java update - cve #516

denis-yuen · 2025-06-04T21:05:12Z

Description
Misnamed branch, update is actually for Java
CVE-2024-21147

Some messing with maven versions and artifactories we're using since the build was hanging

Review Instructions
Download Docker image (or login to it on qa) and check that java is newer than 21.0.3

Issue
https://ucsc-cgl.atlassian.net/browse/SEAB-7175

Security
If there are any concerns that require extra attention from the security team, highlight them here.

Please make sure that you've checked the following before submitting your pull request. Thanks!

Check that you pass the basic style checks and unit tests by running mvn clean install in the project that you have modified (until https://ucsc-cgl.atlassian.net/browse/SEAB-5300 adds multi-module support properly)
Ensure that the PR targets the correct branch. Check the milestone or fix version of the ticket.
If you are changing dependencies, check with dependabot to ensure you are not introducing new high/critical vulnerabilities
If this PR is for a user-facing feature, create and link a documentation ticket for this feature (usually in the same milestone as the linked issue). Style points if you create a documentation PR directly and link that instead.

if no dockstore-support cache is available

but other changes seemed to have worked

sonarqubecloud · 2025-06-06T18:10:04Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

codecov · 2025-06-06T18:10:09Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 9.90%. Comparing base (dce6673) to head (e98da75).
Report is 2 commits behind head on develop.

Additional details and impacted files

@@            Coverage Diff            @@
##             develop    #516   +/-   ##
=========================================
  Coverage       9.90%   9.90%           
  Complexity        75      75           
=========================================
8000

  Files             44      44           
  Lines           2372    2372           
  Branches         203     203           
=========================================
  Hits             235     235           
  Misses          2121    2121           
  Partials          16      16

Flag	Coverage Δ
tooltester	`9.90% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

denis-yuen added 3 commits June 4, 2025 17:04

java update

4a90cac

bump maven and use dockstore cache

e81e5b6

if no dockstore-support cache is available

cannot actually cache across projects

e98da75

but other changes seemed to have worked

denis-yuen marked this pull request as ready for review June 6, 2025 18:10

denis-yuen self-assigned this Jun 6, 2025

denis-yuen requested review from a team, kathy-t and svonworl and removed request for a team June 6, 2025 18:30

kathy-t approved these changes Jun 6, 2025

View reviewed changes

svonworl approved these changes Jun 6, 2025

View reviewed changes

denis-yuen merged commit d361600 into develop Jun 6, 2025
14 checks passed

denis-yuen deleted the feature/curl_update branch June 6, 2025 21:05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

java update - cve #516

java update - cve #516

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

java update - cve #516

java update - cve #516

Uh oh!

Conversation

Uh oh!

Uh oh!

Quality Gate passed

Uh oh!

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Uh oh!