You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@eventmesh.apache.org by ch...@apache.org on 2022/05/30 03:12:39 UTC
[incubator-eventmesh] branch master updated: upgrade rocketmq libs version to fix CVEs

This is an automated email from the ASF dual-hosted git repository.

chenguangsheng pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-eventmesh.git


The following commit(s) were added to refs/heads/master by this push:
     new 543c749f upgrade rocketmq libs version to fix CVEs
     new 4746d73d Merge pull request #852 from misselvexu/#755
543c749f is described below

commit 543c749f043783f638b65e8574a1ea78a80804ca
Author: misselvexu <x_...@yeah.net>
AuthorDate: Mon May 9 17:19:33 2022 +0800

    upgrade rocketmq libs version to fix CVEs
---
 .../eventmesh-admin-rocketmq/gradle.properties     |  2 +-
 .../eventmesh-connector-rocketmq/gradle.properties |  2 +-
 .../known-dependencies.txt                         | 43 +++++++++++-----------
 tools/third-party-licenses/LICENSE                 | 41 +++++++++++----------
 4 files changed, 45 insertions(+), 43 deletions(-)

diff --git a/eventmesh-admin/eventmesh-admin-rocketmq/gradle.properties b/eventmesh-admin/eventmesh-admin-rocketmq/gradle.properties
index 3d49f4c7..7c286399 100644
--- a/eventmesh-admin/eventmesh-admin-rocketmq/gradle.properties
+++ b/eventmesh-admin/eventmesh-admin-rocketmq/gradle.properties
@@ -14,4 +14,4 @@
 # limitations under the License.
 #
 
-rocketmq_version=4.7.1
\ No newline at end of file
+rocketmq_version=4.9.3
\ No newline at end of file
diff --git a/eventmesh-connector-plugin/eventmesh-connector-rocketmq/gradle.properties b/eventmesh-connector-plugin/eventmesh-connector-rocketmq/gradle.properties
index 4bcaa620..2138704d 100644
--- a/eventmesh-connector-plugin/eventmesh-connector-rocketmq/gradle.properties
+++ b/eventmesh-connector-plugin/eventmesh-connector-rocketmq/gradle.properties
@@ -14,7 +14,7 @@
 # limitations under the License.
 #
 
