honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
55,596 Commits 7 Branches 6 Tags 546 MiB
Commit Graph

19 Commits

Author SHA1 Message Date
Yoann Rodière b5d5616d44
Update commons-logging to 1.2 (#2806) 
* Upgrade to Apache Commons Logging 1.2

Signed-off-by: Yoann Rodière <yoann@hibernate.org>

* Clarify that Apache HTTP/commons-* dependencies are not just for tests

Signed-off-by: Yoann Rodière <yoann@hibernate.org>
 2022-04-08 16:43:51 -04:00
dependabot[bot] e44706e500
Bump jettison from 1.1 to 1.4.1 in /plugins/discovery-azure-classic (#2614) 
* Bump jettison from 1.1 to 1.4.1 in /plugins/discovery-azure-classic

Bumps [jettison](https://github.com/jettison-json/jettison) from 1.1 to 1.4.1.
- [Release notes](https://github.com/jettison-json/jettison/releases)
- [Commits](https://github.com/jettison-json/jettison/compare/jettison-1.1...jettison-1.4.1)

---
updated-dependencies:
- dependency-name: org.codehaus.jettison:jettison
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updating SHAs

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
 2022-03-28 12:42:31 -05:00
dependabot[bot] 91969ce08c
Bump commons-io from 2.7 to 2.11.0 in /plugins/discovery-azure-classic (#2527) 
* Bump commons-io from 2.7 to 2.11.0 in /plugins/discovery-azure-classic

Bumps commons-io from 2.7 to 2.11.0.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updating SHAs

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
 2022-03-21 12:43:13 -07:00
dependabot[bot] de0425e32f
Bump jaxb-api from 2.2.2 to 2.3.1 in /plugins/discovery-azure-classic (#2183) 
* Bump jaxb-api from 2.2.2 to 2.3.1 in /plugins/discovery-azure-classic

Bumps [jaxb-api](https://github.com/javaee/jaxb-spec) from 2.2.2 to 2.3.1.
- [Release notes](https://github.com/javaee/jaxb-spec/releases)
- [Commits](https://github.com/javaee/jaxb-spec/commits/2.3.1)

---
updated-dependencies:
- dependency-name: javax.xml.bind:jaxb-api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updating SHAs

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
 2022-02-21 12:00:32 -08:00
dependabot[bot] 5698120555
Bump mail from 1.4.5 to 1.4.7 in /plugins/discovery-azure-classic (#2127) 
* Bump mail from 1.4.5 to 1.4.7 in /plugins/discovery-azure-classic

Bumps mail from 1.4.5 to 1.4.7.

---
updated-dependencies:
- dependency-name: javax.mail:mail
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updating SHAs

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
 2022-02-18 15:26:56 -08:00
Andriy Redko 65804d25a6
Update to log4j 2.17.1 (#1820) 
Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
 2021-12-28 17:06:42 -05:00
Andriy Redko ca27c8fd4f
Update to log4j 2.17.0 (#1771) 2021-12-18 09:36:59 -08:00
Andriy Redko 6db435412b
Upgrade to log4j 2.16.0 (#1721) 
Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
 2021-12-14 07:34:45 -05:00
Andrew Ross 309649ce8a
Upgrade to logj4 2.15.0 (#1698) 
Signed-off-by: Andrew Ross <andrross@amazon.com>
 2021-12-10 13:03:41 -08:00
Sarat Vemulapalli e0e6995c4a
Updating Log4j to 2.11.2 (#1696) 
Signed-off-by: Sarat Vemulapalli <vemulapallisarat@gmail.com>
 2021-12-10 08:03:45 -08:00
Abbas Hussain 3e92821c82
[CVE] Upgrade dependencies for Azure related plugins to mitigate CVEs (#688) 
* Update commons-io-2.4.jar to 2.7 for plugins/discovery-azure-classic module
* Remove unused jackson dependency and respective LICENSE and NOTICE
* Update guava dependency to mitigate CVE for repository-azure plugin

Signed-off-by: Abbas Hussain <abbas_10690@yahoo.com>
 2021-05-26 03:27:36 +05:30
Rabi Panda 50abf6d066
[CVE] Upgrade dependencies to mitigate CVEs (#657) 
This PR upgrade the following dependencies to fix CVEs.

- commons-codec:1.12 (->1.13) apache/commons-codec@48b6157
- ant:1.10.8 (->1.10.9) https://ant.apache.org/security.html
- jackson-databind:2.10.4 (->2.11.0) FasterXML/jackson-databind#2589
- jackson-dataformat-cbor:2.10.4 (->2.11.0) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28491
- apache-httpclient:4.5.10 (->4.5.13) https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-13956
- checkstyle:8.20 (->8.29) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10782
- junit:4.12 (->4.13.1) https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp
- netty:4.1.49.Final (->4.1.59) https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2

Signed-off-by: Rabi Panda <adnapibar@gmail.com>
 2021-05-18 11:37:24 -07:00
Mark Vieira 0fd756d511
Enforce strict license distribution requirements (#56642) 2020-05-14 13:57:56 -07:00
Luca Cavanna e57756492a Update http-core and http-client dependencies (#46549) 
Relates to #45808
Closes #45577
 2019-09-12 09:45:29 +02:00
Jason Tedor 371cb9a8ce
Remove Log4j 1.2 API as a dependency (#42702) 
We had this as a dependency for legacy dependencies that still needed
the Log4j 1.2 API. This appears to no longer be necessary, so this
commit removes this artifact as a dependency.

To remove this dependency, we had to fix a few places where we were
accidentally relying on Log4j 1.2 instead of Log4j 2 (easy to do, since
both APIs were on the compile-time classpath).

Finally, we can remove our custom Netty logger factory. This was needed
when we were on Log4j 1.2 and handled logging in our own unique
way. When we migrated to Log4j 2 we could have dropped this
dependency. However, even then Netty would still pick up Log4j 1.2 since
it was on the classpath, thus the advantage to removing this as a
dependency now.
 2019-05-30 16:08:07 -04:00
Jay Modi f34663282c
Update apache httpclient to version 4.5.8 (#40875) 
This change updates our version of httpclient to version 4.5.8, which
contains the fix for HTTPCLIENT-1968, which is a bug where the client
started re-writing paths that contained encoded reserved characters
with their unreserved form.
 2019-04-05 13:48:10 -06:00
Jay Modi 54dbf9469c
Update httpclient for JDK 11 TLS engine (#37994) 
The apache commons http client implementations recently released
versions that solve TLS compatibility issues with the new TLS engine
that supports TLSv1.3 with JDK 11. This change updates our code to
use these versions since JDK 11 is a supported JDK and we should
allow the use of TLSv1.3.
 2019-01-30 14:24:29 -07:00
javanna 118a14fbe3 Build: upgrade httpcore version to 4.4.5 
Closes #19127
 2016-07-19 15:11:40 +02:00
David Pilato 527a9c7f48 Deprecate discovery-azure and rename it to discovery-azure-classic 
As discussed at https://github.com/elastic/elasticsearch-cloud-azure/issues/91#issuecomment-229113595, we know that the current `discovery-azure` plugin only works with Azure Classic VMs / Services (which is somehow Legacy now).

The proposal here is to rename `discovery-azure` to `discovery-azure-classic` in case some users are using it.
And deprecate it for 5.0.

Closes #19144.
 2016-06-30 14:42:40 +02:00