You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@eventmesh.apache.org by mi...@apache.org on 2022/05/07 02:21:27 UTC
[incubator-eventmesh] branch master updated: upgrade spring libs & jackson-databind s version to fix CVEs issues (#849)
This is an automated email from the ASF dual-hosted git repository.
mikexue pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-eventmesh.git
The following commit(s) were added to refs/heads/master by this push:
new 7e18b174 upgrade spring libs & jackson-databind s version to fix CVEs issues (#849)
7e18b174 is described below
commit 7e18b1740fb954f0438cb759c8c018ca8ca8fd7c
Author: VOPEN.XYZ <x_...@yeah.net>
AuthorDate: Sat May 7 10:21:22 2022 +0800
upgrade spring libs & jackson-databind s version to fix CVEs issues (#849)
* upgrade spring libs & jackson-databind s version to fix CVEs issues
* upgrade third party dependencies version and license file.
* removed spring boot web license
---
build.gradle | 8 ++++----
tools/third-party-dependencies/known-dependencies.txt | 6 +++---
tools/third-party-licenses/LICENSE | 6 +++---
3 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/build.gradle b/build.gradle
index eb46343c..cb737000 100644
--- a/build.gradle
+++ b/build.gradle
@@ -431,9 +431,9 @@ subprojects {
dependency "com.lmax:disruptor:3.4.2"
- dependency "com.fasterxml.jackson.core:jackson-databind:2.11.0"
- dependency "com.fasterxml.jackson.core:jackson-core:2.11.0"
- dependency "com.fasterxml.jackson.core:jackson-annotations:2.11.0"
+ dependency "com.fasterxml.jackson.core:jackson-databind:2.13.0"
+ dependency "com.fasterxml.jackson.core:jackson-core:2.13.0"
+ dependency "com.fasterxml.jackson.core:jackson-annotations:2.13.0"
dependency "org.apache.httpcomponents:httpclient:4.5.13"
@@ -458,7 +458,7 @@ subprojects {
dependency "com.h3xstream.findsecbugs:findsecbugs-plugin:1.11.0"
dependency "com.mebigfatguy.fb-contrib:fb-contrib:7.4.7"
- dependency "org.springframework.boot:spring-boot-starter-web:2.1.6.RELEASE"
+ dependency "org.springframework.boot:spring-boot-starter-web:2.6.7"
dependency "io.openmessaging:registry-server:0.0.1"
dependency "junit:junit:4.13.2"
diff --git a/tools/third-party-dependencies/known-dependencies.txt b/tools/third-party-dependencies/known-dependencies.txt
index 56dc3cce..d7655ae3 100644
--- a/tools/third-party-dependencies/known-dependencies.txt
+++ b/tools/third-party-dependencies/known-dependencies.txt
@@ -33,9 +33,9 @@ httpclient-4.5.13.jar
httpcore-4.4.13.jar
ipaddress-5.3.3.jar
j2objc-annotations-1.3.jar
-jackson-annotations-2.11.0.jar
-jackson-core-2.11.0.jar
-jackson-databind-2.11.0.jar
+jackson-annotations-2.13.0.jar
+jackson-core-2.13.0.jar
+jackson-databind-2.13.0.jar
javassist-3.20.0-GA.jar
javax.annotation-api-1.3.2.jar
jcommander-1.72.jar
diff --git a/tools/third-party-licenses/LICENSE b/tools/third-party-licenses/LICENSE
index 2a5e63b9..e1b04e24 100644
--- a/tools/third-party-licenses/LICENSE
+++ b/tools/third-party-licenses/LICENSE
@@ -247,9 +247,9 @@ gson 2.7:https://github.com/google/gson, Apache 2.0
httpclient 4.5.13: https://github.com/apache/httpcomponents-client, Apache 2.0
httpcore 4.4.13: https://github.com/apache/httpcomponents-core, Apache 2.0
j2objc-annotations 1.3: https://github.com/google/j2objc, Apache 2.0
-jackson-annotations 2.11.0: https://github.com/FasterXML/jackson-annotations, Apache 2.0
-jackson-core 2.11.0:https://github.com/FasterXML/jackson-core, Apache 2.0
-jackson-databind 2.11.0: https://github.com/FasterXML/jackson-databind, Apache 2.0
+jackson-annotations 2.13.0: https://github.com/FasterXML/jackson-annotations, Apache 2.0
+jackson-core 2.13.0:https://github.com/FasterXML/jackson-core, Apache 2.0
+jackson-databind 2.13.0: https://github.com/FasterXML/jackson-databind, Apache 2.0
javassist 3.20.0-GA/3.24.0-GA: https://github.com/jboss-javassist/javassist, Apache 2.0
jcommander 1.72: https://github.com/cbeust/jcommander, Apache 2.0
jna 4.2.2: https://github.com/java-native-access/jna, Apache 2.0
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@eventmesh.apache.org
For additional commands, e-mail: commits-help@eventmesh.apache.org