[beam] branch master updated: [Security] Bump org.json:json due to CVE-2022-45688 (#28962)

Wed, 18 Oct 2023 20:12:32 -0700 

This is an automated email from the ASF dual-hosted git repository.

yhu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/beam.git


The following commit(s) were added to refs/heads/master by this push:
     new 8fb23eef6dc [Security] Bump org.json:json due to CVE-2022-45688 
(#28962)
8fb23eef6dc is described below

commit 8fb23eef6dcf6fa8c42975f2d434492623b349ff
Author: Bruno Volpato <[email protected]>
AuthorDate: Wed Oct 18 23:11:37 2023 -0400

    [Security] Bump org.json:json due to CVE-2022-45688 (#28962)
---
 .../src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy    | 4 ++--
 .../src/main/java/org/apache/beam/sdk/schemas/utils/JsonUtils.java    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git 
a/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy 
b/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy
index 46968e0e5ad..b13fd00dc24 100644
--- a/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy
+++ b/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy
@@ -602,7 +602,7 @@ class BeamModulePlugin implements Plugin<Project> {
     def jackson_version = "2.14.1"
     def jaxb_api_version = "2.3.3"
     def jsr305_version = "3.0.2"
-    def everit_json_version = "1.14.1"
+    def everit_json_version = "1.14.2"
     def kafka_version = "2.4.1"
     def log4j2_version = "2.20.0"
     def nemo_version = "0.1"
@@ -809,7 +809,7 @@ class BeamModulePlugin implements Plugin<Project> {
         joda_time                                   : 
"joda-time:joda-time:2.10.10",
         jsonassert                                  : 
"org.skyscreamer:jsonassert:1.5.0",
         jsr305                                      : 
"com.google.code.findbugs:jsr305:$jsr305_version",
-        json_org                                    : 
"org.json:json:20220320", // Keep in sync with everit-json-schema / 
google_cloud_platform_libraries_bom transitive deps.
+        json_org                                    : 
"org.json:json:20230618", // Keep in sync with everit-json-schema / 
google_cloud_platform_libraries_bom transitive deps.
         everit_json_schema                          : 
"com.github.erosb:everit-json-schema:${everit_json_version}",
         junit                                       : "junit:junit:4.13.1",
         jupiter_api                                 : 
"org.junit.jupiter:junit-jupiter-api:$jupiter_version",
diff --git 
a/sdks/java/core/src/main/java/org/apache/beam/sdk/schemas/utils/JsonUtils.java 
b/sdks/java/core/src/main/java/org/apache/beam/sdk/schemas/utils/JsonUtils.java
index a724664ceaf..18f5813c6cc 100644
--- 
a/sdks/java/core/src/main/java/org/apache/beam/sdk/schemas/utils/JsonUtils.java
+++ 
b/sdks/java/core/src/main/java/org/apache/beam/sdk/schemas/utils/JsonUtils.java
@@ -58,7 +58,7 @@ import org.json.JSONObject;
  * }</pre>
  *
  * <p><b>Note:</b> This functionality has been tested with {@code 
everit-json-schema} version
- * 1.14.1.
+ * 1.14.2.
  *
  * <h3>JSON-Schema supported features</h3>
  *

Reply via email to