This is an automated email from the ASF dual-hosted git repository.
kezhenxu94 pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git
The following commit(s) were added to refs/heads/dev by this push:
new 0cf31232de [Feature][dependencies] Bump spring-core from 5.3.12 to
5.3.19 (#10857)
0cf31232de is described below
commit 0cf31232defac2a0cd423222d9a11b9c88fb79e4
Author: Chris Ho <[email protected]>
AuthorDate: Sat Jul 9 15:19:46 2022 +0800
[Feature][dependencies] Bump spring-core from 5.3.12 to 5.3.19 (#10857)
---
dolphinscheduler-dist/release-docs/LICENSE | 20 ++++----
dolphinscheduler-dist/release-docs/NOTICE | 4 +-
.../release-docs/licenses/LICENSE-spring-beans.txt | 60 +++++++++++++---------
.../release-docs/licenses/LICENSE-spring-boot.txt | 4 +-
.../licenses/LICENSE-spring-context.txt | 60 +++++++++++++---------
.../release-docs/licenses/LICENSE-spring-core.txt | 60 +++++++++++++---------
.../release-docs/licenses/LICENSE-spring-jdbc.txt | 60 +++++++++++++---------
.../release-docs/licenses/LICENSE-spring-tx.txt | 60 +++++++++++++---------
pom.xml | 2 +-
tools/dependencies/check-LICENSE.sh | 9 ++--
tools/dependencies/known-dependencies.txt | 10 ++--
11 files changed, 201 insertions(+), 148 deletions(-)
diff --git a/dolphinscheduler-dist/release-docs/LICENSE
b/dolphinscheduler-dist/release-docs/LICENSE
index 3a221f1537..67a90d91a1 100644
--- a/dolphinscheduler-dist/release-docs/LICENSE
+++ b/dolphinscheduler-dist/release-docs/LICENSE
@@ -342,9 +342,9 @@ The text of each license is also included at
licenses/LICENSE-[project].txt.
snakeyaml 1.28:
https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.28, Apache 2.0
snappy 0.2: https://mvnrepository.com/artifact/org.iq80.snappy/snappy/0.2,
Apache 2.0
snappy-java 1.0.4.1: https://github.com/xerial/snappy-java, Apache 2.0
- SparseBitSet 1.2:
https://mvnrepository.com/artifact/com.zaxxer/SparseBitSet, Apache 2.0
+ SparseBitSet 1.2:
https://mvnrepository.com/artifact/com.zaxxer/SparseBitSet/1.2, Apache 2.0
spring-aop 5.3.12:
https://mvnrepository.com/artifact/org.springframework/spring-aop/5.3.12,
Apache 2.0
- spring-beans 5.3.12:
https://mvnrepository.com/artifact/org.springframework/spring-beans/5.3.12,
Apache 2.0
+ spring-beans 5.3.19:
https://mvnrepository.com/artifact/org.springframework/spring-beans/5.3.19,
Apache 2.0
spring-boot 2.5.6:
https://mvnrepository.com/artifact/org.springframework.boot/spring-boot/2.5.6,
Apache 2.0
spring-boot-actuator 2.5.6:
https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-actuator/2.5.6,
Apache 2.0
spring-boot-actuator-autoconfigure 2.5.6:
https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-actuator-autoconfigure/2.5.6,
Apache 2.0
@@ -360,22 +360,22 @@ The text of each license is also included at
licenses/LICENSE-[project].txt.
