mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-03-28 02:48:38 +00:00
[CVE] Upgrade dependencies to mitigate CVEs (#657)
This PR upgrade the following dependencies to fix CVEs. - commons-codec:1.12 (->1.13) apache/commons-codec@48b6157 - ant:1.10.8 (->1.10.9) https://ant.apache.org/security.html - jackson-databind:2.10.4 (->2.11.0) FasterXML/jackson-databind#2589 - jackson-dataformat-cbor:2.10.4 (->2.11.0) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28491 - apache-httpclient:4.5.10 (->4.5.13) https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-13956 - checkstyle:8.20 (->8.29) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10782 - junit:4.12 (->4.13.1) https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - netty:4.1.49.Final (->4.1.59) https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2 Signed-off-by: Rabi Panda <adnapibar@gmail.com>
This commit is contained in:
Rabi Panda
GitHub
parent
6732239f1c
commit
50abf6d066
buildSrc
build.gradleversion.properties
src
integTest/groovy/org/opensearch/gradle
main/resources
testKit/testingConventions
client
rest/licenses
commons-codec-1.11.jar.sha1commons-codec-1.13.jar.sha1httpclient-4.5.10.jar.sha1httpclient-4.5.13.jar.sha1
sniffer/licenses
libs/x-content/licenses
jackson-core-2.10.4.jar.sha1jackson-core-2.11.4.jar.sha1jackson-dataformat-cbor-2.10.4.jar.sha1jackson-dataformat-cbor-2.11.4.jar.sha1jackson-dataformat-smile-2.10.4.jar.sha1jackson-dataformat-smile-2.11.4.jar.sha1jackson-dataformat-yaml-2.10.4.jar.sha1jackson-dataformat-yaml-2.11.4.jar.sha1
modules
ingest-geoip/licenses
jackson-annotations-2.10.4.jar.sha1jackson-annotations-2.11.4.jar.sha1jackson-databind-2.10.4.jar.sha1jackson-databind-2.11.4.jar.sha1
transport-netty4/licenses
netty-buffer-4.1.49.Final.jar.sha1netty-buffer-4.1.59.Final.jar.sha1netty-codec-4.1.49.Final.jar.sha1netty-codec-4.1.59.Final.jar.sha1netty-codec-http-4.1.49.Final.jar.sha1netty-codec-http-4.1.59.Final.jar.sha1netty-common-4.1.49.Final.jar.sha1netty-common-4.1.59.Final.jar.sha1netty-handler-4.1.49.Final.jar.sha1netty-handler-4.1.59.Final.jar.sha1netty-resolver-4.1.49.Final.jar.sha1netty-resolver-4.1.59.Final.jar.sha1netty-transport-4.1.49.Final.jar.sha1netty-transport-4.1.59.Final.jar.sha1
plugins
analysis-phonetic/licenses
discovery-azure-classic/licenses
commons-codec-1.11.jar.sha1commons-codec-1.13.jar.sha1httpclient-4.5.10.jar.sha1httpclient-4.5.13.jar.sha1
discovery-ec2/licenses
commons-codec-1.11.jar.sha1commons-codec-1.13.jar.sha1httpclient-4.5.10.jar.sha1httpclient-4.5.13.jar.sha1jackson-annotations-2.10.4.jar.sha1jackson-annotations-2.11.4.jar.sha1jackson-databind-2.10.4.jar.sha1jackson-databind-2.11.4.jar.sha1
