You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@skywalking.apache.org by ke...@apache.org on 2023/04/06 03:37:00 UTC

[skywalking] branch master updated: Bump up graphql-java to fix cve and kubernetes java client to adopt snakeyaml v2 (#10649)

This is an automated email from the ASF dual-hosted git repository.

kezhenxu94 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/skywalking.git


The following commit(s) were added to refs/heads/master by this push:
     new d5daf71ae0 Bump up graphql-java to fix cve and kubernetes java client to adopt snakeyaml v2 (#10649)
d5daf71ae0 is described below

commit d5daf71ae0cde12cb61ee5dd88639077834917b6
Author: kezhenxu94 <ke...@apache.org>
AuthorDate: Thu Apr 6 11:36:49 2023 +0800

    Bump up graphql-java to fix cve and kubernetes java client to adopt snakeyaml v2 (#10649)
---
 .licenserc.yaml                    |  2 +-
 dist-material/release-docs/LICENSE | 22 +++++++++++-----------
 docs/en/changes/changes.md         |  2 ++
 oap-server-bom/pom.xml             |  4 ++--
 4 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/.licenserc.yaml b/.licenserc.yaml
index eb8fdd4732..918eda48fa 100644
--- a/.licenserc.yaml
+++ b/.licenserc.yaml
@@ -91,7 +91,7 @@ dependency:
       version: 9999.0-empty-to-avoid-conflict-with-guava
       license: Apache-2.0
     - name: io.swagger:swagger-annotations
-      version: 1.6.6
+      version: 1.6.9
       license: Apache-2.0
     - name: com.squareup.okio:okio
       version: 1.15.0,1.17.2
diff --git a/dist-material/release-docs/LICENSE b/dist-material/release-docs/LICENSE
index bea42c58e9..4022dd0fbd 100644
--- a/dist-material/release-docs/LICENSE
+++ b/dist-material/release-docs/LICENSE
@@ -240,7 +240,7 @@ The text of each license is the standard Apache 2.0 license.
     https://mvnrepository.com/artifact/com.linecorp.armeria/armeria-graphql-protocol/1.21.0 Apache-2.0
     https://mvnrepository.com/artifact/com.linecorp.armeria/armeria-protobuf/1.21.0 Apache-2.0
     https://mvnrepository.com/artifact/com.orbitz.consul/consul-client/1.5.3 Apache-2.0
-    https://mvnrepository.com/artifact/com.squareup.okhttp3/logging-interceptor/4.9.2 Apache-2.0
+    https://mvnrepository.com/artifact/com.squareup.okhttp3/logging-interceptor/4.10.0 Apache-2.0
     https://mvnrepository.com/artifact/com.squareup.okhttp3/okhttp/4.9.0 Apache-2.0
     https://mvnrepository.com/artifact/com.squareup.okio/okio/2.8.0 Apache-2.0
     https://mvnrepository.com/artifact/com.squareup.retrofit2/converter-jackson/2.9.0 Apache-2.0
@@ -265,9 +265,9 @@ The text of each license is the standard Apache 2.0 license.
     https://mvnrepository.com/artifact/io.grpc/grpc-protobuf-lite/1.49.0 Apache-2.0
     https://mvnrepository.com/artifact/io.grpc/grpc-stub/1.49.0 Apache-2.0
     https://mvnrepository.com/artifact/io.gsonfire/gson-fire/1.8.5 Apache-2.0
-    https://mvnrepository.com/artifact/io.kubernetes/client-java/16.0.0 Apache-2.0
-    https://mvnrepository.com/artifact/io.kubernetes/client-java-api/16.0.0 Apache-2.0
-    https://mvnrepository.com/artifact/io.kubernetes/client-java-proto/16.0.0 Apache-2.0
+    https://mvnrepository.com/artifact/io.kubernetes/client-java/18.0.0 Apache-2.0
+    https://mvnrepository.com/artifact/io.kubernetes/client-java-api/18.0.0 Apache-2.0
+    https://mvnrepository.com/artifact/io.kubernetes/client-java-proto/18.0.0 Apache-2.0
     https://mvnrepository.com/artifact/io.micrometer/micrometer-commons/1.10.2 Apache-2.0
     https://mvnrepository.com/artifact/io.micrometer/micrometer-core/1.10.2 Apache-2.0
     https://mvnrepository.com/artifact/io.micrometer/micrometer-observation/1.10.2 Apache-2.0
@@ -299,7 +299,7 @@ The text of each license is the standard Apache 2.0 license.
     https://mvnrepository.com/artifact/io.prometheus/simpleclient_common/0.6.0 Apache-2.0
     https://mvnrepository.com/artifact/io.prometheus/simpleclient_hotspot/0.6.0 Apache-2.0
     https://mvnrepository.com/artifact/io.prometheus/simpleclient_httpserver/0.15.0 Apache-2.0
-    https://mvnrepository.com/artifact/io.swagger/swagger-annotations/1.6.6 Apache-2.0
+    https://mvnrepository.com/artifact/io.swagger/swagger-annotations/1.6.9 Apache-2.0
     https://mvnrepository.com/artifact/io.vavr/vavr/0.10.3 Apache-2.0
     https://mvnrepository.com/artifact/io.vavr/vavr-match/0.10.3 Apache-2.0
     https://mvnrepository.com/artifact/io.zipkin.zipkin2/zipkin/2.24.0 Apache-2.0
@@ -308,7 +308,7 @@ The text of each license is the standard Apache 2.0 license.
     https://mvnrepository.com/artifact/joda-time/joda-time/2.10.5 Apache-2.0
     https://mvnrepository.com/artifact/net.jodah/failsafe/2.3.4 Apache-2.0
     https://mvnrepository.com/artifact/org.apache.commons/commons-collections4/4.4 Apache-2.0
-    https://mvnrepository.com/artifact/org.apache.commons/commons-compress/1.21 Apache-2.0
+    https://mvnrepository.com/artifact/org.apache.commons/commons-compress/1.22 Apache-2.0
     https://mvnrepository.com/artifact/org.apache.commons/commons-lang3/3.12.0 Apache-2.0
     https://mvnrepository.com/artifact/org.apache.commons/commons-text/1.4 Apache-2.0
     https://mvnrepository.com/artifact/org.apache.curator/curator-client/4.3.0 Apache-2.0
@@ -326,7 +326,7 @@ The text of each license is the standard Apache 2.0 license.
     https://mvnrepository.com/artifact/org.apache.yetus/audience-annotations/0.5.0 Apache-2.0
     https://mvnrepository.com/artifact/org.apache.zookeeper/zookeeper/3.5.7 Apache-2.0
     https://mvnrepository.com/artifact/org.apache.zookeeper/zookeeper-jute/3.5.7 Apache-2.0
-    https://mvnrepository.com/artifact/org.bitbucket.b_c/jose4j/0.7.12 Apache-2.0
+    https://mvnrepository.com/artifact/org.bitbucket.b_c/jose4j/0.9.3 Apache-2.0
     https://mvnrepository.com/artifact/org.codehaus.groovy/groovy/3.0.8 Apache-2.0
     https://mvnrepository.com/artifact/org.freemarker/freemarker/2.3.31 Apache-2.0
     https://mvnrepository.com/artifact/org.jetbrains.kotlin/kotlin-reflect/1.7.10 Apache-2.0
@@ -481,7 +481,7 @@ The text of each license is also included in licenses/LICENSE-[project].txt.
     https://npmjs.com/package/axios/v/0.24.0 0.24.0 MIT
     https://npmjs.com/package/batch-processor/v/1.0.0 1.0.0 MIT
     https://mvnrepository.com/artifact/com.graphql-java-kickstart/graphql-java-tools/13.0.1 MIT
-    https://mvnrepository.com/artifact/com.graphql-java/graphql-java/19.2 MIT
+    https://mvnrepository.com/artifact/com.graphql-java/graphql-java/20.2 MIT
     https://mvnrepository.com/artifact/com.graphql-java/graphql-java-extended-scalars/18.1 MIT
     https://npmjs.com/package/component-emitter/v/1.3.0 1.3.0 MIT
     https://npmjs.com/package/cssfilter/v/0.0.10 0.0.10 MIT
@@ -506,9 +506,9 @@ The text of each license is also included in licenses/LICENSE-[project].txt.
     https://npmjs.com/package/moment/v/2.29.4 2.29.4 MIT
     https://npmjs.com/package/monaco-editor/v/0.34.1 0.34.1 MIT
     https://npmjs.com/package/nanoid/v/3.3.4 3.3.4 MIT
-    https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk18on/1.71 MIT
-    https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk18on/1.71 MIT
-    https://mvnrepository.com/artifact/org.bouncycastle/bcutil-jdk18on/1.71 MIT
+    https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk18on/1.72 MIT
+    https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk18on/1.72 MIT
+    https://mvnrepository.com/artifact/org.bouncycastle/bcutil-jdk18on/1.72 MIT
     https://mvnrepository.com/artifact/org.checkerframework/checker-qual/3.12.0 MIT
     https://mvnrepository.com/artifact/org.codehaus.mojo/animal-sniffer-annotations/1.21 MIT
     https://npmjs.com/package/pinia/v/2.0.28 2.0.28 MIT
diff --git a/docs/en/changes/changes.md b/docs/en/changes/changes.md
index 50c9455436..f37917cede 100644
--- a/docs/en/changes/changes.md
+++ b/docs/en/changes/changes.md
@@ -28,6 +28,8 @@
 * PromQL: Remove empty values from the query result, fix `/api/v1/metadata` param `limit` could cause out of bound.
 * Support monitoring the total number metrics of k8s StatefulSet and DaemonSet.
 * Support Amazon API Gateway monitoring.
+* Bump up graphql-java to fix cve.
+* Bump up Kubernetes Java client.
 
