You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tika.apache.org by ti...@apache.org on 2022/12/08 12:51:43 UTC
[tika] branch main updated: TIKA-3917: update sonatype grpc-core dependency/exclusion and add comment
This is an automated email from the ASF dual-hosted git repository.
tilman pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tika.git
The following commit(s) were added to refs/heads/main by this push:
new 58273d860 TIKA-3917: update sonatype grpc-core dependency/exclusion and add comment
58273d860 is described below
commit 58273d8609fce08ce7f1bdf6d6bcc6d349c68706
Author: Tilman Hausherr <ti...@apache.org>
AuthorDate: Thu Dec 8 13:51:30 2022 +0100
TIKA-3917: update sonatype grpc-core dependency/exclusion and add comment
---
tika-parent/pom.xml | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tika-parent/pom.xml b/tika-parent/pom.xml
index a11b939d4..0b2007975 100644
--- a/tika-parent/pom.xml
+++ b/tika-parent/pom.xml
@@ -977,10 +977,13 @@
<artifactId>guava</artifactId>
<version>31.1-jre</version>
</exclude>
+ <!-- sonatype https://ossindex.sonatype.org/vulnerability/sonatype-2021-0818
+ false positive? related bug https://github.com/grpc/grpc-java/issues/8311
+ has been fixed -->
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-core</artifactId>
- <version>1.50.2</version>
+ <version>1.51.0</version>
</dependency>
<exclude>
<!-- CVE-2018-18928 does affect the java library not just the c/c++ library,