You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kylin.apache.org by xx...@apache.org on 2023/01/06 11:10:16 UTC
[kylin] 11/12: KYLIN-5357 fix snyk vulnerabilities
This is an automated email from the ASF dual-hosted git repository.
xxyu pushed a commit to branch kylin5
in repository https://gitbox.apache.org/repos/asf/kylin.git
commit 236172adece9da6506dd8e2a542dfe02524b95bd
Author: Jiale He <ji...@kyligence.io>
AuthorDate: Tue Nov 8 17:10:35 2022 +0800
KYLIN-5357 fix snyk vulnerabilities
* KYLIN-5357 upgrade esapi, h2database, spring-security-web
* KYLIN-5357 exclude xalan
---
pom.xml | 21 ++++++++++++++-------
src/kylin-it/pom.xml | 5 -----
src/server/pom.xml | 3 +--
3 files changed, 15 insertions(+), 14 deletions(-)
diff --git a/pom.xml b/pom.xml
index cf05b751a6..c2bea76ab1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -123,7 +123,6 @@
<log4j2-cachefile-transformer.version>2.14.1</log4j2-cachefile-transformer.version>
<slf4j.version>1.7.30</slf4j.version>
<apache-log4j.version>2.12.1</apache-log4j.version>
- <xalan.version>2.7.2</xalan.version>
<ehcache.version>2.10.9.2</ehcache.version>
<redis.version>3.8.0</redis.version>
<apache-httpclient.version>4.5.13</apache-httpclient.version>
@@ -158,7 +157,7 @@
<spring-boot-admin.version>2.6.6</spring-boot-admin.version>
<spring-session.version>2.6.1-kylin-r3</spring-session.version>
<spring.framework.security.extensions.version>1.0.10.RELEASE</spring.framework.security.extensions.version>
- <spring-security-web.version>5.6.4</spring-security-web.version>
+ <spring-security-web.version>5.6.9</spring-security-web.version>
<opensaml.version>2.6.6</opensaml.version>
<aspectj.version>1.8.9</aspectj.version>
<unboundid-ldapsdk.version>3.1.1</unboundid-ldapsdk.version>
@@ -1951,6 +1950,11 @@
<artifactId>lombok</artifactId>
<version>${lombok.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.owasp.esapi</groupId>
+ <artifactId>esapi</artifactId>
+ <version>${esapi.version}</version>
+ </dependency>
<!-- Logging -->
<dependency>
@@ -2077,11 +2081,6 @@
<artifactId>xercesImpl</artifactId>
<version>${xerces.version}</version>
</dependency>
- <dependency>
- <groupId>xalan</groupId>
- <artifactId>xalan</artifactId>
- <version>${xalan.version}</version>
- </dependency>
<dependency>
<groupId>com.github.jbellis</groupId>
<artifactId>jamm</artifactId>
@@ -2303,6 +2302,14 @@
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>xalan</groupId>
+ <artifactId>xalan</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-web</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/src/kylin-it/pom.xml b/src/kylin-it/pom.xml
index 26f612b535..322af3ea24 100644
--- a/src/kylin-it/pom.xml
+++ b/src/kylin-it/pom.xml
@@ -250,11 +250,6 @@
<artifactId>xercesImpl</artifactId>
<scope>test</scope>
</dependency>
- <dependency>
- <groupId>xalan</groupId>
- <artifactId>xalan</artifactId>
- <scope>test</scope>
- </dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
diff --git a/src/server/pom.xml b/src/server/pom.xml
index 92d041bbf9..755e7c6ce4 100644
--- a/src/server/pom.xml
+++ b/src/server/pom.xml
@@ -202,8 +202,7 @@
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
- <version>1.4.197</version>
- <scope>compile</scope>
+ <scope>test</scope>
</dependency>
<!-- mysql -->