update few minor dependencies to resolve CVEs (#15464)

Update multiple dependencies to clear CVEs
Update dropwizard-metrics to 4.2.22 to address GHSA-mm8h-8587-p46h in com.rabbitmq:amqp-client
Update ant to 1.10.14 to resolve GHSA-f62v-xpxf-3v68 GHSA-4p6w-m9wc-c9c9 GHSA-q5r4-cfpx-h6fh GHSA-5v34-g2px-j4fw
Update comomons-compress to resolve GHSA-cgwf-w82q-5jrr
Update jose4j to 0.9.3 to resolve GHSA-7g24-qg88-p43q GHSA-jgvc-jfgh-rjvv
Update kotlin-stdlib to 1.6.0 to resolve GHSA-cqj8-47ch-rvvq and CVE-2022-24329
This commit is contained in:
Jan Werner 2023-12-03 22:19:51 -05:00 committed by GitHub
parent a1aa4340d0
commit ddeb55fac1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 28 additions and 5 deletions

View File

@ -655,7 +655,7 @@ name: Apache Commons Compress
license_category: binary license_category: binary
module: java-core module: java-core
license_name: Apache License version 2.0 license_name: Apache License version 2.0
version: 1.23.0 version: 1.24.0
libraries: libraries:
- org.apache.commons: commons-compress - org.apache.commons: commons-compress
notices: notices:
@ -791,7 +791,7 @@ name: DropWizard Metrics Core
license_category: binary license_category: binary
module: java-core module: java-core
license_name: Apache License version 2.0 license_name: Apache License version 2.0
version: 4.2.19 version: 4.2.22
libraries: libraries:
- io.dropwizard.metrics: metrics-core - io.dropwizard.metrics: metrics-core
@ -1001,7 +1001,7 @@ name: org.bitbucket.b_c jose4j
license_category: binary license_category: binary
module: extensions/druid-kubernetes-extensions module: extensions/druid-kubernetes-extensions
license_name: Apache License version 2.0 license_name: Apache License version 2.0
version: 0.7.3 version: 0.9.3
libraries: libraries:
- org.bitbucket.b_c: jose4j - org.bitbucket.b_c: jose4j

27
pom.xml
View File

@ -91,7 +91,7 @@
<datasketches.version>4.2.0</datasketches.version> <datasketches.version>4.2.0</datasketches.version>
<datasketches.memory.version>2.2.0</datasketches.memory.version> <datasketches.memory.version>2.2.0</datasketches.memory.version>
<derby.version>10.14.2.0</derby.version> <derby.version>10.14.2.0</derby.version>
<dropwizard.metrics.version>4.2.19</dropwizard.metrics.version> <dropwizard.metrics.version>4.2.22</dropwizard.metrics.version>
<errorprone.version>2.20.0</errorprone.version> <errorprone.version>2.20.0</errorprone.version>
<fastutil.version>8.5.4</fastutil.version> <fastutil.version>8.5.4</fastutil.version>
<guava.version>31.1-jre</guava.version> <guava.version>31.1-jre</guava.version>
@ -389,6 +389,29 @@
<artifactId>bcutil-jdk15on</artifactId> <artifactId>bcutil-jdk15on</artifactId>
<version>1.70</version> <version>1.70</version>
</dependency> </dependency>
<!-- transitive dependency of testng
this would be resolved by updating
testng to 7.8.0 -->
<dependency>
<groupId>org.apache.ant</groupId>
<artifactId>ant</artifactId>
<version>1.10.14</version>
</dependency>
<!-- transitive dependency of kafka-clients and kubernetes client
this should get resolved with the update of above depdendencies -->
<dependency>
<groupId>org.bitbucket.b_c</groupId>
<artifactId>jose4j</artifactId>
<version>0.9.3</version>
</dependency>
<!-- transitive dependency of kafka-clientorg.apache.calcite:calcite-testkit
and kafka-protobuf-provider
this should get resolved with the update of above depdendencies -->
<dependency>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-stdlib</artifactId>
<version>1.6.10</version>
</dependency>
<dependency> <dependency>
<groupId>org.apache.zookeeper</groupId> <groupId>org.apache.zookeeper</groupId>
<artifactId>zookeeper</artifactId> <artifactId>zookeeper</artifactId>
@ -551,7 +574,7 @@
<dependency> <dependency>
<groupId>org.apache.commons</groupId> <groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId> <artifactId>commons-compress</artifactId>
<version>1.23.0</version> <version>1.24.0</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.tukaani</groupId> <groupId>org.tukaani</groupId>