-rocketmq_version=4.7.1
+rocketmq_version=4.9.3
 
 pluginType=connector
 pluginName=rocketmq
\ No newline at end of file
diff --git a/tools/third-party-dependencies/known-dependencies.txt b/tools/third-party-dependencies/known-dependencies.txt
index d7655ae3..7179efd3 100644
--- a/tools/third-party-dependencies/known-dependencies.txt
+++ b/tools/third-party-dependencies/known-dependencies.txt
@@ -4,21 +4,21 @@ checker-qual-3.12.0.jar
 cloudevents-api-2.2.0.jar
 cloudevents-core-2.2.0.jar
 cloudevents-json-jackson-2.2.0.jar
-commons-beanutils-1.9.2.jar
+commons-beanutils-1.9.4.jar
 commons-cli-1.2.jar
 commons-codec-1.11.jar
 commons-collections-3.2.2.jar
 commons-collections4-4.1.jar
-commons-digester-1.8.1.jar
+commons-digester-2.1.jar
 commons-lang3-3.6.jar
 commons-logging-1.2.jar
 commons-text-1.9.jar
-commons-validator-1.6.jar
+commons-validator-1.7.jar
 disruptor-3.4.2.jar
-dledger-0.1.jar
+dledger-0.2.3.jar
 error_prone_annotations-2.7.1.jar
 failureaccess-1.0.1.jar
-fastjson-1.2.69.jar
+fastjson-1.2.76.jar
 grpc-context-1.15.0.jar
 grpc-core-1.15.0.jar
 grpc-netty-1.15.0.jar
@@ -46,7 +46,6 @@ listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
 log4j-api-2.17.1.jar
 log4j-core-2.17.1.jar
 log4j-slf4j-impl-2.17.1.jar
-logback-core-1.0.13.jar
 metrics-annotation-4.1.0.jar
 metrics-core-4.1.0.jar
 metrics-healthchecks-4.1.0.jar
@@ -73,7 +72,6 @@ netty-resolver-dns-4.1.73.Final.jar
 netty-resolver-dns-classes-macos-4.1.73.Final.jar
 netty-resolver-dns-native-macos-4.1.73.Final-osx-aarch_64.jar
 netty-resolver-dns-native-macos-4.1.73.Final-osx-x86_64.jar
-netty-tcnative-boringssl-static-1.1.33.Fork26.jar
 netty-tcnative-classes-2.0.46.Final.jar
 netty-transport-4.1.73.Final.jar
 netty-transport-classes-epoll-4.1.73.Final.jar
@@ -103,23 +101,22 @@ opentelemetry-sdk-trace-1.3.0.jar
 opentelemetry-semconv-1.3.0-alpha.jar
 proto-google-common-protos-1.0.0.jar
 protobuf-java-3.5.1.jar
-rocketmq-acl-4.7.1.jar
-rocketmq-broker-4.7.1.jar
-rocketmq-client-4.7.1.jar
-rocketmq-common-4.7.1.jar
-rocketmq-filter-4.7.1.jar
-rocketmq-logging-4.7.1.jar
-rocketmq-namesrv-4.7.1.jar
-rocketmq-remoting-4.7.1.jar
-rocketmq-srvutil-4.7.1.jar
-rocketmq-store-4.7.1.jar
-rocketmq-test-4.7.1.jar
-rocketmq-tools-4.7.1.jar
+rocketmq-acl-4.9.3.jar
+rocketmq-broker-4.9.3.jar
+rocketmq-client-4.9.3.jar
+rocketmq-common-4.9.3.jar
+rocketmq-filter-4.9.3.jar
+rocketmq-logging-4.9.3.jar
+rocketmq-namesrv-4.9.3.jar
+rocketmq-remoting-4.9.3.jar
+rocketmq-srvutil-4.9.3.jar
+rocketmq-store-4.9.3.jar
+rocketmq-test-4.9.3.jar
+rocketmq-tools-4.9.3.jar
 simpleclient-0.8.1.jar
 simpleclient_common-0.8.1.jar
 simpleclient_httpserver-0.8.1.jar
 slf4j-api-1.7.30.jar
-snakeyaml-1.19.jar
 system-rules-1.16.1.jar
 truth-0.30.jar
 zipkin-2.23.2.jar
@@ -130,4 +127,8 @@ httpcore-nio-4.4.6.jar
 javassist-3.21.0-GA.jar
 nacos-client-2.0.4.jar
 reflections-0.9.11.jar
-snakeyaml-1.23.jar
\ No newline at end of file
+snakeyaml-1.23.jar
+snakeyaml-1.30.jar
+bcpkix-jdk15on-1.69.jar
+bcprov-jdk15on-1.69.jar
+bcutil-jdk15on-1.69.jar
\ No newline at end of file
diff --git a/tools/third-party-licenses/LICENSE b/tools/third-party-licenses/LICENSE
index e1b04e24..fa6965ca 100644
--- a/tools/third-party-licenses/LICENSE
+++ b/tools/third-party-licenses/LICENSE
@@ -219,22 +219,22 @@ assertj-core 2.6.0: https://github.com/assertj/assertj-core, Apache 2.0
 cloudevents-api 2.2.0: https://github.com/cloudevents/sdk-java, Apache 2.0
 cloudevents-core 2.2.0: https://github.com/cloudevents/sdk-java, Apache 2.0
 cloudevents-json-jackson 2.2.0: https://github.com/cloudevents/sdk-java, Apache 2.0
-commons-beanutils 1.9.2: https://github.com/apache/commons-beanutils, Apache 2.0
+commons-beanutils 1.9.4: https://github.com/apache/commons-beanutils, Apache 2.0
 commons-cli 1.2: https://github.com/apache/commons-cli, Apache 2.0
 commons-codec 1.11: https://github.com/apache/commons-codec, Apache 2.0
 commons-collections 3.2.2: https://github.com/apache/commons-collections, Apache 2.0
 commons-collections4 4.1: https://github.com/apache/commons-collections, Apache 2.0
-commons-digester 1.8.1: https://github.com/apache/commons-digester, Apache 2.0
+commons-digester 2.1: https://github.com/apache/commons-digester, Apache 2.0
 commons-lang3 3.6: https://github.com/apache/commons-lang, Apache 2.0
 commons-logging 1.2: https://github.com/apache/commons-logging, Apache 2.0
 commons-text 1.9: https://github.com/apache/commons-text, Apache 2.0
-commons-validator 1.6: https://github.com/apache/commons-validator, Apache 2.0
+commons-validator 1.7: https://github.com/apache/commons-validator, Apache 2.0
 disruptor 3.4.2: https://github.com/LMAX-Exchange/disruptor, Apache 2.0
-dledger 0.1: https://github.com/openmessaging/dledger, Apache 2.0
+dledger 0.2.3: https://github.com/openmessaging/dledger, Apache 2.0
