Skip to content

Upgrade mapstruct #35207

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Upgrade mapstruct #35207

wants to merge 1 commit into from

Conversation

lunny
Copy link
Member

@lunny lunny commented Aug 3, 2025

No description provided.

@lunny lunny added this to the 1.24.4 milestone Aug 3, 2025
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Aug 3, 2025
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Aug 3, 2025
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Aug 4, 2025
@lunny lunny added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Aug 4, 2025
@wxiaoguang
Copy link
Contributor

I have 3 questions here:

  1. Why not update all dependencies, but only this one? (What's the purpose)
  2. Why it must use "replace"?
  3. Will "replace" block go get updates? And/or leave security vulnerabilities with the hard-coded "replaced" version?

@wxiaoguang wxiaoguang removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Aug 4, 2025
@wxiaoguang wxiaoguang marked this pull request as draft August 4, 2025 03:41
@lunny lunny modified the milestones: 1.24.4, 1.24.5 Aug 4, 2025
@lunny
Copy link
Member Author

lunny commented Aug 4, 2025

This is related to the vulnerability report at GHSA-fv92-fjc5-jj9h. The affected package is an indirect dependency of Gitea, so we have the option to either upgrade the Swagger dependency or directly update the vulnerable package.

However, after further review, it appears that Gitea is not impacted by this vulnerability, so an upgrade may not be necessary.

@lunny lunny closed this Aug 4, 2025
@lunny lunny deleted the lunny/upgrade_pkg branch August 4, 2025 19:16
@GiteaBot GiteaBot removed this from the 1.24.5 milestone Aug 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@a1012112796 a1012112796 a1012112796 approved these changes

@delvh delvh delvh approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@lunny @wxiaoguang @a1012112796 @delvh @GiteaBot