You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@eventmesh.apache.org by mi...@apache.org on 2022/05/07 02:21:27 UTC

[incubator-eventmesh] branch master updated: upgrade spring libs & jackson-databind s version to fix CVEs issues (#849)

This is an automated email from the ASF dual-hosted git repository.

mikexue pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-eventmesh.git


The following commit(s) were added to refs/heads/master by this push:
     new 7e18b174 upgrade spring libs & jackson-databind s version to fix CVEs issues (#849)
7e18b174 is described below

commit 7e18b1740fb954f0438cb759c8c018ca8ca8fd7c
Author: VOPEN.XYZ <x_...@yeah.net>
AuthorDate: Sat May 7 10:21:22 2022 +0800

    upgrade spring libs & jackson-databind s version to fix CVEs issues (#849)
    
    * upgrade spring libs & jackson-databind s version to fix CVEs issues
    
    * upgrade third party dependencies version and license file.
    
    * removed spring boot web license
---
 build.gradle                                          | 8 ++++----
 tools/third-party-dependencies/known-dependencies.txt | 6 +++---
 tools/third-party-licenses/LICENSE                    | 6 +++---
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/build.gradle b/build.gradle
index eb46343c..cb737000 100644
--- a/build.gradle
+++ b/build.gradle
@@ -431,9 +431,9 @@ subprojects {
 
             dependency "com.lmax:disruptor:3.4.2"
 
-            dependency "com.fasterxml.jackson.core:jackson-databind:2.11.0"
-            dependency "com.fasterxml.jackson.core:jackson-core:2.11.0"
-            dependency "com.fasterxml.jackson.core:jackson-annotations:2.11.0"
+            dependency "com.fasterxml.jackson.core:jackson-databind:2.13.0"
+            dependency "com.fasterxml.jackson.core:jackson-core:2.13.0"
+            dependency "com.fasterxml.jackson.core:jackson-annotations:2.13.0"
 
             dependency "org.apache.httpcomponents:httpclient:4.5.13"
 
@@ -458,7 +458,7 @@ subprojects {
             dependency "com.h3xstream.findsecbugs:findsecbugs-plugin:1.11.0"
             dependency "com.mebigfatguy.fb-contrib:fb-contrib:7.4.7"
 
-            dependency "org.springframework.boot:spring-boot-starter-web:2.1.6.RELEASE"
+            dependency "org.springframework.boot:spring-boot-starter-web:2.6.7"
             dependency "io.openmessaging:registry-server:0.0.1"
 
             dependency "junit:junit:4.13.2"
diff --git a/tools/third-party-dependencies/known-dependencies.txt b/tools/third-party-dependencies/known-dependencies.txt
index 56dc3cce..d7655ae3 100644
--- a/tools/third-party-dependencies/known-dependencies.txt
+++ b/tools/third-party-dependencies/known-dependencies.txt
@@ -33,9 +33,9 @@ httpclient-4.5.13.jar
 httpcore-4.4.13.jar
 ipaddress-5.3.3.jar
 j2objc-annotations-1.3.jar
-jackson-annotations-2.11.0.jar
-jackson-core-2.11.0.jar
-jackson-databind-2.11.0.jar
+jackson-annotations-2.13.0.jar
+jackson-core-2.13.0.jar
+jackson-databind-2.13.0.jar
 javassist-3.20.0-GA.jar
 javax.annotation-api-1.3.2.jar
 jcommander-1.72.jar
diff --git a/tools/third-party-licenses/LICENSE b/tools/third-party-licenses/LICENSE
index 2a5e63b9..e1b04e24 100644
--- a/tools/third-party-licenses/LICENSE
+++ b/tools/third-party-licenses/LICENSE
@@ -247,9 +247,9 @@ gson 2.7:https://github.com/google/gson, Apache 2.0
 httpclient 4.5.13: https://github.com/apache/httpcomponents-client, Apache 2.0
 httpcore 4.4.13: https://github.com/apache/httpcomponents-core, Apache 2.0
 j2objc-annotations 1.3: https://github.com/google/j2objc, Apache 2.0
-jackson-annotations 2.11.0: https://github.com/FasterXML/jackson-annotations, Apache 2.0
-jackson-core 2.11.0:https://github.com/FasterXML/jackson-core, Apache 2.0
-jackson-databind 2.11.0: https://github.com/FasterXML/jackson-databind, Apache 2.0
+jackson-annotations 2.13.0: https://github.com/FasterXML/jackson-annotations, Apache 2.0
+jackson-core 2.13.0:https://github.com/FasterXML/jackson-core, Apache 2.0
+jackson-databind 2.13.0: https://github.com/FasterXML/jackson-databind, Apache 2.0
 javassist 3.20.0-GA/3.24.0-GA: https://github.com/jboss-javassist/javassist, Apache 2.0
 jcommander 1.72: https://github.com/cbeust/jcommander, Apache 2.0
 jna 4.2.2: https://github.com/java-native-access/jna, Apache 2.0


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@eventmesh.apache.org
For additional commands, e-mail: commits-help@eventmesh.apache.org