You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by ni...@apache.org on 2022/09/06 12:12:16 UTC
[pulsar] branch branch-2.10 updated: Bump dependency check and spring version to avoid potential FP (#15408)
This is an automated email from the ASF dual-hosted git repository.
nicoloboschi pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-2.10 by this push:
new 8409652f82b Bump dependency check and spring version to avoid potential FP (#15408)
8409652f82b is described below
commit 8409652f82b291891fe2670cfef3b869ad264a5a
Author: ZhangJian He <sh...@gmail.com>
AuthorDate: Mon May 2 10:37:41 2022 +0800
Bump dependency check and spring version to avoid potential FP (#15408)
### Motivation
Bump dependency check version to avoid potential FP
Bump spring version to solve [CVE-2022-22968](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22968)
### Modifications
- Bump dependency check version from 6.1.6 to 7.1.0
- Bump spring version from 5.3.18 to 5.3.19
(cherry picked from commit 7dd6fb2ba62a1ba41f53d5d310cc966d36dbd974)
---
pom.xml | 4 ++--
pulsar-io/canal/pom.xml | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/pom.xml b/pom.xml
index 410963b8d36..fdb7a7c5433 100644
--- a/pom.xml
+++ b/pom.xml
@@ -205,7 +205,7 @@ flexible messaging model and an intuitive client API.</description>
<kotlin-stdlib.version>1.4.32</kotlin-stdlib.version>
<nsq-client.version>1.0</nsq-client.version>
<cron-utils.version>9.1.6</cron-utils.version>
- <spring-context.version>5.3.18</spring-context.version>
+ <spring-context.version>5.3.19</spring-context.version>
<apache-http-client.version>4.5.13</apache-http-client.version>
<jetcd.version>0.5.11</jetcd.version>
<snakeyaml.version>1.31</snakeyaml.version>
@@ -261,7 +261,7 @@ flexible messaging model and an intuitive client API.</description>
<errorprone-slf4j.version>0.1.4</errorprone-slf4j.version>
<j2objc-annotations.version>1.3</j2objc-annotations.version>
<lightproto-maven-plugin.version>0.4</lightproto-maven-plugin.version>
- <dependency-check-maven.version>6.1.6</dependency-check-maven.version>
+ <dependency-check-maven.version>7.1.0</dependency-check-maven.version>
<!-- Used to configure rename.netty.native. Libs -->
<rename.netty.native.libs>rename-netty-native-libs.sh</rename.netty.native.libs>
diff --git a/pulsar-io/canal/pom.xml b/pulsar-io/canal/pom.xml
index d9856f209ca..d330b23562d 100644
--- a/pulsar-io/canal/pom.xml
+++ b/pulsar-io/canal/pom.xml
@@ -33,7 +33,7 @@
<name>Pulsar IO :: Canal</name>
<properties>
- <spring.version>5.3.18</spring.version>
+ <spring.version>5.3.19</spring.version>
<canal.version>1.1.5</canal.version>
</properties>