discovery-gce/licenses
commons-codec-1.11.jar.sha1commons-codec-1.13.jar.sha1httpclient-4.5.10.jar.sha1httpclient-4.5.13.jar.sha1
ingest-attachment/licenses
repository-gcs/licenses
repository-hdfs/licenses
repository-s3/licenses
commons-codec-1.11.jar.sha1commons-codec-1.13.jar.sha1httpclient-4.5.10.jar.sha1httpclient-4.5.13.jar.sha1jackson-annotations-2.10.4.jar.sha1jackson-annotations-2.11.4.jar.sha1jackson-databind-2.10.4.jar.sha1jackson-databind-2.11.4.jar.sha1
transport-nio/licenses
netty-buffer-4.1.49.Final.jar.sha1netty-buffer-4.1.59.Final.jar.sha1netty-codec-4.1.49.Final.jar.sha1netty-codec-4.1.59.Final.jar.sha1netty-codec-http-4.1.49.Final.jar.sha1netty-codec-http-4.1.59.Final.jar.sha1netty-common-4.1.49.Final.jar.sha1netty-common-4.1.59.Final.jar.sha1netty-handler-4.1.49.Final.jar.sha1netty-handler-4.1.59.Final.jar.sha1netty-resolver-4.1.49.Final.jar.sha1netty-resolver-4.1.59.Final.jar.sha1netty-transport-4.1.49.Final.jar.sha1netty-transport-4.1.59.Final.jar.sha1
@ -101,9 +101,9 @@ dependencies {
|
||||
|
||||
api localGroovy()
|
||||
|
||||
api 'commons-codec:commons-codec:1.12'
|
||||
api 'commons-codec:commons-codec:1.13'
|
||||
api 'org.apache.commons:commons-compress:1.19'
|
||||
api 'org.apache.ant:ant:1.10.8'
|
||||
api 'org.apache.ant:ant:1.10.9'
|
||||
api 'com.netflix.nebula:gradle-extra-configurations-plugin:3.0.3'
|
||||
api 'com.netflix.nebula:nebula-publishing-plugin:4.4.4'
|
||||
api 'com.netflix.nebula:gradle-info-plugin:7.1.3'
|
||||
|
||||
@ -57,7 +57,7 @@ class OpenSearchTestBasePluginFuncTest extends AbstractGradleFuncTest {
|
||||
}
|
||||
|
||||
dependencies {
|
||||
testImplementation 'junit:junit:4.12'
|
||||
testImplementation 'junit:junit:4.13.1'
|
||||
}
|
||||
|
||||
tasks.named('test').configure {
|
||||
|
||||
@ -29,15 +29,15 @@
|
||||
<property name="max" value="76"/>
|
||||
</module>
|
||||
|
||||
<module name="TreeWalker">
|
||||
<!-- Its our official line length! See checkstyle_suppressions.xml for the files that don't pass this. For now we
|
||||
suppress the check there but enforce it everywhere else. This prevents the list from getting longer even if it is
|
||||
unfair. -->
|
||||
<module name="LineLength">
|
||||
<!-- Its our official line length! See checkstyle_suppressions.xml for the files that don't pass this. For now we
|
||||
suppress the check there but enforce it everywhere else. This prevents the list from getting longer even if it is
|
||||
unfair. -->
|
||||
<module name="LineLength">
|
||||
<property name="max" value="140"/>
|
||||
<property name="ignorePattern" value="^ *\* *https?://[^ ]+$"/>
|
||||
</module>
|
||||
</module>
|
||||
