fix(deps): update dependency org.apache.bcel:bcel to v6.7.0#2278
fix(deps): update dependency org.apache.bcel:bcel to v6.7.0#2278
Conversation
|
Looks like our build isn't ready for the newer BCEL. |
da2b468 to
de123b2
Compare
de123b2 to
67e690f
Compare
|
Adding link to the change log for bcel for easy reference while looking into this https://commons.apache.org/proper/commons-bcel/changes-report.html#a6.7.0. |
|
@hazendaz it seems to me that the issue is that we build with BCEL 6.7.0 and then we analyze the project with the SpotBugs Gradle plugin (which was built with the previous version of BCEL) but the plugin uses BCEL 6.7.0, not the version it was built with. |
|
Since bcel-6.5.0 has CVE-2022-42920 (CRITICAL) |
e0fe93e to
61d86d8
Compare
As far as I can see, the current master is on bcel version 6.6.1, which is not affected by this problem. However, it would be great to have this PR in spotbugs 4.7.4, it is not critical. |
|
Several issues here, I noticed at least 2:
|
61d86d8 to
1cd103a
Compare
|
The relevant PR (apache/commons-bcel#221) got merged to bcel, so the next bcel version should work with the changes in this PR. However, I don't have any timeline info about the bcel release. |
|
letting renovate rebase again to see if docs is related to us or that process since all recent PRs are failing today. |
ac6f1db to
fff629d
Compare
|
arggg...mistakenly messed this up. Will fix it... |
This PR contains the following updates:
6.6.1->6.7.0Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.