spring-boot-starter-quartz 2.5.6:
https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-quartz/2.5.6,
Apache 2.0
spring-boot-starter-web 2.5.6:
https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-web/2.5.6,
Apache 2.0
spring-boot-starter-cache 2.5.6:
https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-cache/2.5.6,
Apache 2.0
- spring-context 5.3.12:
https://mvnrepository.com/artifact/org.springframework/spring-context/5.3.12,
Apache 2.0
+ spring-context 5.3.19:
https://mvnrepository.com/artifact/org.springframework/spring-context/5.3.19,
Apache 2.0
spring-context-support 5.3.12:
https://mvnrepository.com/artifact/org.springframework/spring-context-support/5.3.12,
Apache 2.0
- spring-core 5.3.12:
https://mvnrepository.com/artifact/org.springframework/spring-core, Apache 2.0
- spring-expression 5.3.12:
https://mvnrepository.com/artifact/org.springframework/spring-expression,
Apache 2.0
- springfox-core 2.9.2:
https://mvnrepository.com/artifact/io.springfox/springfox-core, Apache 2.0
- springfox-schema 2.9.2:
https://mvnrepository.com/artifact/io.springfox/springfox-schema, Apache 2.0
- springfox-spi 2.9.2:
https://mvnrepository.com/artifact/io.springfox/springfox-spi, Apache 2.0
+ spring-core 5.3.19:
https://mvnrepository.com/artifact/org.springframework/spring-core/5.3.19,
Apache 2.0
+ spring-expression 5.3.12:
https://mvnrepository.com/artifact/org.springframework/spring-expression/5.3.12,
Apache 2.0
+ springfox-core 2.9.2:
https://mvnrepository.com/artifact/io.springfox/springfox-core/2.9.2, Apache 2.0
+ springfox-schema 2.9.2:
https://mvnrepository.com/artifact/io.springfox/springfox-schema/2.9.2, Apache
2.0
+ springfox-spi 2.9.2:
https://mvnrepository.com/artifact/io.springfox/springfox-spi/2.9.2, Apache 2.0
springfox-spring-web 2.9.2:
https://mvnrepository.com/artifact/io.springfox/springfox-spring-web/2.9.2,
Apache 2.0
springfox-swagger2 2.9.2:
https://mvnrepository.com/artifact/io.springfox/springfox-swagger2/2.9.2,
Apache 2.0
springfox-swagger-common 2.9.2:
https://mvnrepository.com/artifact/io.springfox/springfox-swagger-common/2.9.2,
Apache 2.0
springfox-swagger-ui 2.9.2:
https://mvnrepository.com/artifact/io.springfox/springfox-swagger-ui/2.9.2,
Apache 2.0
spring-jcl 5.3.12:
https://mvnrepository.com/artifact/org.springframework/spring-jcl/5.3.12,
Apache 2.0
- spring-jdbc 5.3.12:
https://mvnrepository.com/artifact/org.springframework/spring-jdbc/5.3.12,
Apache 2.0
+ spring-jdbc 5.3.19:
https://mvnrepository.com/artifact/org.springframework/spring-jdbc/5.3.19,
Apache 2.0
spring-plugin-core 1.2.0.RELEASE:
https://mvnrepository.com/artifact/org.springframework.plugin/spring-plugin-core/1.2.0.RELEASE,
Apache 2.0
spring-plugin-metadata 1.2.0.RELEASE:
https://mvnrepository.com/artifact/org.springframework.plugin/spring-plugin-metadata/1.2.0.RELEASE,
Apache 2.0
- spring-tx 5.3.12:
https://mvnrepository.com/artifact/org.springframework/spring-tx/5.3.12, Apache
2.0
+ spring-tx 5.3.19:
https://mvnrepository.com/artifact/org.springframework/spring-tx/5.3.19, Apache
2.0
spring-web 5.3.12:
https://mvnrepository.com/artifact/org.springframework/spring-web/5.3.12,
Apache 2.0
spring-webmvc 5.3.12:
https://mvnrepository.com/artifact/org.springframework/spring-webmvc/5.3.12,
Apache 2.0
swagger-annotations 1.5.20:
https://mvnrepository.com/artifact/io.swagger/swagger-annotations/1.5.20,
Apache 2.0
diff --git a/dolphinscheduler-dist/release-docs/NOTICE
b/dolphinscheduler-dist/release-docs/NOTICE
index 340141a6b9..1411e7a78c 100644
--- a/dolphinscheduler-dist/release-docs/NOTICE
+++ b/dolphinscheduler-dist/release-docs/NOTICE
@@ -362,8 +362,8 @@ This product contains the Maven wrapper scripts from 'Maven
Wrapper', that provi
Spring Framework NOTICE
========================================================================
-Spring Framework 5.1.18.RELEASE
-Copyright (c) 2002-2020 Pivotal, Inc.
