sonatype-lift[bot] commented on code in PR #1264:
URL: https://github.com/apache/solr/pull/1264#discussion_r1060207647
##########
solr/core/build.gradle:
##########
@@ -15,21 +15,34 @@
* limitations under the License.
*/
-
apply plugin: 'java-library'
description = 'Apache Solr Core'
-configurations.all {
- exclude group: 'log4j', module: 'log4j'
- exclude group: 'commons-logging', module: 'commons-logging'
- exclude group: 'org.slf4j', module: 'slf4j-log4j12'
- exclude group: 'org.apache.yetus', module: 'audience-annotations'
- exclude group: 'org.codehaus.mojo', module: 'animal-sniffer-annotations'
- // be conservative on what's added here. Affects *all* configs, including
internal ones.
+configurations {
+ // jettyClientImplementation should be used for all jetty client libraries
used by the Solr Server.
+ // These libraries must be available in the WEB-INF/lib, as well as
server/lib.
+ // Jetty does not allow for these specific libraries to be accessed from the
webapp, if they only live in server/lib.
+ // Note: because of SolrEmbedded, this is not all jetty libraries.
+ // (Solr Core requires the jetty server libraries because of embedded Solr,
however the webapp does not use these)
+ jettyClientImplementation
+ implementation {
+ extendsFrom jettyClientImplementation
+ }
}
dependencies {
+ // Spotbugs Annotations are only needed for old findbugs
+ // annotation usage like in Zookeeper during compilation time.
+ // It is not included in the release so exclude from checks.
Review Comment:
<picture><img alt="52% of developers fix this issue"
src="https://lift.sonatype.com/api/commentimage/fixrate/52/display.svg";></picture>
*High Vulnerability:*
### maven : com.fasterxml.jackson/jackson-bom : 2.13.4.20221013
0 Critical, 1 High, 0 Medium, 0 Low vulnerabilities have been found across 1
dependencies.
[View the Lift
console](https://lift.sonatype.com/results/github.com/apache/solr/01GNT8J2TTRR28BFJBCQHAWT5S?tab=dependencies&component=pkg%3Amaven%2Fcom.fasterxml.jackson%2Fjackson-bom%402.13.4.20221013)
for details about these vulnerabilities.
---
<details><summary><b>âšī¸ Learn about @sonatype-lift commands</b></summary>
You can reply with the following commands. For example, reply with
***@sonatype-lift ignoreall*** to leave out all findings.
| **Command** | **Usage** |
| ------------- | ------------- |
| `@sonatype-lift ignore` | Leave out the above finding from this PR |
| `@sonatype-lift ignoreall` | Leave out all the existing findings from this
PR |
| `@sonatype-lift exclude <file\|issue\|path\|tool>` | Exclude specified
`file\|issue\|path\|tool` from Lift findings by updating your config.toml file |
**Note:** When talking to LiftBot, you need to **refresh** the page to see
its response.
<sub>[Click here](https://github.com/apps/sonatype-lift/installations/new)
to add LiftBot to another repo.</sub></details>
---
Was this a good recommendation?
