Skip to content

force commons-lang3 version to 3.18.0 #23

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
countableSet merged 1 commit into from
Aug 15, 2025
Merged

force commons-lang3 version to 3.18.0 #23

countableSet merged 1 commit into from
Aug 15, 2025

Conversation

@countableSet
Copy link

@countableSet countableSet commented Aug 14, 2025

transitive dependency on commons-lang3:3.17.0 forcing upgrade to 3.18.0 to clear alert https://github.com/github/flit/security/dependabot/24

+--- com.approvaltests:approvaltests:24.22.0
|    \--- com.approvaltests:approvaltests-util:24.22.0
|         \--- org.apache.commons:commons-lang3:3.17.0

com.approvaltests:approvaltests:24.22.0 is the latest version from May https://search.maven.org/artifact/com.approvaltests/approvaltests/24.22.0/jar

cc @github/data-pipelines
cc https://github.com/github/data-pipelines/issues/3217

Copilot AI review requested due to automatic review settings August 14, 2025 22:19
Copilot AI reviewed Aug 14, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR forces an upgrade of the commons-lang3 dependency from version 3.17.0 to 3.18.0 to address a security vulnerability identified by Dependabot. The change explicitly declares the commons-lang3 dependency in the build configuration to override the transitive dependency version brought in by the approvaltests library.

  • Adds explicit dependency declaration for commons-lang3 version 3.18.0
  • Overrides transitive dependency from approvaltests that was pulling in vulnerable version 3.17.0

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.

@countableSet countableSet merged commit 5f86dfc into master Aug 15, 2025
5 checks passed
@countableSet countableSet deleted the commonslang3 branch August 15, 2025 18:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jlisam jlisam jlisam approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@countableSet @jlisam