+Spring Framework 5.3.19
+Copyright (c) 2002-2022 Pivotal, Inc.
This product is licensed to you under the Apache License, Version 2.0
(the "License"). You may not use this product except in compliance with
diff --git
a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-beans.txt
b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-beans.txt
index 3f22c9c3a8..0eb8edb063 100644
--- a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-beans.txt
+++ b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-beans.txt
@@ -1,6 +1,6 @@
- Apache License
+ Apache License
Version 2.0, January 2004
- http://www.apache.org/licenses/
+ https://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
@@ -192,7 +192,7 @@
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+ https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
@@ -212,7 +212,7 @@ code for these subcomponents is subject to the terms and
conditions of the following licenses.
->>> ASM 4.0 (org.ow2.asm:asm:4.0, org.ow2.asm:asm-commons:4.0):
+>>> ASM 9.1 (org.ow2.asm:asm:9.1, org.ow2.asm:asm-commons:9.1):
Copyright (c) 2000-2011 INRIA, France Telecom
All rights reserved.
@@ -244,36 +244,46 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
THE POSSIBILITY OF SUCH DAMAGE.
-Copyright (c) 1999-2009, OW2 Consortium <http://www.ow2.org/>
+Copyright (c) 1999-2009, OW2 Consortium <https://www.ow2.org/>
->>> CGLIB 3.0 (cglib:cglib:3.0):
+>>> CGLIB 3.3 (cglib:cglib:3.3):
Per the LICENSE file in the CGLIB JAR distribution downloaded from
-http://sourceforge.net/projects/cglib/files/cglib3/3.0/cglib-3.0.jar/download,
-CGLIB 3.0 is licensed under the Apache License, version 2.0, the text of which
+https://github.com/cglib/cglib/releases/download/RELEASE_3_3_0/cglib-3.3.0.jar,
+CGLIB 3.3 is licensed under the Apache License, version 2.0, the text of which
is included above.
-=======================================================================
+>>> Objenesis 3.2 (org.objenesis:objenesis:3.2):
-To the extent any open source subcomponents are licensed under the EPL and/or
-other similar licenses that require the source code and/or modifications to
-source code to be made available (as would be noted above), you may obtain a
-copy of the source code corresponding to the binaries for such open source
-components and modifications thereto, if any, (the "Source Files"), by
-downloading the Source Files from http://www.springsource.org/download, or by
-sending a request, with your name and address to:
+Per the LICENSE file in the Objenesis ZIP distribution downloaded from
+http://objenesis.org/download.html, Objenesis 3.2 is licensed under the
+Apache License, version 2.0, the text of which is included above.
- Pivotal, Inc., 875 Howard St,
- San Francisco, CA 94103
- United States of America
+Per the NOTICE file in the Objenesis ZIP distribution downloaded from
+http://objenesis.org/download.html and corresponding to section 4d of the
+Apache License, Version 2.0, in this case for Objenesis:
-or email [email protected]. All such requests should clearly specify:
+Objenesis
+Copyright 2006-2019 Joe Walnes, Henri Tremblay, Leonardo Mesquita
- OPEN SOURCE FILES REQUEST
- Attention General Counsel
-Pivotal shall mail a copy of the Source Files to you on a CD or equivalent
-physical medium. This offer to obtain a copy of the Source Files is valid for
-three years from the date you acquired this Software product.
\ No newline at end of file
+===============================================================================
+
+To the extent any open source components are licensed under the EPL and/or
+other similar licenses that require the source code and/or modifications to
+source code to be made available (as would be noted above), you may obtain a
+copy of the source code corresponding to the binaries for such open source
+components and modifications thereto, if any, (the "Source Files"), by
+downloading the Source Files from https://spring.io/projects, Pivotal's website
+at https://network.pivotal.io/open-source, or by sending a request, with your
+name and address to: Pivotal Software, Inc., 875 Howard Street, 5th floor, San
+Francisco, CA 94103, Attention: General Counsel. All such requests should
+clearly specify: OPEN SOURCE FILES REQUEST, Attention General Counsel. Pivotal
+can mail a copy of the Source Files to you on a CD or equivalent physical
+medium.
