You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@royale.apache.org by jo...@apache.org on 2022/10/18 20:52:53 UTC
[royale-compiler] 01/02: Dependencies: upgrade commons-io to v2.11.0 to avoid CVE in old version (closes #218)
This is an automated email from the ASF dual-hosted git repository.
joshtynjala pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/royale-compiler.git
commit 34a2090083fdbc5d7a646786c2b5f99c53369d3a
Author: Josh Tynjala <jo...@apache.org>
AuthorDate: Tue Oct 18 13:40:06 2022 -0700
Dependencies: upgrade commons-io to v2.11.0 to avoid CVE in old version (closes #218)
---
compiler-build-tools/pom.xml | 2 +-
compiler-common/pom.xml | 2 +-
compiler-jx/src/main/resources/downloads.xml | 15 +++++++++------
compiler-playerglobalc/pom.xml | 2 +-
compiler-test-utils/pom.xml | 2 +-
compiler/pom.xml | 2 +-
compiler/src/main/resources/downloads.xml | 15 +++++++++------
royale-maven-plugin/pom.xml | 2 +-
8 files changed, 24 insertions(+), 18 deletions(-)
diff --git a/compiler-build-tools/pom.xml b/compiler-build-tools/pom.xml
index a2fe1d614..9485bee26 100644
--- a/compiler-build-tools/pom.xml
+++ b/compiler-build-tools/pom.xml
@@ -177,7 +177,7 @@
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
- <version>2.6</version>
+ <version>2.11.0</version>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
diff --git a/compiler-common/pom.xml b/compiler-common/pom.xml
index d5a31654b..708f2f378 100644
--- a/compiler-common/pom.xml
+++ b/compiler-common/pom.xml
@@ -58,7 +58,7 @@
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
- <version>2.6</version>
+ <version>2.11.0</version>
</dependency>
<dependency>
<groupId>commons-cli</groupId>
diff --git a/compiler-jx/src/main/resources/downloads.xml b/compiler-jx/src/main/resources/downloads.xml
index 1a4a38240..48a7a2eb8 100644
--- a/compiler-jx/src/main/resources/downloads.xml
+++ b/compiler-jx/src/main/resources/downloads.xml
@@ -26,7 +26,7 @@
For Apache, the JARS must be removed from the repository.
Licenses:
- commons-io (2.4) - Apache 2.0
+ commons-io (2.11.0) - Apache 2.0
closure (9.2) - Apache 2.0
-->
@@ -103,13 +103,13 @@
<!-- commons-io -->
<property name="commons-io.name" value="commons-io"/>
- <property name="commons-io.version" value="2.4"/>
+ <property name="commons-io.version" value="2.11.0"/>
<antcall target="download-dependency">
<param name="name" value="${commons-io.name}"/>
<param name="src.server" value="${maven.search.url}"/>
<param name="src.folder" value="commons-io/commons-io/${commons-io.version}"/>
<param name="src.filename" value="${commons-io.name}-${commons-io.version}.jar"/>
- <param name="src.checksum" value="7f97854dc04c119d461fed14f5d8bb96"/>
+ <param name="src.checksum" value="3b4b7ccfaeceeac240b804839ee1a1ca"/>
<param name="dest.folder" value=""/>
<param name="dest.filename" value="${commons-io.name}.jar"/>
</antcall>
@@ -375,10 +375,13 @@
</target>
<target name="check-sum" if="md5" description="Verifies MD5 checksum, and fails if checksum doesn't match">
- <checksum file="${destDir}/${destFile}" algorithm="MD5" verifyproperty="we.failed" property="${md5}"/>
- <fail message="${message}">
+ <local name="checksum.result"/>
+ <checksum file="${destDir}/${destFile}" algorithm="MD5" property="checksum.result"/>
+ <fail message="${message} Expected: ${md5} Received: ${checksum.result}">
<condition>