 #### UI
 * Revert: cpm5d function. This feature is cancelled from backend.
diff --git a/oap-server-bom/pom.xml b/oap-server-bom/pom.xml
index f038479d31..370246fc8e 100644
--- a/oap-server-bom/pom.xml
+++ b/oap-server-bom/pom.xml
@@ -32,7 +32,7 @@
         <log4j.version>2.17.1</log4j.version>
         <google.error_prone_annotations>2.11.0</google.error_prone_annotations>
         <graphql-java-tools.version>13.0.1</graphql-java-tools.version>
-        <graphql-java.version>19.2</graphql-java.version>
+        <graphql-java.version>20.2</graphql-java.version>
         <graphql-java-extended-scalars.version>18.1</graphql-java-extended-scalars.version>
         <okhttp.version>3.14.9</okhttp.version>
         <httpclient.version>4.5.13</httpclient.version>
@@ -47,7 +47,7 @@
         <commons-lang3.version>3.12.0</commons-lang3.version>
         <commons-io.version>2.7</commons-io.version>
         <commons-text.version>1.4</commons-text.version>
-        <kubernetes.version>16.0.0</kubernetes.version>
+        <kubernetes.version>18.0.0</kubernetes.version>
         <hikaricp.version>3.1.0</hikaricp.version>
         <zipkin.version>2.24.0</zipkin.version>
         <jackson.version>2.14.1</jackson.version>