You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by sh...@apache.org on 2022/05/02 02:37:46 UTC

[pulsar] branch master updated: Bump dependency check and spring version to avoid potential FP (#15408)

This is an automated email from the ASF dual-hosted git repository.

shoothzj pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new 7dd6fb2ba62 Bump dependency check and spring version to avoid potential FP (#15408)
7dd6fb2ba62 is described below

commit 7dd6fb2ba62a1ba41f53d5d310cc966d36dbd974
Author: ZhangJian He <sh...@gmail.com>
AuthorDate: Mon May 2 10:37:41 2022 +0800

    Bump dependency check and spring version to avoid potential FP (#15408)
    
    ### Motivation
    Bump dependency check version to avoid potential FP
    Bump spring version to solve [CVE-2022-22968](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22968)
    
    ### Modifications
    - Bump dependency check version from 6.1.6 to 7.1.0
    - Bump spring version from 5.3.18 to 5.3.19
---
 pom.xml                 | 4 ++--
 pulsar-io/canal/pom.xml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index 0c3be1633d9..bb055753e87 100644
--- a/pom.xml
+++ b/pom.xml
@@ -206,7 +206,7 @@ flexible messaging model and an intuitive client API.</description>
     <kotlin-stdlib.version>1.4.32</kotlin-stdlib.version>
     <nsq-client.version>1.0</nsq-client.version>
     <cron-utils.version>9.1.6</cron-utils.version>
-    <spring-context.version>5.3.18</spring-context.version>
+    <spring-context.version>5.3.19</spring-context.version>
     <apache-http-client.version>4.5.13</apache-http-client.version>
     <apache-httpcomponents.version>4.4.15</apache-httpcomponents.version>
     <jetcd.version>0.5.11</jetcd.version>
@@ -262,7 +262,7 @@ flexible messaging model and an intuitive client API.</description>
     <errorprone-slf4j.version>0.1.4</errorprone-slf4j.version>
     <j2objc-annotations.version>1.3</j2objc-annotations.version>
     <lightproto-maven-plugin.version>0.4</lightproto-maven-plugin.version>
-    <dependency-check-maven.version>6.1.6</dependency-check-maven.version>
+    <dependency-check-maven.version>7.1.0</dependency-check-maven.version>
 
     <!-- Used to configure rename.netty.native. Libs -->
     <rename.netty.native.libs>rename-netty-native-libs.sh</rename.netty.native.libs>
diff --git a/pulsar-io/canal/pom.xml b/pulsar-io/canal/pom.xml
index 2e2287f3681..cb7a98c258f 100644
--- a/pulsar-io/canal/pom.xml
+++ b/pulsar-io/canal/pom.xml
@@ -33,7 +33,7 @@
     <name>Pulsar IO :: Canal</name>
 
     <properties>
-        <spring.version>5.3.18</spring.version>
+        <spring.version>5.3.19</spring.version>
         <canal.version>1.1.5</canal.version>
     </properties>