envoyproxy / java-control-plane

Java implementation of an Envoy gRPC control plane

Apache License 2.0

293 stars 136 forks source link

Update Dependencies #251

Closed agrawroh closed 2 years ago

agrawroh commented 2 years ago

Description

There are a couple CVEs in both the Java Protobuf java-protobuf [Ref] and the Guava Cache guava-android [Ref] versions that we are currently using.

Changes

This PR bumps up the dependencies to a newer version which doesn't have any CVEs. These are the dependencies that we are bumping the versions for:

GRPC: 1.22.1 -> 1.48.1
Java Protobuf: 3.9.1 -> 3.21.5
Guava Cache: 26.0 -> 31.1

codecov-commenter commented 2 years ago

Codecov Report

Merging #251 (e204113) into main (c7e27d4) will not change coverage. The diff coverage is n/a.

@@            Coverage Diff            @@
##               main     #251   +/-   ##
=========================================
  Coverage     90.01%   90.01%           
  Complexity      225      225           
=========================================
  Files            28       28           
  Lines           721      721           
  Branches         57       57           
=========================================
  Hits            649      649           
  Misses           49       49           
  Partials         23       23

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

agrawroh commented 2 years ago

@ramaraochavali We just started using Java CP to build our Envoy Control Plane. I'm used to Envoy codebase where it auto-assign the reviewers. How does it happen for this repo? We would be contributing pretty frequently once we do the initial POC. Any suggestions on who we can ping for the PR reviews?