mirror of https://github.com/apache/druid.git
update few minor dependencies to resolve CVEs (#15464)
Update multiple dependencies to clear CVEs Update dropwizard-metrics to 4.2.22 to address GHSA-mm8h-8587-p46h in com.rabbitmq:amqp-client Update ant to 1.10.14 to resolve GHSA-f62v-xpxf-3v68 GHSA-4p6w-m9wc-c9c9 GHSA-q5r4-cfpx-h6fh GHSA-5v34-g2px-j4fw Update comomons-compress to resolve GHSA-cgwf-w82q-5jrr Update jose4j to 0.9.3 to resolve GHSA-7g24-qg88-p43q GHSA-jgvc-jfgh-rjvv Update kotlin-stdlib to 1.6.0 to resolve GHSA-cqj8-47ch-rvvq and CVE-2022-24329
This commit is contained in:
parent
a1aa4340d0
commit
ddeb55fac1
|
@ -655,7 +655,7 @@ name: Apache Commons Compress
|
||||||
license_category: binary
|
license_category: binary
|
||||||
module: java-core
|
module: java-core
|
||||||
license_name: Apache License version 2.0
|
license_name: Apache License version 2.0
|
||||||
version: 1.23.0
|
version: 1.24.0
|
||||||
libraries:
|
libraries:
|
||||||
- org.apache.commons: commons-compress
|
- org.apache.commons: commons-compress
|
||||||
notices:
|
notices:
|
||||||
|
@ -791,7 +791,7 @@ name: DropWizard Metrics Core
|
||||||
license_category: binary
|
license_category: binary
|
||||||
module: java-core
|
module: java-core
|
||||||
license_name: Apache License version 2.0
|
license_name: Apache License version 2.0
|
||||||
version: 4.2.19
|
version: 4.2.22
|
||||||
libraries:
|
libraries:
|
||||||
- io.dropwizard.metrics: metrics-core
|
- io.dropwizard.metrics: metrics-core
|
||||||
|
|
||||||
|
@ -1001,7 +1001,7 @@ name: org.bitbucket.b_c jose4j
|
||||||
license_category: binary
|
license_category: binary
|
||||||
module: extensions/druid-kubernetes-extensions
|
module: extensions/druid-kubernetes-extensions
|
||||||
license_name: Apache License version 2.0
|
license_name: Apache License version 2.0
|
||||||
version: 0.7.3
|
version: 0.9.3
|
||||||
libraries:
|
libraries:
|
||||||
- org.bitbucket.b_c: jose4j
|
- org.bitbucket.b_c: jose4j
|
||||||
|
|
||||||
|
|
27
pom.xml
27
pom.xml
|
@ -91,7 +91,7 @@
|
||||||
<datasketches.version>4.2.0</datasketches.version>
|
<datasketches.version>4.2.0</datasketches.version>
|
||||||
<datasketches.memory.version>2.2.0</datasketches.memory.version>
|
<datasketches.memory.version>2.2.0</datasketches.memory.version>
|
||||||
<derby.version>10.14.2.0</derby.version>
|
<derby.version>10.14.2.0</derby.version>
|
||||||
<dropwizard.metrics.version>4.2.19</dropwizard.metrics.version>
|
<dropwizard.metrics.version>4.2.22</dropwizard.metrics.version>
|
||||||
<errorprone.version>2.20.0</errorprone.version>
|
<errorprone.version>2.20.0</errorprone.version>
|
||||||
<fastutil.version>8.5.4</fastutil.version>
|
<fastutil.version>8.5.4</fastutil.version>
|
||||||
<guava.version>31.1-jre</guava.version>
|
<guava.version>31.1-jre</guava.version>
|
||||||
|
@ -389,6 +389,29 @@
|
||||||
<artifactId>bcutil-jdk15on</artifactId>
|
<artifactId>bcutil-jdk15on</artifactId>
|
||||||
<version>1.70</version>
|
<version>1.70</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<!-- transitive dependency of testng
|
||||||
|
this would be resolved by updating
|
||||||
|
testng to 7.8.0 -->
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.apache.ant</groupId>
|
||||||
|
<artifactId>ant</artifactId>
|
||||||
|
<version>1.10.14</version>
|
||||||
|
</dependency>
|
||||||
|
<!-- transitive dependency of kafka-clients and kubernetes client
|
||||||
|
this should get resolved with the update of above depdendencies -->
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.bitbucket.b_c</groupId>
|
||||||
|
<artifactId>jose4j</artifactId>
|
||||||
|
<version>0.9.3</version>
|
||||||
|
</dependency>
|
||||||
|
<!-- transitive dependency of kafka-clientorg.apache.calcite:calcite-testkit
|
||||||
|
and kafka-protobuf-provider
|
||||||
|
this should get resolved with the update of above depdendencies -->
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jetbrains.kotlin</groupId>
|
||||||
|
<artifactId>kotlin-stdlib</artifactId>
|
||||||
|
<version>1.6.10</version>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.apache.zookeeper</groupId>
|
<groupId>org.apache.zookeeper</groupId>
|
||||||
<artifactId>zookeeper</artifactId>
|
<artifactId>zookeeper</artifactId>
|
||||||
|
@ -551,7 +574,7 @@
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.apache.commons</groupId>
|
<groupId>org.apache.commons</groupId>
|
||||||
<artifactId>commons-compress</artifactId>
|
<artifactId>commons-compress</artifactId>
|
||||||
<version>1.23.0</version>
|
<version>1.24.0</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.tukaani</groupId>
|
<groupId>org.tukaani</groupId>
|
||||||
|
|
Loading…
Reference in New Issue