You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by ji...@apache.org on 2021/01/27 05:20:58 UTC
[druid] branch 0.20.1 updated (d301716 -> 1c48526)
This is an automated email from the ASF dual-hosted git repository.
jihoonson pushed a change to branch 0.20.1
in repository https://gitbox.apache.org/repos/asf/druid.git.
from d301716 Bump up jackson-databind to 2.10.5.1 (#10655)
new 3668786 Update deps for CVE-2020-28168 and CVE-2020-28052 (#10733)
new 1c48526 Bump jetty to latest version (#10563)
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
licenses.yaml | 4 ++--
pom.xml | 2 +-
web-console/package-lock.json | 16 +++++++++++-----
web-console/package.json | 2 +-
4 files changed, 15 insertions(+), 9 deletions(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[druid] 02/02: Bump jetty to latest version (#10563)
Posted by ji...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jihoonson pushed a commit to branch 0.20.1
in repository https://gitbox.apache.org/repos/asf/druid.git
commit 1c4852647212b3a4f9480f0fe2b0c16de3509ecd
Author: Suneet Saldanha <su...@apache.org>
AuthorDate: Mon Nov 9 08:51:36 2020 -0800
Bump jetty to latest version (#10563)
This addresses CVE-2020-27216 which was flagged by the security vulnerability
job.
---
licenses.yaml | 2 +-
pom.xml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/licenses.yaml b/licenses.yaml
index b603e3f..c5e3b34 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -1691,7 +1691,7 @@ name: Jetty
license_category: binary
module: java-core
license_name: Apache License version 2.0
-version: 9.4.30.v20200611
+version: 9.4.34.v20201102
libraries:
- org.eclipse.jetty: jetty-client
- org.eclipse.jetty: jetty-continuation
diff --git a/pom.xml b/pom.xml
index 070a56a..9abe9e5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -91,7 +91,7 @@
<guava.version>16.0.1</guava.version>
<guice.version>4.1.0</guice.version>
<hamcrest.version>1.3</hamcrest.version>
- <jetty.version>9.4.30.v20200611</jetty.version>
+ <jetty.version>9.4.34.v20201102</jetty.version>
<jersey.version>1.19.3</jersey.version>
<jackson.version>2.10.2</jackson.version>
<jackson.databind.version>2.10.5.1</jackson.databind.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[druid] 01/02: Update deps for CVE-2020-28168 and CVE-2020-28052
(#10733)
Posted by ji...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jihoonson pushed a commit to branch 0.20.1
in repository https://gitbox.apache.org/repos/asf/druid.git
commit 36687868b0f63b8bcd950a1836d3d88f1242f06e
Author: Jonathan Wei <jo...@users.noreply.github.com>
AuthorDate: Thu Jan 7 22:31:44 2021 -0600
Update deps for CVE-2020-28168 and CVE-2020-28052 (#10733)
* Update deps for CVE-2020-28168 and CVE-2020-28052
* Make BC runtime scope
---
licenses.yaml | 2 +-
web-console/package-lock.json | 16 +++++++++++-----
web-console/package.json | 2 +-
3 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/licenses.yaml b/licenses.yaml
index 2fe0c14..b603e3f 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -4562,7 +4562,7 @@ license_category: binary
module: web-console
license_name: MIT License
copyright: Matt Zabriskie
-version: 0.19.0
+version: 0.21.1
license_file_path: licenses/bin/axios.MIT
---
diff --git a/web-console/package-lock.json b/web-console/package-lock.json
index 6de90c3..4c66f63 100644
--- a/web-console/package-lock.json
+++ b/web-console/package-lock.json
@@ -2395,12 +2395,18 @@
"dev": true
},
"axios": {
- "version": "0.19.0",
- "resolved": "https://registry.npmjs.org/axios/-/axios-0.19.0.tgz",
- "integrity": "sha512-1uvKqKQta3KBxIz14F2v06AEHZ/dIoeKfbTRkK1E5oqjDnuEerLmYTgJB5AiQZHJcljpg1TuRzdjDR06qNk0DQ==",
+ "version": "0.21.1",
+ "resolved": "https://registry.npmjs.org/axios/-/axios-0.21.1.tgz",
+ "integrity": "sha512-dKQiRHxGD9PPRIUNIWvZhPTPpl1rf/OxTYKsqKUDjBwYylTvV7SjSHJb9ratfyzM6wCdLCOYLzs73qpg5c4iGA==",
"requires": {
- "follow-redirects": "1.5.10",
- "is-buffer": "^2.0.2"
+ "follow-redirects": "^1.10.0"
+ },
+ "dependencies": {
+ "follow-redirects": {
+ "version": "1.13.1",
+ "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.13.1.tgz",
+ "integrity": "sha512-SSG5xmZh1mkPGyKzjZP8zLjltIfpW32Y5QpdNJyjcfGxK3qo3NDDkZOZSFiGn1A6SclQxY9GzEwAHQ3dmYRWpg=="
+ }
}
},
"babel-jest": {
diff --git a/web-console/package.json b/web-console/package.json
index 256c2bf..6e1d84c 100644
--- a/web-console/package.json
+++ b/web-console/package.json
@@ -59,7 +59,7 @@
"@blueprintjs/core": "^3.19.1",
"@blueprintjs/datetime": "^3.11.0",
"@blueprintjs/icons": "^3.11.0",
- "axios": "^0.19.0",
+ "axios": "^0.21.1",
"brace": "^0.11.1",
"classnames": "^2.2.6",
"copy-to-clipboard": "^3.2.0",
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org