+
+This offer to obtain a copy of the Source Files is valid for three years from
+the date you acquired this Software product. Alternatively, the Source Files
+may accompany the Software.
diff --git
a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-boot.txt
b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-boot.txt
index 82714d7648..823c1c8e98 100644
--- a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-boot.txt
+++ b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-boot.txt
@@ -1,7 +1,7 @@
Apache License
Version 2.0, January 2004
- http://www.apache.org/licenses/
+ https://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
@@ -193,7 +193,7 @@
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+ https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
diff --git
a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-context.txt
b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-context.txt
index 3f22c9c3a8..0eb8edb063 100644
--- a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-context.txt
+++ b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-context.txt
@@ -1,6 +1,6 @@
- Apache License
+ Apache License
Version 2.0, January 2004
- http://www.apache.org/licenses/
+ https://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
@@ -192,7 +192,7 @@
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+ https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
@@ -212,7 +212,7 @@ code for these subcomponents is subject to the terms and
conditions of the following licenses.
->>> ASM 4.0 (org.ow2.asm:asm:4.0, org.ow2.asm:asm-commons:4.0):
+>>> ASM 9.1 (org.ow2.asm:asm:9.1, org.ow2.asm:asm-commons:9.1):
Copyright (c) 2000-2011 INRIA, France Telecom
All rights reserved.
@@ -244,36 +244,46 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
THE POSSIBILITY OF SUCH DAMAGE.
-Copyright (c) 1999-2009, OW2 Consortium <http://www.ow2.org/>
+Copyright (c) 1999-2009, OW2 Consortium <https://www.ow2.org/>
->>> CGLIB 3.0 (cglib:cglib:3.0):
+>>> CGLIB 3.3 (cglib:cglib:3.3):
Per the LICENSE file in the CGLIB JAR distribution downloaded from
-http://sourceforge.net/projects/cglib/files/cglib3/3.0/cglib-3.0.jar/download,
-CGLIB 3.0 is licensed under the Apache License, version 2.0, the text of which
+https://github.com/cglib/cglib/releases/download/RELEASE_3_3_0/cglib-3.3.0.jar,
+CGLIB 3.3 is licensed under the Apache License, version 2.0, the text of which
is included above.
-=======================================================================
+>>> Objenesis 3.2 (org.objenesis:objenesis:3.2):
-To the extent any open source subcomponents are licensed under the EPL and/or
-other similar licenses that require the source code and/or modifications to
-source code to be made available (as would be noted above), you may obtain a
-copy of the source code corresponding to the binaries for such open source
-components and modifications thereto, if any, (the "Source Files"), by
-downloading the Source Files from http://www.springsource.org/download, or by
-sending a request, with your name and address to:
+Per the LICENSE file in the Objenesis ZIP distribution downloaded from
+http://objenesis.org/download.html, Objenesis 3.2 is licensed under the
+Apache License, version 2.0, the text of which is included above.
- Pivotal, Inc., 875 Howard St,
- San Francisco, CA 94103
- United States of America
+Per the NOTICE file in the Objenesis ZIP distribution downloaded from
+http://objenesis.org/download.html and corresponding to section 4d of the
+Apache License, Version 2.0, in this case for Objenesis:
-or email [email protected]. All such requests should clearly specify:
+Objenesis
+Copyright 2006-2019 Joe Walnes, Henri Tremblay, Leonardo Mesquita
- OPEN SOURCE FILES REQUEST
- Attention General Counsel
-Pivotal shall mail a copy of the Source Files to you on a CD or equivalent
-physical medium. This offer to obtain a copy of the Source Files is valid for
-three years from the date you acquired this Software product.
