Skip to content

deps: upgrade commons-codec to 1.14#2164

Merged
lqiu96 merged 2 commits into
mainfrom
fix-bug-496541059
Jun 29, 2026
Merged

deps: upgrade commons-codec to 1.14#2164
lqiu96 merged 2 commits into
mainfrom
fix-bug-496541059

Conversation

@lqiu96

@lqiu96 lqiu96 commented Jun 22, 2026

Copy link
Copy Markdown
Member

Upgrades the transitive dependency commons-codec:commons-codec (brought in via httpclient) to 1.14 to resolve a security vulnerability (SNYK-JAVA-COMMONSCODEC-561518) which affects versions older than 1.14.

We cannot upgrade httpclient further because 4.5.14 is the latest version on the 4.x branch, and upgrading to 5.x would be a breaking change.

Reported via b/496541059

Upgrades the transitive dependency `commons-codec:commons-codec` (brought in via `httpclient`) to `1.14` to resolve a security vulnerability (SNYK-JAVA-COMMONSCODEC-561518) which affects versions older than 1.14.

We cannot upgrade httpclient further because 4.5.14 is the latest version on the 4.x branch, and upgrading to 5.x would be a breaking change.

BUG=496541059
TAG=agy
CONV=b43d61a6-175a-4130-8ed4-ec217f123c55
@product-auto-label product-auto-label Bot added the size: s Pull request size is small. label Jun 22, 2026
@lqiu96 lqiu96 added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 26, 2026
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 26, 2026
@lqiu96 lqiu96 marked this pull request as ready for review June 29, 2026 16:50
@lqiu96 lqiu96 requested a review from a team as a code owner June 29, 2026 16:50
@lqiu96 lqiu96 merged commit 68d9ba6 into main Jun 29, 2026
28 checks passed
@lqiu96 lqiu96 deleted the fix-bug-496541059 branch June 29, 2026 17:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size: s Pull request size is small.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants