Bump dependencies for CVES (#3359)

* Bump dependencies for CVES * Add to cchangesyaml * Bump java agent
2022-02-07 07:56:25 -05:00 · 2022-02-07 07:56:25 -05:00 · a9348b6c51
parent 2531e6e57d
commit a9348b6c51
6 changed files with 9 additions and 6 deletions
--- a/hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/5_7_0/changes.yaml
+++ b/hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/5_7_0/changes.yaml
@ -12,6 +12,7 @@
 <li>Guava (All): 30.1.1-jre -> 31.0.1-jre</li>
 <li>JDOM (XML Patch Support):  2.0.6 -> 2.0.6.1 (Addresses CVE-2021-33813)</li>
 <li>Spring (JPA): 5.3.7 -> 5.3.15</li>
+<li>Spring (JPA): 5.3.7 -> 5.3.15</li>
 <li>Spring-Data (JPA): 2.5.0 -> 2.6.1</li>
 <li>Hibernate ORM (JPA): 5.4.30.Final -> 5.6.2.Final</li>
 <li>Flyway (JPA): 6.5.4 -> 8.4.1</li>
@ -26,6 +27,8 @@
 <li>Spring Boot (Boot): 2.5.0 -> 2.6.2</li>
 <li>Swagger UI (OpenAPI): 3.46.0 -> 4.1.3</li>
 <li>Resteasy (JAX-RS): 4.0.0.Beta3 -> 5.0.2.Final</li>
+<li>Postgresql (JPA): 42.3.1 -> 42.3.2</li>
+<li>Spring Security Oauth2(Oauth): 2.0.2.RELEASE -> 2.0.17.RELEASE</li>
 </ul>
 "

--- a/hapi-fhir-oauth2/pom.xml
+++ b/hapi-fhir-oauth2/pom.xml
@ -36,7 +36,7 @@
 		<dependency>
 		    <groupId>org.springframework.security.oauth</groupId>
 		    <artifactId>spring-security-oauth2</artifactId>
-		    <version>2.0.2.RELEASE</version>
+		    <version>2.0.17.RELEASE</version>
 		</dependency>

 		<!-- Server -->
--- a/hapi-tinder-plugin/pom.xml
+++ b/hapi-tinder-plugin/pom.xml
@ -188,7 +188,7 @@
 		<dependency>
 			<groupId>org.apache.ant</groupId>
 			<artifactId>ant</artifactId>
-			<version>1.10.10</version>
+			<version>1.10.11</version>
 		</dependency>
 		
 		<!-- This is just used for  -->
--- a/pom.xml
+++ b/pom.xml
@ -852,7 +852,7 @@
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <ebay_cors_filter_version>1.0.1</ebay_cors_filter_version>

-        <elastic_apm_version>1.24.0</elastic_apm_version>
+        <elastic_apm_version>1.28.4</elastic_apm_version>
        <!-- CQL Support -->
        <cql-engine.version>1.5.1</cql-engine.version>
        <cql-evaluator.version>1.2.0</cql-evaluator.version>
@ -1706,7 +1706,7 @@
 			<dependency>
 				<groupId>org.postgresql</groupId>
 				<artifactId>postgresql</artifactId>
-				<version>42.3.1</version>
+				<version>42.3.2</version>
 			</dependency>
 			<dependency>
 				<groupId>org.quartz-scheduler</groupId>
--- a/vagrant/chef/cookbooks/apt/Gemfile
+++ b/vagrant/chef/cookbooks/apt/Gemfile
@ -2,7 +2,7 @@ source 'https://rubygems.org'

 group :lint do
  gem 'foodcritic', '~> 3.0'
-  gem 'rubocop', '~> 0.23'
+  gem 'rubocop', '~> 0.49.0'
  gem 'rainbow', '< 2.0'
 end

--- a/vagrant/chef/cookbooks/java/Gemfile
+++ b/vagrant/chef/cookbooks/java/Gemfile
@ -3,7 +3,7 @@ source 'https://rubygems.org'
 gem 'berkshelf',  '~> 2.0'
 gem 'chefspec',   '~> 3.1'
 gem 'foodcritic', '~> 3.0'
-gem 'rubocop',    '~> 0.12'
+gem 'rubocop',    '~> 0.49.0'

 group :integration do
  gem 'test-kitchen',    '~> 1.2.1'