithCustomPortName java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.kie.kogito.addons.quarkus.fabric8.k8s.service.catalog.Fabric8KubernetesServiceCatalogTest.getServiceAddress(KubernetesProtocol, String, String)[1] java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.kie.kogito.addons.quarkus.fabric8.k8s.service.catalog.IngressUtilsTest.testIngressWithTLS java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.kie.kogito.addons.quarkus.fabric8.k8s.service.catalog.KnativeServiceDiscoveryTest.queryService java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.kie.kogito.addons.quarkus.fabric8.k8s.service.catalog.KubernetesResourceDiscoveryTest.testServiceNodePort java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.kie.kogito.addons.quarkus.fabric8.k8s.service.catalog.OpenShiftServiceDiscoveryTest.testDeploymentConfigWithoutService java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.kie.kogito.addons.quarkus.fabric8.k8s.service.catalog.PodUtilsTest.testPodWithNoService java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.kie.kogito.addons.quarkus.fabric8.k8s.service.catalog.StatefulSetUtilsTest.testStatefulSetNoService java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.jbpm.usertask.jpa.quarkus.H2QuarkusJPAUserTaskInstancesTest.testFindByIdentityByPotentialGroups java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.jbpm.usertask.jpa.quarkus.PostgreSQLQuarkusJPAUserTaskInstancesTest.testFindByIdentityByPotentialGroups java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.kie.kogito.addons.quarkus.k8s.KnativeRouteEndpointDiscoveryTest.testBaseCase java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.kie.kogito.addons.quarkus.k8s.KubernetesServiceEndpointDiscoveryTest.testGetURLOnRandomPort java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.kie.kogito.addons.quarkus.k8s.config.KubeDiscoveryConfigCacheUpdaterTest.knativeResource java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.kie.kogito.mail.QuarkusMailSenderTest.testMail java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.kie.kogito.addons.quarkus.microprofile.config.service.catalog.MicroProfileConfigServiceCatalogTest.getServiceAddress(KubernetesProtocol, String, String)[1] java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.kie.kogito.infinispan.health.InfinispanHealthCheckIT.testCall java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.kie.kogito.process.definitions.ProcessDefinitionsResourceTest.testAddDefinition java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.kie.kogito.addon.source.files.SourceFilesResourceTest.getSourceFilesByProcessIdTest java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.kie.kogito.quarkus.drools.RuleUnitMetaDataContextSerializationTest.ensureRuleUnitMetaDataSerializable java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter
org.kie.kogito.legacy.rules.TmsEndpointTest.testHelloEndpoint java.lang.NoClassDefFoundError: com/thoughtworks/xstream/converters/Converter

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gitgabrio gitgabrio gitgabrio approved these changes

@porcelli porcelli Awaiting requested review from porcelli

Assignees
No one assigned
Labels
Do not merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@yesamer @kie-ci3 @gitgabrio