Address CVE-2021-35515 CVE-2021-36090 (#11496)

* Address CVE-2021-35515 CVE-2021-36090 Bump commons-compress to deal with new CVEs * fix licenses
2021-07-26 14:54:32 -07:00 · 2021-07-26 14:54:32 -07:00 · 3f456fe305
parent 973e5bf7d0
commit 3f456fe305
2 changed files with 2 additions and 16 deletions
--- a/licenses.yaml
+++ b/licenses.yaml
@ -621,7 +621,7 @@ name: Apache Commons Compress
 license_category: binary
 module: java-core
 license_name: Apache License version 2.0
-version: 1.18
+version: 1.21
 libraries:
  - org.apache.commons: commons-compress
 notices:
@ -3002,20 +3002,6 @@ notices:

 ---

-name: Apache Commons Compress
-license_category: binary
-module: hadoop-client
-license_name: Apache License version 2.0
-version: 1.19
-libraries:
-  - org.apache.commons: commons-compress
-notices:
-  - commons-compress: |
-      Apache Commons Compress
-      Copyright 2002-2012 The Apache Software Foundation
-
---
-
 name: Apache Commons Math
 license_category: binary
 module: hadoop-client
--- a/pom.xml
+++ b/pom.xml
@ -436,7 +436,7 @@
            <dependency>
                <groupId>org.apache.commons</groupId>
                <artifactId>commons-compress</artifactId>
-                <version>1.19</version>
+                <version>1.21</version>
            </dependency>
            <dependency>
                <groupId>org.tukaani</groupId>