\ No newline at end of file
+===============================================================================
+
+To the extent any open source components are licensed under the EPL and/or
+other similar licenses that require the source code and/or modifications to
+source code to be made available (as would be noted above), you may obtain a
+copy of the source code corresponding to the binaries for such open source
+components and modifications thereto, if any, (the "Source Files"), by
+downloading the Source Files from https://spring.io/projects, Pivotal's website
+at https://network.pivotal.io/open-source, or by sending a request, with your
+name and address to: Pivotal Software, Inc., 875 Howard Street, 5th floor, San
+Francisco, CA 94103, Attention: General Counsel. All such requests should
+clearly specify: OPEN SOURCE FILES REQUEST, Attention General Counsel. Pivotal
+can mail a copy of the Source Files to you on a CD or equivalent physical
+medium.
+
+This offer to obtain a copy of the Source Files is valid for three years from
+the date you acquired this Software product. Alternatively, the Source Files
+may accompany the Software.
diff --git
a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-core.txt
b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-core.txt
index 3f22c9c3a8..0eb8edb063 100644
--- a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-core.txt
+++ b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-core.txt
@@ -1,6 +1,6 @@
- Apache License
+ Apache License
Version 2.0, January 2004
- http://www.apache.org/licenses/
+ https://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
@@ -192,7 +192,7 @@
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+ https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
@@ -212,7 +212,7 @@ code for these subcomponents is subject to the terms and
conditions of the following licenses.
->>> ASM 4.0 (org.ow2.asm:asm:4.0, org.ow2.asm:asm-commons:4.0):
+>>> ASM 9.1 (org.ow2.asm:asm:9.1, org.ow2.asm:asm-commons:9.1):
Copyright (c) 2000-2011 INRIA, France Telecom
All rights reserved.
@@ -244,36 +244,46 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
THE POSSIBILITY OF SUCH DAMAGE.
-Copyright (c) 1999-2009, OW2 Consortium <http://www.ow2.org/>
+Copyright (c) 1999-2009, OW2 Consortium <https://www.ow2.org/>
->>> CGLIB 3.0 (cglib:cglib:3.0):
+>>> CGLIB 3.3 (cglib:cglib:3.3):
Per the LICENSE file in the CGLIB JAR distribution downloaded from
-http://sourceforge.net/projects/cglib/files/cglib3/3.0/cglib-3.0.jar/download,
-CGLIB 3.0 is licensed under the Apache License, version 2.0, the text of which
+https://github.com/cglib/cglib/releases/download/RELEASE_3_3_0/cglib-3.3.0.jar,
+CGLIB 3.3 is licensed under the Apache License, version 2.0, the text of which
is included above.
-=======================================================================
+>>> Objenesis 3.2 (org.objenesis:objenesis:3.2):
-To the extent any open source subcomponents are licensed under the EPL and/or
-other similar licenses that require the source code and/or modifications to
-source code to be made available (as would be noted above), you may obtain a
-copy of the source code corresponding to the binaries for such open source
-components and modifications thereto, if any, (the "Source Files"), by
-downloading the Source Files from http://www.springsource.org/download, or by
-sending a request, with your name and address to:
+Per the LICENSE file in the Objenesis ZIP distribution downloaded from
+http://objenesis.org/download.html, Objenesis 3.2 is licensed under the
+Apache License, version 2.0, the text of which is included above.
- Pivotal, Inc., 875 Howard St,
- San Francisco, CA 94103
- United States of America
+Per the NOTICE file in the Objenesis ZIP distribution downloaded from
+http://objenesis.org/download.html and corresponding to section 4d of the
+Apache License, Version 2.0, in this case for Objenesis:
-or email [email protected]. All such requests should clearly specify:
+Objenesis
+Copyright 2006-2019 Joe Walnes, Henri Tremblay, Leonardo Mesquita
- OPEN SOURCE FILES REQUEST
- Attention General Counsel
-Pivotal shall mail a copy of the Source Files to you on a CD or equivalent
-physical medium. This offer to obtain a copy of the Source Files is valid for
-three years from the date you acquired this Software product.
