You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tika.apache.org by ti...@apache.org on 2022/12/08 12:51:43 UTC

[tika] branch main updated: TIKA-3917: update sonatype grpc-core dependency/exclusion and add comment

This is an automated email from the ASF dual-hosted git repository.

tilman pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tika.git


The following commit(s) were added to refs/heads/main by this push:
     new 58273d860 TIKA-3917: update sonatype grpc-core dependency/exclusion and add comment
58273d860 is described below

commit 58273d8609fce08ce7f1bdf6d6bcc6d349c68706
Author: Tilman Hausherr <ti...@apache.org>
AuthorDate: Thu Dec 8 13:51:30 2022 +0100

    TIKA-3917: update sonatype grpc-core dependency/exclusion and add comment
---
 tika-parent/pom.xml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tika-parent/pom.xml b/tika-parent/pom.xml
index a11b939d4..0b2007975 100644
--- a/tika-parent/pom.xml
+++ b/tika-parent/pom.xml
@@ -977,10 +977,13 @@
               <artifactId>guava</artifactId>
               <version>31.1-jre</version>
             </exclude>
+            <!-- sonatype https://ossindex.sonatype.org/vulnerability/sonatype-2021-0818 
+            false positive? related bug https://github.com/grpc/grpc-java/issues/8311
+            has been fixed -->
             <dependency>
               <groupId>io.grpc</groupId>
               <artifactId>grpc-core</artifactId>
-              <version>1.50.2</version>
+              <version>1.51.0</version>
             </dependency>
             <exclude>
               <!-- CVE-2018-18928 does affect the java library not just the c/c++ library,