You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by "essobedo (via GitHub)" <gi...@apache.org> on 2023/08/02 13:13:11 UTC
[GitHub] [camel] essobedo opened a new pull request, #10964: CAMEL-19695: camel-google-bigquery - Bump org.json to 20230618
essobedo opened a new pull request, #10964:
URL: https://github.com/apache/camel/pull/10964
Fix https://issues.apache.org/jira/browse/CAMEL-19695
## Motivation
The component `camel-google-bigquery` indirectly depends on `org.json:json:jar:20200518:compile` which has a know CVE https://nvd.nist.gov/vuln/detail/CVE-2022-45688 that can be fixed by upgrading it to `20230227` or higher.
## Modifications:
* Add `org.json:json:20230618` to the dependencyManagement section
* Replace `org.json:json:20200518` with `org.json:json:20230618` in `camel-google-bigquery`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] github-actions[bot] commented on pull request #10964: CAMEL-19695: camel-google-bigquery - Bump org.json to 20230618
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on PR #10964:
URL: https://github.com/apache/camel/pull/10964#issuecomment-1662191012
:star2: Thank you for your contribution to the Apache Camel project! :star2:
:warning: Please note that the changes on this PR may be **tested automatically**.
If necessary Apache Camel Committers may access logs and test results in the job summaries!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] oscerd commented on pull request #10964: CAMEL-19695: camel-google-bigquery - Bump org.json to 20230618
Posted by "oscerd (via GitHub)" <gi...@apache.org>.
oscerd commented on PR #10964:
URL: https://github.com/apache/camel/pull/10964#issuecomment-1662203265
> This always puzzled me, org.json json dependency has a category X license. We should avoid declaring it directly in our POM.
But they changed to public domain from a while and this version is fine: https://github.com/stleary/JSON-java/blob/20230618/LICENSE
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] essobedo commented on pull request #10964: CAMEL-19695: camel-google-bigquery - Bump org.json to 20230618
Posted by "essobedo (via GitHub)" <gi...@apache.org>.
essobedo commented on PR #10964:
URL: https://github.com/apache/camel/pull/10964#issuecomment-1662208807
> > This always puzzled me, org.json json dependency has a category X license. We should avoid declaring it directly in our POM.
>
> But they changed to public domain from a while and this version is fine: https://github.com/stleary/JSON-java/blob/20230618/LICENSE
A good remark and a good catch! 😅
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org