You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by sh...@apache.org on 2022/05/02 02:37:46 UTC
[pulsar] branch master updated: Bump dependency check and spring version to avoid potential FP (#15408)
This is an automated email from the ASF dual-hosted git repository.
shoothzj pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 7dd6fb2ba62 Bump dependency check and spring version to avoid potential FP (#15408)
7dd6fb2ba62 is described below
commit 7dd6fb2ba62a1ba41f53d5d310cc966d36dbd974
Author: ZhangJian He <sh...@gmail.com>
AuthorDate: Mon May 2 10:37:41 2022 +0800
Bump dependency check and spring version to avoid potential FP (#15408)
### Motivation
Bump dependency check version to avoid potential FP
Bump spring version to solve [CVE-2022-22968](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22968)
### Modifications
- Bump dependency check version from 6.1.6 to 7.1.0
- Bump spring version from 5.3.18 to 5.3.19
---
pom.xml | 4 ++--
pulsar-io/canal/pom.xml | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/pom.xml b/pom.xml
index 0c3be1633d9..bb055753e87 100644
--- a/pom.xml
+++ b/pom.xml
@@ -206,7 +206,7 @@ flexible messaging model and an intuitive client API.</description>
<kotlin-stdlib.version>1.4.32</kotlin-stdlib.version>
<nsq-client.version>1.0</nsq-client.version>
<cron-utils.version>9.1.6</cron-utils.version>
- <spring-context.version>5.3.18</spring-context.version>
+ <spring-context.version>5.3.19</spring-context.version>
<apache-http-client.version>4.5.13</apache-http-client.version>
<apache-httpcomponents.version>4.4.15</apache-httpcomponents.version>
<jetcd.version>0.5.11</jetcd.version>
@@ -262,7 +262,7 @@ flexible messaging model and an intuitive client API.</description>
<errorprone-slf4j.version>0.1.4</errorprone-slf4j.version>
<j2objc-annotations.version>1.3</j2objc-annotations.version>
<lightproto-maven-plugin.version>0.4</lightproto-maven-plugin.version>
- <dependency-check-maven.version>6.1.6</dependency-check-maven.version>
+ <dependency-check-maven.version>7.1.0</dependency-check-maven.version>
<!-- Used to configure rename.netty.native. Libs -->
<rename.netty.native.libs>rename-netty-native-libs.sh</rename.netty.native.libs>
diff --git a/pulsar-io/canal/pom.xml b/pulsar-io/canal/pom.xml
index 2e2287f3681..cb7a98c258f 100644
--- a/pulsar-io/canal/pom.xml
+++ b/pulsar-io/canal/pom.xml
@@ -33,7 +33,7 @@
<name>Pulsar IO :: Canal</name>
<properties>
- <spring.version>5.3.18</spring.version>
+ <spring.version>5.3.19</spring.version>
<canal.version>1.1.5</canal.version>
</properties>