|
||||
<module name="TreeWalker">
|
||||
<module name="AvoidStarImport" />
|
||||
|
||||
<!-- Unused imports are forbidden -->
|
||||
|
||||
@ -21,7 +21,7 @@ allprojects {
|
||||
jcenter()
|
||||
}
|
||||
dependencies {
|
||||
testImplementation "junit:junit:4.12"
|
||||
testImplementation "junit:junit:4.13.1"
|
||||
}
|
||||
|
||||
ext.licenseFile = file("$buildDir/dummy/license")
|
||||
|
||||
@ -4,12 +4,12 @@ lucene = 8.8.2
|
||||
bundled_jdk_vendor = adoptopenjdk
|
||||
bundled_jdk = 15.0.1+9
|
||||
|
||||
checkstyle = 8.20
|
||||
checkstyle = 8.29
|
||||
|
||||
# optional dependencies
|
||||
spatial4j = 0.7
|
||||
jts = 1.15.0
|
||||
jackson = 2.10.4
|
||||
jackson = 2.11.4
|
||||
snakeyaml = 1.26
|
||||
icu4j = 62.1
|
||||
supercsv = 2.4.0
|
||||
@ -20,7 +20,7 @@ slf4j = 1.6.2
|
||||
# when updating the JNA version, also update the version in buildSrc/build.gradle
|
||||
jna = 5.5.0
|
||||
|
||||
netty = 4.1.49.Final
|
||||
netty = 4.1.59.Final
|
||||
joda = 2.10.4
|
||||
|
||||
# when updating this version, you need to ensure compatibility with:
|
||||
@ -31,11 +31,11 @@ bouncycastle=1.64
|
||||
# test dependencies
|
||||
randomizedrunner = 2.7.1
|
||||
junit = 4.12
|
||||
httpclient = 4.5.10
|
||||
httpclient = 4.5.13
|
||||
httpcore = 4.4.12
|
||||
httpasyncclient = 4.1.4
|
||||
commonslogging = 1.1.3
|
||||
commonscodec = 1.11
|
||||
commonscodec = 1.13
|
||||
hamcrest = 2.1
|
||||
securemock = 1.2
|
||||
mocksocket = 1.2
|
||||
|
||||
@ -1 +0,0 @@
|
||||
3acb4705652e16236558f0f4f2192cc33c3bd189
|
||||
1
client/rest/licenses/commons-codec-1.13.jar.sha1
Normal file
1
client/rest/licenses/commons-codec-1.13.jar.sha1
Normal file
@ -0,0 +1 @@
|
||||
3f18e1aa31031d89db6f01ba05d501258ce69d2c
|
||||
@ -1 +0,0 @@
|
||||
7ca2e4276f4ef95e4db725a8cd4a1d1e7585b9e5
|
||||
1
client/rest/licenses/httpclient-4.5.13.jar.sha1
Normal file
1
client/rest/licenses/httpclient-4.5.13.jar.sha1
Normal file
@ -0,0 +1 @@
|
||||
e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cada
|
||||
@ -1 +0,0 @@
|
||||
3acb4705652e16236558f0f4f2192cc33c3bd189
|
||||
1
client/sniffer/licenses/commons-codec-1.13.jar.sha1
Normal file
1
client/sniffer/licenses/commons-codec-1.13.jar.sha1
Normal file
@ -0,0 +1 @@
|
||||
3f18e1aa31031d89db6f01ba05d501258ce69d2c
|
||||
@ -1 +0,0 @@
|
||||
7ca2e4276f4ef95e4db725a8cd4a1d1e7585b9e5
|
||||
1
client/sniffer/licenses/httpclient-4.5.13.jar.sha1
Normal file
1
client/sniffer/licenses/httpclient-4.5.13.jar.sha1
Normal file
@ -0,0 +1 @@
|
||||
e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cada
|
||||
@ -1 +0,0 @@
|
||||
8796585e716440d6dd5128b30359932a9eb74d0d
|
||||
1
client/sniffer/licenses/jackson-core-2.11.4.jar.sha1