\ No newline at end of file
+===============================================================================
+
+To the extent any open source components are licensed under the EPL and/or
+other similar licenses that require the source code and/or modifications to
+source code to be made available (as would be noted above), you may obtain a
+copy of the source code corresponding to the binaries for such open source
+components and modifications thereto, if any, (the "Source Files"), by
+downloading the Source Files from https://spring.io/projects, Pivotal's website
+at https://network.pivotal.io/open-source, or by sending a request, with your
+name and address to: Pivotal Software, Inc., 875 Howard Street, 5th floor, San
+Francisco, CA 94103, Attention: General Counsel. All such requests should
+clearly specify: OPEN SOURCE FILES REQUEST, Attention General Counsel. Pivotal
+can mail a copy of the Source Files to you on a CD or equivalent physical
+medium.
+
+This offer to obtain a copy of the Source Files is valid for three years from
+the date you acquired this Software product. Alternatively, the Source Files
+may accompany the Software.
diff --git
a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-jdbc.txt
b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-jdbc.txt
index 3f22c9c3a8..0eb8edb063 100644
--- a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-jdbc.txt
+++ b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-jdbc.txt
@@ -1,6 +1,6 @@
- Apache License
+ Apache License
Version 2.0, January 2004
- http://www.apache.org/licenses/
+ https://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
@@ -192,7 +192,7 @@
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+ https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
@@ -212,7 +212,7 @@ code for these subcomponents is subject to the terms and
conditions of the following licenses.
->>> ASM 4.0 (org.ow2.asm:asm:4.0, org.ow2.asm:asm-commons:4.0):
+>>> ASM 9.1 (org.ow2.asm:asm:9.1, org.ow2.asm:asm-commons:9.1):
Copyright (c) 2000-2011 INRIA, France Telecom
All rights reserved.
@@ -244,36 +244,46 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
THE POSSIBILITY OF SUCH DAMAGE.
-Copyright (c) 1999-2009, OW2 Consortium <http://www.ow2.org/>
+Copyright (c) 1999-2009, OW2 Consortium <https://www.ow2.org/>
->>> CGLIB 3.0 (cglib:cglib:3.0):
+>>> CGLIB 3.3 (cglib:cglib:3.3):
Per the LICENSE file in the CGLIB JAR distribution downloaded from
-http://sourceforge.net/projects/cglib/files/cglib3/3.0/cglib-3.0.jar/download,
-CGLIB 3.0 is licensed under the Apache License, version 2.0, the text of which
+https://github.com/cglib/cglib/releases/download/RELEASE_3_3_0/cglib-3.3.0.jar,
+CGLIB 3.3 is licensed under the Apache License, version 2.0, the text of which
is included above.
-=======================================================================
+>>> Objenesis 3.2 (org.objenesis:objenesis:3.2):
-To the extent any open source subcomponents are licensed under the EPL and/or
-other similar licenses that require the source code and/or modifications to
-source code to be made available (as would be noted above), you may obtain a
-copy of the source code corresponding to the binaries for such open source
-components and modifications thereto, if any, (the "Source Files"), by
-downloading the Source Files from http://www.springsource.org/download, or by
-sending a request, with your name and address to:
+Per the LICENSE file in the Objenesis ZIP distribution downloaded from
+http://objenesis.org/download.html, Objenesis 3.2 is licensed under the
+Apache License, version 2.0, the text of which is included above.
- Pivotal, Inc., 875 Howard St,
- San Francisco, CA 94103
- United States of America
+Per the NOTICE file in the Objenesis ZIP distribution downloaded from
+http://objenesis.org/download.html and corresponding to section 4d of the
+Apache License, Version 2.0, in this case for Objenesis:
-or email [email protected]. All such requests should clearly specify:
+Objenesis
+Copyright 2006-2019 Joe Walnes, Henri Tremblay, Leonardo Mesquita
- OPEN SOURCE FILES REQUEST
- Attention General Counsel
-Pivotal shall mail a copy of the Source Files to you on a CD or equivalent
-physical medium. This offer to obtain a copy of the Source Files is valid for
-three years from the date you acquired this Software product.
