Updated Guice to 7.0.0 and Guava to 32.1.2#89
Merged
tortmayr merged 1 commit intoeclipse-glsp:masterfrom Sep 28, 2023
Merged
Conversation
Contributor
|
The required server change has been merged. Could you please update the targets to: |
Contributor
Author
|
I changed the repository as requested |
tortmayr
approved these changes
Sep 28, 2023
Contributor
tortmayr
left a comment
tortmayr
left a comment
There was a problem hiding this comment.
Looks good to me. Tested with every targetplatfom and everything works as expected.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Currently, Guice 5 and Guava up to 31 is used in the GLSP Server and Eclipse Integration
These Guava Versions are affected by CVE-2023-2976 classified as a high security risk.
This could be mitigated by updating to Guava 32.0.1 or higher (32.1.2 is part of the 2023-09 SimRel)
The Issue is that Guice 5 has an upper limit of Guava 31 and so an Update to Guice 6 or 7 is necessary.
Xtext already did this update to Guice 7, which is now part of the SimRel
The drawback is that an update to Guice 7 requires changing from javax.inject to jakarta.inject.
Besides that, there are probably no breaking changes that affect GLSP.
The current situation makes is very complicated to use Xtext and GLSP in the same runtime.