Normal file
1
client/sniffer/licenses/jackson-core-2.11.4.jar.sha1
Normal file
@ -0,0 +1 @@
|
||||
593f7b18bab07a76767f181e2a2336135ce82cc4
|
||||
@ -1 +0,0 @@
|
||||
8796585e716440d6dd5128b30359932a9eb74d0d
|
||||
1
libs/x-content/licenses/jackson-core-2.11.4.jar.sha1
Normal file
1
libs/x-content/licenses/jackson-core-2.11.4.jar.sha1
Normal file
@ -0,0 +1 @@
|
||||
593f7b18bab07a76767f181e2a2336135ce82cc4
|
||||
@ -1 +0,0 @@
|
||||
c854bb2d46138198cb5d4aae86ef6c04b8bc1e70
|
||||
@ -0,0 +1 @@
|
||||
67fa6a00bdc31029bf841ee97d993ef2bb530aa0
|
||||
@ -1 +0,0 @@
|
||||
c872c2e224cfdcc5481037d477f5890f05c001b4
|
||||
@ -0,0 +1 @@
|
||||
10c1faac0b0bd8545eff02599b48a149202de066
|
||||
@ -1 +0,0 @@
|
||||
8a7f3c6b640bd89214807af6d8160b4b3b16af93
|
||||
@ -0,0 +1 @@
|
||||
ba01014ab0228449be401975b1a7af2f3cdaf1d7
|
||||
@ -1 +0,0 @@
|
||||
6ae6028aff033f194c9710ad87c224ccaadeed6c
|
||||
@ -0,0 +1 @@
|
||||
2c3f5c079330f3a01726686a078979420f547ae4
|
||||
@ -1 +0,0 @@
|
||||
76e9152e93d4cf052f93a64596f633ba5b1c8ed9
|
||||
@ -0,0 +1 @@
|
||||
5d9f3d441f99d721b957e3497f0a6465c764fad4
|
||||
@ -1 +0,0 @@
|
||||
8e819a81bca88d1e88137336f64531a53db0a4ad
|
||||
@ -0,0 +1 @@
|
||||
a1f281008d7e9574c14d386b39b3639a240eb0d1
|
||||
@ -1 +0,0 @@
|
||||
20218de83c906348283f548c255650fd06030424
|
||||
@ -0,0 +1 @@
|
||||
5e563309b99cf55bdbecc4dab7c417a0167c31aa
|
||||
@ -1 +0,0 @@
|
||||
4f30dbc462b26c588dffc0eb7552caef1a0f549e
|
||||
@ -0,0 +1 @@
|
||||
766327d675678686a05faa446c4413d8ccb79b5c
|
||||
@ -1 +0,0 @@
|
||||
927c8563a1662d869b145e70ce82ad89100f2c90
|
||||
@ -0,0 +1 @@
|
||||
e8800b0c50b6743ec1c5a3713816ce58910a703a
|
||||
@ -1 +0,0 @@
|
||||
c73443adb9d085d5dc2d5b7f3bdd91d5963976f7
|
||||
@ -0,0 +1 @@
|
||||
302b4c8ca800aeddcf94401f2403114c8f5db5a5
|
||||
@ -1 +0,0 @@
|
||||
eb81e1f0eaa99e75983bf3d28cae2b103e0f3a34
|
||||
@ -0,0 +1 @@
|
||||
26bc136952a9f7a994dd7162f481c860275948de
|
||||
@ -1 +0,0 @@
|
||||
415ea7f326635743aec952fe2349ca45959e94a7
|
||||
@ -0,0 +1 @@
|
||||
864d20f35ce909e6a7462095cb8f91ee94d1cd4c
|
||||
@ -1 +0,0 @@
|
||||
3acb4705652e16236558f0f4f2192cc33c3bd189
|
||||
@ -0,0 +1 @@
|
||||
3f18e1aa31031d89db6f01ba05d501258ce69d2c
|
||||
@ -1 +0,0 @@
|
||||
3acb4705652e16236558f0f4f2192cc33c3bd189
|
||||
@ -0,0 +1 @@
|
||||
3f18e1aa31031d89db6f01ba05d501258ce69d2c
|
||||
@ -1 +0,0 @@
|
||||
7ca2e4276f4ef95e4db725a8cd4a1d1e7585b9e5
|
||||
@ -0,0 +1 @@
|
||||
e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cada
|
||||
@ -1 +0,0 @@
|
||||
3acb4705652e16236558f0f4f2192cc33c3bd189
|
||||
@ -0,0 +1 @@
|
||||
3f18e1aa31031d89db6f01ba05d501258ce69d2c
|
||||
@ -1 +0,0 @@
|
||||