[ [đ Not
relevant](https://www.sonatype.com/lift-comment-rating?comment=365232422&lift_comment_rating=1)
] - [ [đ Won't
fix](https://www.sonatype.com/lift-comment-rating?comment=365232422&lift_comment_rating=2)
] - [ [đ Not critical, will
fix](https://www.sonatype.com/lift-comment-rating?comment=365232422&lift_comment_rating=3)
] - [ [đ Critical, will
fix](https://www.sonatype.com/lift-comment-rating?comment=365232422&lift_comment_rating=4)
] - [ [đ Critical, fixing
now](https://www.sonatype.com/lift-comment-rating?comment=365232422&lift_comment_rating=5)
]
##########
solr/core/src/java/org/apache/solr/search/facet/FacetModule.java:
##########
@@ -380,26 +400,24 @@ public Object getMergedResult() {
return getDouble();
}
-
@Override
public int compareTo(FacetSortableMerger other, FacetRequest.SortDirection
direction) {
return compare(getDouble(), ((FacetDoubleMerger) other).getDouble(),
direction);
}
-
public static int compare(double a, double b, FacetRequest.SortDirection
direction) {
if (a < b) return -1;
if (a > b) return 1;
- if (a != a) { // a==NaN
+ if (a != a) { // a==NaN
Review Comment:
<picture><img alt="39% of developers fix this issue"
src="https://lift.sonatype.com/api/commentimage/fixrate/39/display.svg";></picture>
đŦ 2 similar findings have been found in this PR
---
*opt.semgrep.java.lang.correctness.eqeq.eqeq:* `a == a` or `a != a` is
always true. (Unless the value compared is a float or double).
To test if `a` is not-a-number, use `Double.isNaN(a)`.
---
<details><summary><b>đ Expand here to view all instances of this
finding</b></summary><br/>
<div align=\"center\">
| **File Path** | **Line Number** |
| ------------- | ------------- |
| solr/core/src/java/org/apache/solr/search/facet/FacetModule.java |
[413](https://github.com/apache/solr/blob/93d6905e1854c7122c78991310044ccfc6f05ebc/solr/core/src/java/org/apache/solr/search/facet/FacetModule.java#L413)
|
| solr/core/src/java/org/apache/solr/search/facet/FacetModule.java |
[419](https://github.com/apache/solr/blob/93d6905e1854c7122c78991310044ccfc6f05ebc/solr/core/src/java/org/apache/solr/search/facet/FacetModule.java#L419)
|
<p><a
href="https://lift.sonatype.com/results/github.com/apache/solr/01GNT8J2TTRR28BFJBCQHAWT5S?t=Semgrep|opt.semgrep.java.lang.correctness.eqeq.eqeq"
target="_blank">Visit the Lift Web Console</a> to find more details in your
report.</p></div></details>
---
<details><summary><b>âšī¸ Learn about @sonatype-lift commands</b></summary>
You can reply with the following commands. For example, reply with
***@sonatype-lift ignoreall*** to leave out all findings.
| **Command** | **Usage** |
| ------------- | ------------- |
| `@sonatype-lift ignore` | Leave out the above finding from this PR |
| `@sonatype-lift ignoreall` | Leave out all the existing findings from this
PR |
| `@sonatype-lift exclude <file\|issue\|path\|tool>` | Exclude specified
`file\|issue\|path\|tool` from Lift findings by updating your config.toml file |
**Note:** When talking to LiftBot, you need to **refresh** the page to see
its response.
<sub>[Click here](https://github.com/apps/sonatype-lift/installations/new)
to add LiftBot to another repo.</sub></details>
---
Was this a good recommendation?
[ [đ Not
relevant](https://www.sonatype.com/lift-comment-rating?comment=365232823&lift_comment_rating=1)
] - [ [đ Won't
fix](https://www.sonatype.com/lift-comment-rating?comment=365232823&lift_comment_rating=2)
] - [ [đ Not critical, will
fix](https://www.sonatype.com/lift-comment-rating?comment=365232823&lift_comment_rating=3)
] - [ [đ Critical, will
fix](https://www.sonatype.com/lift-comment-rating?comment=365232823&lift_comment_rating=4)
] - [ [đ Critical, fixing
now](https://www.sonatype.com/lift-comment-rating?comment=365232823&lift_comment_rating=5)
]
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
![https://lift.sonatype.com/api/commentimage/fixrate/52/display.svg"](https://lift.sonatype.com/api/commentimage/fixrate/52/display.svg"){kind=link}
![https://lift.sonatype.com/api/commentimage/fixrate/39/display.svg"](https://lift.sonatype.com/api/commentimage/fixrate/39/display.svg"){kind=link}