You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@eventmesh.apache.org by ch...@apache.org on 2022/05/30 03:12:39 UTC
[incubator-eventmesh] branch master updated: upgrade rocketmq libs version to fix CVEs
This is an automated email from the ASF dual-hosted git repository.
chenguangsheng pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-eventmesh.git
The following commit(s) were added to refs/heads/master by this push:
new 543c749f upgrade rocketmq libs version to fix CVEs
new 4746d73d Merge pull request #852 from misselvexu/#755
543c749f is described below
commit 543c749f043783f638b65e8574a1ea78a80804ca
Author: misselvexu <x_...@yeah.net>
AuthorDate: Mon May 9 17:19:33 2022 +0800
upgrade rocketmq libs version to fix CVEs
---
.../eventmesh-admin-rocketmq/gradle.properties | 2 +-
.../eventmesh-connector-rocketmq/gradle.properties | 2 +-
.../known-dependencies.txt | 43 +++++++++++-----------
tools/third-party-licenses/LICENSE | 41 +++++++++++----------
4 files changed, 45 insertions(+), 43 deletions(-)
diff --git a/eventmesh-admin/eventmesh-admin-rocketmq/gradle.properties b/eventmesh-admin/eventmesh-admin-rocketmq/gradle.properties
index 3d49f4c7..7c286399 100644
--- a/eventmesh-admin/eventmesh-admin-rocketmq/gradle.properties
+++ b/eventmesh-admin/eventmesh-admin-rocketmq/gradle.properties
@@ -14,4 +14,4 @@
# limitations under the License.
#
-rocketmq_version=4.7.1
\ No newline at end of file
+rocketmq_version=4.9.3
\ No newline at end of file
diff --git a/eventmesh-connector-plugin/eventmesh-connector-rocketmq/gradle.properties b/eventmesh-connector-plugin/eventmesh-connector-rocketmq/gradle.properties
index 4bcaa620..2138704d 100644
--- a/eventmesh-connector-plugin/eventmesh-connector-rocketmq/gradle.properties
+++ b/eventmesh-connector-plugin/eventmesh-connector-rocketmq/gradle.properties
@@ -14,7 +14,7 @@
# limitations under the License.
#
-rocketmq_version=4.7.1
+rocketmq_version=4.9.3
pluginType=connector
pluginName=rocketmq
\ No newline at end of file
diff --git a/tools/third-party-dependencies/known-dependencies.txt b/tools/third-party-dependencies/known-dependencies.txt
index d7655ae3..7179efd3 100644
--- a/tools/third-party-dependencies/known-dependencies.txt
+++ b/tools/third-party-dependencies/known-dependencies.txt
@@ -4,21 +4,21 @@ checker-qual-3.12.0.jar
cloudevents-api-2.2.0.jar
cloudevents-core-2.2.0.jar
cloudevents-json-jackson-2.2.0.jar
-commons-beanutils-1.9.2.jar
+commons-beanutils-1.9.4.jar
commons-cli-1.2.jar
commons-codec-1.11.jar
commons-collections-3.2.2.jar
commons-collections4-4.1.jar
-commons-digester-1.8.1.jar
+commons-digester-2.1.jar
commons-lang3-3.6.jar
commons-logging-1.2.jar
commons-text-1.9.jar
-commons-validator-1.6.jar
+commons-validator-1.7.jar
disruptor-3.4.2.jar
-dledger-0.1.jar
+dledger-0.2.3.jar
error_prone_annotations-2.7.1.jar
failureaccess-1.0.1.jar
-fastjson-1.2.69.jar
+fastjson-1.2.76.jar
grpc-context-1.15.0.jar
grpc-core-1.15.0.jar
grpc-netty-1.15.0.jar
@@ -46,7 +46,6 @@ listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
log4j-api-2.17.1.jar
log4j-core-2.17.1.jar
log4j-slf4j-impl-2.17.1.jar
-logback-core-1.0.13.jar
metrics-annotation-4.1.0.jar
metrics-core-4.1.0.jar
metrics-healthchecks-4.1.0.jar
@@ -73,7 +72,6 @@ netty-resolver-dns-4.1.73.Final.jar
netty-resolver-dns-classes-macos-4.1.73.Final.jar
netty-resolver-dns-native-macos-4.1.73.Final-osx-aarch_64.jar
netty-resolver-dns-native-macos-4.1.73.Final-osx-x86_64.jar
-netty-tcnative-boringssl-static-1.1.33.Fork26.jar
netty-tcnative-classes-2.0.46.Final.jar
netty-transport-4.1.73.Final.jar
netty-transport-classes-epoll-4.1.73.Final.jar
@@ -103,23 +101,22 @@ opentelemetry-sdk-trace-1.3.0.jar
opentelemetry-semconv-1.3.0-alpha.jar
proto-google-common-protos-1.0.0.jar
protobuf-java-3.5.1.jar
-rocketmq-acl-4.7.1.jar
-rocketmq-broker-4.7.1.jar
