Skip to content

Commit

Permalink
neo4j-2025.01: pombump netty to address CVE
Browse files Browse the repository at this point in the history 
Specifically CVE-2025-25193 GHSA-389x-839f-4rhx and CVE-2025-24970
GHSA-4g8c-wm8x-jfhw.

Also remove the unused `pombump-properties.yaml` file: `maven/pombump`
wasn't in the pipeline so both it and `pombump-properties.yaml` were
previously unused.
  • Loading branch information
@OddBloke
OddBloke committed Mar 3, 2025
1 parent bcf847d commit 8f1544b
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 6 deletions.
2 changes: 2 additions & 0 deletions neo4j-2025.01.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ pipeline:
tag: ${{package.version}}
expected-commit: aa168a96c066c736faaf121480c2b5572ad0037d

- uses: maven/pombump

- runs: |
export LANG=en_US.UTF-8
export MAVEN_OPTS="-Xmx2048m"
Expand Down
6 changes: 3 additions & 3 deletions neo4j-2025.01/pombump-deps.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
patches:
- groupId: com.google.protobuf
artifactId: protobuf-java
version: 3.25.5
- groupId: io.netty
artifactId: netty-bom
version: 4.1.118.Final
3 changes: 0 additions & 3 deletions neo4j-2025.01/pombump-properties.yaml
View file

This file was deleted.

0 comments on commit 8f1544b

Please sign in to comment.