- <equals arg1="${we.failed}" arg2="false"/>
+ <not>
+ <equals arg1="${md5}" arg2="${checksum.result}"/>
+ </not>
</condition>
</fail>
</target>
diff --git a/compiler-playerglobalc/pom.xml b/compiler-playerglobalc/pom.xml
index 37ca6c080..d44864787 100644
--- a/compiler-playerglobalc/pom.xml
+++ b/compiler-playerglobalc/pom.xml
@@ -68,7 +68,7 @@
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
- <version>2.4</version>
+ <version>2.11.0</version>
</dependency>
<dependency>
<groupId>dom4j</groupId>
diff --git a/compiler-test-utils/pom.xml b/compiler-test-utils/pom.xml
index 511869ba2..6091588e1 100644
--- a/compiler-test-utils/pom.xml
+++ b/compiler-test-utils/pom.xml
@@ -42,7 +42,7 @@
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
- <version>2.4</version>
+ <version>2.11.0</version>
</dependency>
<dependency>
<groupId>junit</groupId>
diff --git a/compiler/pom.xml b/compiler/pom.xml
index 4391365c3..5be048f62 100644
--- a/compiler/pom.xml
+++ b/compiler/pom.xml
@@ -591,7 +591,7 @@
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
- <version>2.4</version>
+ <version>2.11.0</version>
</dependency>
<dependency>
<groupId>commons-cli</groupId>
diff --git a/compiler/src/main/resources/downloads.xml b/compiler/src/main/resources/downloads.xml
index b3195a2c2..ebb8f60d2 100644
--- a/compiler/src/main/resources/downloads.xml
+++ b/compiler/src/main/resources/downloads.xml
@@ -28,7 +28,7 @@
Licenses:
antlr (3) - BSD
commons-cli (1.2) - Apache 2.0
- commons-io (2.0.1) - Apache 2.0
+ commons-io (2.11.0) - Apache 2.0
guava (25.1) - Apache 2.0
JBurg (1.10.2) - CPL 1.0
lzma-sdk (9.2) - Public Domain
@@ -105,13 +105,13 @@
<!-- commons-io -->
<property name="commons-io.name" value="commons-io"/>
- <property name="commons-io.version" value="2.4"/>
+ <property name="commons-io.version" value="2.11.0"/>
<antcall target="download-dependency">
<param name="name" value="${commons-io.name}"/>
<param name="src.server" value="${maven.search.url}"/>
<param name="src.folder" value="commons-io/commons-io/${commons-io.version}"/>
<param name="src.filename" value="${commons-io.name}-${commons-io.version}.jar"/>
- <param name="src.checksum" value="7f97854dc04c119d461fed14f5d8bb96"/>
+ <param name="src.checksum" value="3b4b7ccfaeceeac240b804839ee1a1ca"/>
<param name="dest.folder" value=""/>
<param name="dest.filename" value="${commons-io.name}.jar"/>
</antcall>
@@ -468,10 +468,13 @@
</target>
<target name="check-sum" if="md5" description="Verifies MD5 checksum, and fails if checksum doesn't match">
- <checksum file="${destDir}/${destFile}" algorithm="MD5" verifyproperty="we.failed" property="${md5}"/>
- <fail message="${message}">
+ <local name="checksum.result"/>
+ <checksum file="${destDir}/${destFile}" algorithm="MD5" property="checksum.result"/>
+ <fail message="${message} Expected: ${md5} Received: ${checksum.result}">
<condition>
- <equals arg1="${we.failed}" arg2="false"/>
+ <not>
+ <equals arg1="${md5}" arg2="${checksum.result}"/>
+ </not>
</condition>
</fail>
</target>
diff --git a/royale-maven-plugin/pom.xml b/royale-maven-plugin/pom.xml
index cc2ba519a..570d24bbf 100644
--- a/royale-maven-plugin/pom.xml
+++ b/royale-maven-plugin/pom.xml
@@ -78,7 +78,7 @@
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
- <version>2.4</version>
+ <version>2.11.0</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>