-rocketmq-client-4.7.1.jar
-rocketmq-common-4.7.1.jar
-rocketmq-filter-4.7.1.jar
-rocketmq-logging-4.7.1.jar
-rocketmq-namesrv-4.7.1.jar
-rocketmq-remoting-4.7.1.jar
-rocketmq-srvutil-4.7.1.jar
-rocketmq-store-4.7.1.jar
-rocketmq-test-4.7.1.jar
-rocketmq-tools-4.7.1.jar
+rocketmq-acl-4.9.3.jar
+rocketmq-broker-4.9.3.jar
+rocketmq-client-4.9.3.jar
+rocketmq-common-4.9.3.jar
+rocketmq-filter-4.9.3.jar
+rocketmq-logging-4.9.3.jar
+rocketmq-namesrv-4.9.3.jar
+rocketmq-remoting-4.9.3.jar
+rocketmq-srvutil-4.9.3.jar
+rocketmq-store-4.9.3.jar
+rocketmq-test-4.9.3.jar
+rocketmq-tools-4.9.3.jar
simpleclient-0.8.1.jar
simpleclient_common-0.8.1.jar
simpleclient_httpserver-0.8.1.jar
slf4j-api-1.7.30.jar
-snakeyaml-1.19.jar
system-rules-1.16.1.jar
truth-0.30.jar
zipkin-2.23.2.jar
@@ -130,4 +127,8 @@ httpcore-nio-4.4.6.jar
javassist-3.21.0-GA.jar
nacos-client-2.0.4.jar
reflections-0.9.11.jar
-snakeyaml-1.23.jar
\ No newline at end of file
+snakeyaml-1.23.jar
+snakeyaml-1.30.jar
+bcpkix-jdk15on-1.69.jar
+bcprov-jdk15on-1.69.jar
+bcutil-jdk15on-1.69.jar
\ No newline at end of file
diff --git a/tools/third-party-licenses/LICENSE b/tools/third-party-licenses/LICENSE
index e1b04e24..fa6965ca 100644
--- a/tools/third-party-licenses/LICENSE
+++ b/tools/third-party-licenses/LICENSE
@@ -219,22 +219,22 @@ assertj-core 2.6.0: https://github.com/assertj/assertj-core, Apache 2.0
cloudevents-api 2.2.0: https://github.com/cloudevents/sdk-java, Apache 2.0
cloudevents-core 2.2.0: https://github.com/cloudevents/sdk-java, Apache 2.0
cloudevents-json-jackson 2.2.0: https://github.com/cloudevents/sdk-java, Apache 2.0
-commons-beanutils 1.9.2: https://github.com/apache/commons-beanutils, Apache 2.0
+commons-beanutils 1.9.4: https://github.com/apache/commons-beanutils, Apache 2.0
commons-cli 1.2: https://github.com/apache/commons-cli, Apache 2.0
commons-codec 1.11: https://github.com/apache/commons-codec, Apache 2.0
commons-collections 3.2.2: https://github.com/apache/commons-collections, Apache 2.0
commons-collections4 4.1: https://github.com/apache/commons-collections, Apache 2.0
-commons-digester 1.8.1: https://github.com/apache/commons-digester, Apache 2.0
+commons-digester 2.1: https://github.com/apache/commons-digester, Apache 2.0
commons-lang3 3.6: https://github.com/apache/commons-lang, Apache 2.0
commons-logging 1.2: https://github.com/apache/commons-logging, Apache 2.0
commons-text 1.9: https://github.com/apache/commons-text, Apache 2.0
-commons-validator 1.6: https://github.com/apache/commons-validator, Apache 2.0
+commons-validator 1.7: https://github.com/apache/commons-validator, Apache 2.0
disruptor 3.4.2: https://github.com/LMAX-Exchange/disruptor, Apache 2.0
-dledger 0.1: https://github.com/openmessaging/dledger, Apache 2.0
+dledger 0.2.3: https://github.com/openmessaging/dledger, Apache 2.0
error_prone_annotations 2.7.1: https://github.com/google/error-prone, Apache 2.0
failureaccess 1.0.1: https://github.com/google/guava, Apache 2.0
listenablefuture 9999.0-empty-to-avoid-conflict-with-guava: https://github.com/google/guava, Apache 2.0
-fastjson 1.2.69: https://github.com/alibaba/fastjson, Apache 2.0
+fastjson 1.2.76: https://github.com/alibaba/fastjson, Apache 2.0
guava 31.0.1-jre: https://github.com/google/guava, Apache 2.0
grpc-context 1.15.0: https://github.com/grpc/grpc-java, Apache 2.0
grpc-core 1.15.0: https://github.com/grpc/grpc-java, Apache 2.0
@@ -282,7 +282,6 @@ netty-resolver-dns 4.1.73.Final: https://github.com/netty/netty/tree/netty-4.1.7
netty-resolver-dns-classes-macos 4.1.73.Final: https://github.com/netty/netty/tree/netty-4.1.73.Final, Apache 2.0
netty-resolver-dns-native-macos 4.1.73.Final-osx-aarch_64: https://github.com/netty/netty/tree/netty-4.1.73.Final, Apache 2.0
netty-resolver-dns-native-macos 4.1.73.Final-osx-x86_64: https://github.com/netty/netty/tree/netty-4.1.73.Final, Apache 2.0
