search

cloudendpoints / endpoints-java

A Java framework for building RESTful APIs on Google App Engine
Apache License 2.0
32 stars 35 forks source link

Update google-http-client version to fix CVE-2011-1498, CVE-2014-3577 #167

Closed clementdenis closed 6 years ago

clementdenis commented 6 years ago

Current google-http-client version (1.23.0) depends on org.apache.httpcomponents:httpclient:4.0.1, which has two known CVE vulnerabilities. Recently released 1.25.0 google-http-client uses a newer version that is not affected.

codecov-io commented 6 years ago

Codecov Report

Merging #167 into master will decrease coverage by 0.01%. The diff coverage is n/a.

Impacted file tree graph

@@             Coverage Diff              @@
##             master     #167      +/-   ##
============================================
- Coverage     80.11%   80.09%   -0.02%     
+ Complexity     1692     1691       -1     
============================================
  Files           157      157              
  Lines          5643     5643              
  Branches        738      738              
============================================
- Hits           4521     4520       -1     
  Misses          841      841              
- Partials        281      282       +1
Impacted Files Coverage Δ Complexity Δ
.../server/spi/discovery/CommonPathPrefixBuilder.java 94.44% <0%> (-5.56%) 8% <0%> (-1%)

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 5e3808a...2d5501f. Read the comment docs.