 error_prone_annotations 2.7.1: https://github.com/google/error-prone, Apache 2.0
 failureaccess 1.0.1: https://github.com/google/guava, Apache 2.0
 listenablefuture 9999.0-empty-to-avoid-conflict-with-guava: https://github.com/google/guava, Apache 2.0
-fastjson 1.2.69: https://github.com/alibaba/fastjson, Apache 2.0
+fastjson 1.2.76: https://github.com/alibaba/fastjson, Apache 2.0
 guava 31.0.1-jre: https://github.com/google/guava, Apache 2.0
 grpc-context 1.15.0: https://github.com/grpc/grpc-java, Apache 2.0
 grpc-core 1.15.0: https://github.com/grpc/grpc-java, Apache 2.0
@@ -282,7 +282,6 @@ netty-resolver-dns 4.1.73.Final: https://github.com/netty/netty/tree/netty-4.1.7
 netty-resolver-dns-classes-macos 4.1.73.Final: https://github.com/netty/netty/tree/netty-4.1.73.Final, Apache 2.0
 netty-resolver-dns-native-macos 4.1.73.Final-osx-aarch_64: https://github.com/netty/netty/tree/netty-4.1.73.Final, Apache 2.0
 netty-resolver-dns-native-macos 4.1.73.Final-osx-x86_64: https://github.com/netty/netty/tree/netty-4.1.73.Final, Apache 2.0
-netty-tcnative-boringssl-static 1.1.33.Fork26: https://github.com/netty/netty, Apache 2.0
 netty-tcnative-classes 2.0.46.Final: https://github.com/netty/netty/tree/netty-4.1.73.Final, Apache 2.0
 netty-transport 4.1.73.Final: https://github.com/netty/netty/tree/netty-4.1.73.Final, Apache 2.0
 netty-transport-classes-epoll 4.1.73.Final: https://github.com/netty/netty/tree/netty-4.1.73.Final, Apache 2.0
@@ -311,26 +310,29 @@ opentelemetry-sdk-metrics 1.3.0-alpha: https://github.com/open-telemetry/opentel
 opentelemetry-sdk-trace 1.3.0: https://github.com/open-telemetry/opentelemetry-java, Apache 2.0
 opentelemetry-semconv 1.3.0-alpha: https://github.com/open-telemetry/opentelemetry-java, Apache 2.0
 proto-google-common-protos 1.0.0: https://github.com/googleapis/common-protos-java, Apache 2.0
-rocketmq-acl 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-broker 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-client 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-common 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-filter 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-logging 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-namesrv 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-remoting 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-srvutil 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-store 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-test 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
-rocketmq-tools 4.7.1: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-acl 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-broker 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-client 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-common 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-filter 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-logging 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-namesrv 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-remoting 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-srvutil 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-store 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-test 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
+rocketmq-tools 4.9.3: https://github.com/apache/rocketmq, Apache 2.0
 simpleclient 0.8.1: https://github.com/prometheus/client_java, Apache 2.0
 simpleclient_common 0.8.1: https://github.com/prometheus/client_java, Apache 2.0
 simpleclient_httpserver 0.8.1: https://github.com/prometheus/client_java, Apache 2.0
-snakeyaml 1.19/1.23: https://bitbucket.org/asomov/snakeyaml, Apache 2.0
+snakeyaml 1.23/1.30: https://bitbucket.org/asomov/snakeyaml, Apache 2.0
 truth 0.30: https://github.com/google/truth, Apache 2.0
 zipkin 2.23.2: https://github.com/openzipkin/zipkin, Apache 2.0
 zipkin-reporter 2.16.3: https://github.com/openzipkin/zipkin-reporter-java, Apache 2.0
 zipkin-sender-okhttp3 2.16.3: https://github.com/openzipkin/zipkin-reporter-java, Apache 2.0
+bcpkix-jdk15on 1.69: https://github.com/bcgit/bc-java, Apache 2.0
+bcprov-jdk15on 1.69: https://github.com/bcgit/bc-java, Apache 2.0
+bcutil-jdk15on 1.69: https://github.com/bcgit/bc-java, Apache 2.0
 
 ========================================================================
 BSD licenses
@@ -369,7 +371,6 @@ The following components are provided under the EPL License. See project link fo
 The text of each license is also included at licenses/LICENSE-[project].txt.
 
 junit 4.13.2: https://github.com/junit-team/junit5, EPL
-logback-core 1.0.13: https://github.com/qos-ch/logback, EPL
 
 ========================================================================
 MIT licenses


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@eventmesh.apache.org
For additional commands, e-mail: commits-help@eventmesh.apache.org