7ca2e4276f4ef95e4db725a8cd4a1d1e7585b9e5
|
||||
@ -0,0 +1 @@
|
||||
e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cada
|
||||
@ -1 +0,0 @@
|
||||
6ae6028aff033f194c9710ad87c224ccaadeed6c
|
||||
@ -0,0 +1 @@
|
||||
2c3f5c079330f3a01726686a078979420f547ae4
|
||||
@ -1 +0,0 @@
|
||||
76e9152e93d4cf052f93a64596f633ba5b1c8ed9
|
||||
@ -0,0 +1 @@
|
||||
5d9f3d441f99d721b957e3497f0a6465c764fad4
|
||||
@ -1 +0,0 @@
|
||||
3acb4705652e16236558f0f4f2192cc33c3bd189
|
||||
@ -0,0 +1 @@
|
||||
3f18e1aa31031d89db6f01ba05d501258ce69d2c
|
||||
@ -1 +0,0 @@
|
||||
7ca2e4276f4ef95e4db725a8cd4a1d1e7585b9e5
|
||||
@ -0,0 +1 @@
|
||||
e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cada
|
||||
@ -1 +0,0 @@
|
||||
3acb4705652e16236558f0f4f2192cc33c3bd189
|
||||
@ -0,0 +1 @@
|
||||
3f18e1aa31031d89db6f01ba05d501258ce69d2c
|
||||
@ -1 +0,0 @@
|
||||
3acb4705652e16236558f0f4f2192cc33c3bd189
|
||||
@ -0,0 +1 @@
|
||||
3f18e1aa31031d89db6f01ba05d501258ce69d2c
|
||||
@ -1 +0,0 @@
|
||||
3acb4705652e16236558f0f4f2192cc33c3bd189
|
||||
@ -0,0 +1 @@
|
||||
3f18e1aa31031d89db6f01ba05d501258ce69d2c
|
||||
@ -1 +0,0 @@
|
||||
3acb4705652e16236558f0f4f2192cc33c3bd189
|
||||
@ -0,0 +1 @@
|
||||
3f18e1aa31031d89db6f01ba05d501258ce69d2c
|
||||
@ -1 +0,0 @@
|
||||
7ca2e4276f4ef95e4db725a8cd4a1d1e7585b9e5
|
||||
@ -0,0 +1 @@
|
||||
e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cada
|
||||
@ -1 +0,0 @@
|
||||
6ae6028aff033f194c9710ad87c224ccaadeed6c
|
||||
@ -0,0 +1 @@
|
||||
2c3f5c079330f3a01726686a078979420f547ae4
|
||||
@ -1 +0,0 @@
|
||||
76e9152e93d4cf052f93a64596f633ba5b1c8ed9
|
||||
@ -0,0 +1 @@
|
||||
5d9f3d441f99d721b957e3497f0a6465c764fad4
|
||||
@ -1 +0,0 @@
|
||||
8e819a81bca88d1e88137336f64531a53db0a4ad
|
||||
@ -0,0 +1 @@
|
||||
a1f281008d7e9574c14d386b39b3639a240eb0d1
|
||||
@ -1 +0,0 @@
|
||||
20218de83c906348283f548c255650fd06030424
|
||||
@ -0,0 +1 @@
|
||||
5e563309b99cf55bdbecc4dab7c417a0167c31aa
|
||||
@ -1 +0,0 @@
|
||||
4f30dbc462b26c588dffc0eb7552caef1a0f549e
|
||||
@ -0,0 +1 @@
|
||||
766327d675678686a05faa446c4413d8ccb79b5c
|
||||
@ -1 +0,0 @@
|
||||
927c8563a1662d869b145e70ce82ad89100f2c90
|
||||
@ -0,0 +1 @@
|
||||
e8800b0c50b6743ec1c5a3713816ce58910a703a
|
||||
@ -1 +0,0 @@
|
||||
c73443adb9d085d5dc2d5b7f3bdd91d5963976f7
|
||||
@ -0,0 +1 @@
|
||||
302b4c8ca800aeddcf94401f2403114c8f5db5a5
|
||||
@ -1 +0,0 @@
|
||||
eb81e1f0eaa99e75983bf3d28cae2b103e0f3a34
|
||||
@ -0,0 +1 @@
|
||||
26bc136952a9f7a994dd7162f481c860275948de
|
||||
@ -1 +0,0 @@
|
||||
415ea7f326635743aec952fe2349ca45959e94a7
|
||||
@ -0,0 +1 @@
|
||||
864d20f35ce909e6a7462095cb8f91ee94d1cd4c
|
||||
Loading…
x
Reference in New Issue
Block a user