\ No newline at end of file
+===============================================================================
+
+To the extent any open source components are licensed under the EPL and/or
+other similar licenses that require the source code and/or modifications to
+source code to be made available (as would be noted above), you may obtain a
+copy of the source code corresponding to the binaries for such open source
+components and modifications thereto, if any, (the "Source Files"), by
+downloading the Source Files from https://spring.io/projects, Pivotal's website
+at https://network.pivotal.io/open-source, or by sending a request, with your
+name and address to: Pivotal Software, Inc., 875 Howard Street, 5th floor, San
+Francisco, CA 94103, Attention: General Counsel. All such requests should
+clearly specify: OPEN SOURCE FILES REQUEST, Attention General Counsel. Pivotal
+can mail a copy of the Source Files to you on a CD or equivalent physical
+medium.
+
+This offer to obtain a copy of the Source Files is valid for three years from
+the date you acquired this Software product. Alternatively, the Source Files
+may accompany the Software.
diff --git a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-tx.txt
b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-tx.txt
index 3f22c9c3a8..0eb8edb063 100644
--- a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-tx.txt
+++ b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-tx.txt
@@ -1,6 +1,6 @@
- Apache License
+ Apache License
Version 2.0, January 2004
- http://www.apache.org/licenses/
+ https://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
@@ -192,7 +192,7 @@
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+ https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
@@ -212,7 +212,7 @@ code for these subcomponents is subject to the terms and
conditions of the following licenses.
->>> ASM 4.0 (org.ow2.asm:asm:4.0, org.ow2.asm:asm-commons:4.0):
+>>> ASM 9.1 (org.ow2.asm:asm:9.1, org.ow2.asm:asm-commons:9.1):
Copyright (c) 2000-2011 INRIA, France Telecom
All rights reserved.
@@ -244,36 +244,46 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
THE POSSIBILITY OF SUCH DAMAGE.
-Copyright (c) 1999-2009, OW2 Consortium <http://www.ow2.org/>
+Copyright (c) 1999-2009, OW2 Consortium <https://www.ow2.org/>
->>> CGLIB 3.0 (cglib:cglib:3.0):
+>>> CGLIB 3.3 (cglib:cglib:3.3):
Per the LICENSE file in the CGLIB JAR distribution downloaded from
-http://sourceforge.net/projects/cglib/files/cglib3/3.0/cglib-3.0.jar/download,
-CGLIB 3.0 is licensed under the Apache License, version 2.0, the text of which
+https://github.com/cglib/cglib/releases/download/RELEASE_3_3_0/cglib-3.3.0.jar,
+CGLIB 3.3 is licensed under the Apache License, version 2.0, the text of which
is included above.
-=======================================================================
+>>> Objenesis 3.2 (org.objenesis:objenesis:3.2):
-To the extent any open source subcomponents are licensed under the EPL and/or
-other similar licenses that require the source code and/or modifications to
-source code to be made available (as would be noted above), you may obtain a
-copy of the source code corresponding to the binaries for such open source
-components and modifications thereto, if any, (the "Source Files"), by
-downloading the Source Files from http://www.springsource.org/download, or by
-sending a request, with your name and address to:
+Per the LICENSE file in the Objenesis ZIP distribution downloaded from
+http://objenesis.org/download.html, Objenesis 3.2 is licensed under the
+Apache License, version 2.0, the text of which is included above.
- Pivotal, Inc., 875 Howard St,
- San Francisco, CA 94103
- United States of America
+Per the NOTICE file in the Objenesis ZIP distribution downloaded from
+http://objenesis.org/download.html and corresponding to section 4d of the
+Apache License, Version 2.0, in this case for Objenesis:
-or email [email protected]. All such requests should clearly specify:
+Objenesis
+Copyright 2006-2019 Joe Walnes, Henri Tremblay, Leonardo Mesquita
- OPEN SOURCE FILES REQUEST
- Attention General Counsel
-Pivotal shall mail a copy of the Source Files to you on a CD or equivalent
-physical medium. This offer to obtain a copy of the Source Files is valid for
-three years from the date you acquired this Software product.