-netty-tcnative-boringssl-static 1.1.33.Fork26: https://github.com/netty/netty, Apache 2.0
netty-tcnative-classes 2.0.46.Final: https://github.com/netty/netty/tree/netty-4.1.73.Final, Apache 2.0
netty-transport 4.1.73.Final: https://github.com/netty/netty/tree/netty-4.1.73.Final, Apache 2.0
netty-transport-classes-epoll 4.1.73.Final: https://github.com/netty/netty/tree/netty-4.1.73.Final, Apache 2.0
@@ -311,26 +310,29 @@ opentelemetry-sdk-metrics 1.3.0-alpha: https://github.com/open-telemetry/opentel
opentelemetry-sdk-trace 1.3.0: https://github.com/open-telemetry/opentelemetry-java, Apache 2.0
opentelemetry-semconv 1.3.0-alpha: https://github.com/open-telemetry/opentelemetry-java, Apache 2.0
proto-google-common-protos 1.0.0: https://github.com/googleapis/common-protos-java, Apache 2.0
-rocketmq-acl 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-broker 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-client 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-common 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-filter 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-logging 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-namesrv 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-remoting 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-srvutil 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-store 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-test 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-tools 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-acl 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-broker 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-client 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-common 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-filter 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-logging 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-namesrv 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-remoting 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-srvutil 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-store 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-test 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-tools 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
simpleclient 0.8.1: https://github.com/prometheus/client_java, Apache 2.0
simpleclient_common 0.8.1: https://github.com/prometheus/client_java, Apache 2.0
simpleclient_httpserver 0.8.1: https://github.com/prometheus/client_java, Apache 2.0
-snakeyaml 1.19/1.23: https://bitbucket.org/asomov/snakeyaml, Apache 2.0
+snakeyaml 1.23/1.30: https://bitbucket.org/asomov/snakeyaml, Apache 2.0
truth 0.30: https://github.com/google/truth, Apache 2.0
zipkin 2.23.2: https://github.com/openzipkin/zipkin, Apache 2.0
zipkin-reporter 2.16.3: https://github.com/openzipkin/zipkin-reporter-java, Apache 2.0
zipkin-sender-okhttp3 2.16.3: https://github.com/openzipkin/zipkin-reporter-java, Apache 2.0
+bcpkix-jdk15on 1.69: https://github.com/bcgit/bc-java, Apache 2.0
+bcprov-jdk15on 1.69: https://github.com/bcgit/bc-java, Apache 2.0
+bcutil-jdk15on 1.69: https://github.com/bcgit/bc-java, Apache 2.0
========================================================================
BSD licenses
@@ -369,7 +371,6 @@ The following components are provided under the EPL License. See project link fo
The text of each license is also included at licenses/LICENSE-[project].txt.
junit 4.13.2: https://github.com/junit-team/junit5, EPL
-logback-core 1.0.13: https://github.com/qos-ch/logback, EPL
========================================================================
MIT licenses
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@eventmesh.apache.org
For additional commands, e-mail: commits-help@eventmesh.apache.org