You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spark.apache.org by sr...@apache.org on 2022/08/14 23:20:44 UTC
[spark] branch master updated: [MINOR][BUILD] Upgrade apache-rat to 0.14
This is an automated email from the ASF dual-hosted git repository.
srowen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push:
new 2e6bc9a6b21 [MINOR][BUILD] Upgrade apache-rat to 0.14
2e6bc9a6b21 is described below
commit 2e6bc9a6b217f5ae737ac2559488e798d3c48593
Author: panbingkun <pb...@gmail.com>
AuthorDate: Sun Aug 14 18:20:30 2022 -0500
[MINOR][BUILD] Upgrade apache-rat to 0.14
### What changes were proposed in this pull request?
This PR upgrade `apache-rat` to 0.14.
### Why are the changes needed?
#### 1.This brings security issues fix like the following:
> 1.Update to doxia 1.11.1 in order to get CVE-2020-13956-httpclient problem fixes in doxia. Fixes [RAT-275](https://issues.apache.org/jira/browse/RAT-275)
> 2.Update to latest Commons IO to fix CVE-2021-29425 (Moderate severity). Fixes [RAT-281](https://issues.apache.org/jira/browse/RAT-281).
> 3.Update to junit 4.13.1 to fix CVE-2020-15250. Fixes [RAT-277](https://issues.apache.org/jira/browse/RAT-277)
> 4.Update to latest Apache Ant 1.10.9 to fix CVE-2020-11979. Update to JDK8 as minimal version/compiler version. Fixes [RAT-274](https://issues.apache.org/jira/browse/RAT-274)
> 5.Update to latest Apache Ant to fix CVE-2020-1945. Fixes [RAT-269](https://issues.apache.org/jira/browse/RAT-269)
> 6.Update to latest commons-compress to fix CVE-2019-12402. Fixes [RAT-258](https://issues.apache.org/jira/browse/RAT-258)
> 7.Update compiler level to 1.7 to allow building with more recent JDKs. Update plugins and dependencies to more modern versions to fix security issues (CVE-warnings). Fixes [RAT-244](https://issues.apache.org/jira/browse/RAT-244).
#### 2.Release notes:
> https://creadur.apache.org/rat/changes-report.html#a0.14
### Does this PR introduce _any_ user-facing change?
No.
### How was this patch tested?
Pass GA & manual tests: ./dev/check-license
Closes #37511 from panbingkun/upgrade_rat.
Authored-by: panbingkun <pb...@gmail.com>
Signed-off-by: Sean Owen <sr...@gmail.com>
---
dev/check-license | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dev/check-license b/dev/check-license
index f1cd5a5f1d4..55db95734dd 100755
--- a/dev/check-license
+++ b/dev/check-license
@@ -58,7 +58,7 @@ else
declare java_cmd=java
fi
-export RAT_VERSION=0.13
+export RAT_VERSION=0.14
export rat_jar="$FWDIR"/lib/apache-rat-${RAT_VERSION}.jar
mkdir -p "$FWDIR"/lib
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org