\ No newline at end of file
+===============================================================================
+
+To the extent any open source components are licensed under the EPL and/or
+other similar licenses that require the source code and/or modifications to
+source code to be made available (as would be noted above), you may obtain a
+copy of the source code corresponding to the binaries for such open source
+components and modifications thereto, if any, (the "Source Files"), by
+downloading the Source Files from https://spring.io/projects, Pivotal's website
+at https://network.pivotal.io/open-source, or by sending a request, with your
+name and address to: Pivotal Software, Inc., 875 Howard Street, 5th floor, San
+Francisco, CA 94103, Attention: General Counsel. All such requests should
+clearly specify: OPEN SOURCE FILES REQUEST, Attention General Counsel. Pivotal
+can mail a copy of the Source Files to you on a CD or equivalent physical
+medium.
+
+This offer to obtain a copy of the Source Files is valid for three years from
+the date you acquired this Software product. Alternatively, the Source Files
+may accompany the Software.
diff --git a/pom.xml b/pom.xml
index 2efa54d5df..e7c4130409 100644
--- a/pom.xml
+++ b/pom.xml
@@ -53,7 +53,7 @@
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<curator.version>4.3.0</curator.version>
<zookeeper.version>3.4.14</zookeeper.version>
- <spring.version>5.3.12</spring.version>
+ <spring.version>5.3.19</spring.version>
<spring.boot.version>2.5.6</spring.boot.version>
<java.version>1.8</java.version>
<logback.version>1.2.11</logback.version>
diff --git a/tools/dependencies/check-LICENSE.sh
b/tools/dependencies/check-LICENSE.sh
index 81f2169b4d..af1feb168b 100755
--- a/tools/dependencies/check-LICENSE.sh
+++ b/tools/dependencies/check-LICENSE.sh
@@ -31,9 +31,12 @@ echo '=== Distributed dependencies: ' && find dist -name
"*.jar" -exec basename
echo '=== Third party dependencies: ' && grep -vf self-modules.txt
all-dependencies.txt | sort | uniq | tee third-party-dependencies.txt
# 1. Compare the third-party dependencies with known dependencies, expect that
all third-party dependencies are KNOWN
-# and the exit code of the command is 0, otherwise we should add its license
to LICENSE file and add the dependency to
-# known-dependencies.txt. 2. Unify the `sort` behaviour: here we'll sort them
again in case that the behaviour of `sort`
-# command in target OS is different from what we used to sort the file
`known-dependencies.txt`, i.e. "sort the two file
+# and the exit code of the command is 0, otherwise we should add its license
to LICENSE file
+# [dolphinscheduler-dist/release-docs/LICENSE] and
[dolphinscheduler-dist/release-docs/licenses/]
+# and add the dependency to known-dependencies.txt.
+#
+# 2. Unify the `sort` behaviour: here we'll sort them again in case that the
behaviour of `sort` command in
+# target OS is different from what we used to sort the file
`known-dependencies.txt`, i.e. "sort the two file
# using the same command (and default arguments)"
diff -w -B -U0 <(sort < tools/dependencies/known-dependencies.txt) <(sort <
third-party-dependencies.txt)
diff --git a/tools/dependencies/known-dependencies.txt
b/tools/dependencies/known-dependencies.txt
index 13e6aa50a5..562e55b20b 100755
--- a/tools/dependencies/known-dependencies.txt
+++ b/tools/dependencies/known-dependencies.txt
@@ -174,7 +174,7 @@ snappy-0.2.jar
snappy-java-1.0.4.1.jar
SparseBitSet-1.2.jar
spring-aop-5.3.12.jar
-spring-beans-5.3.12.jar
+spring-beans-5.3.19.jar
spring-boot-2.5.6.jar
spring-boot-actuator-2.5.6.jar
spring-boot-actuator-autoconfigure-2.5.6.jar
@@ -190,15 +190,15 @@ spring-boot-starter-logging-2.5.6.jar
spring-boot-starter-quartz-2.5.6.jar
spring-boot-starter-web-2.5.6.jar
spring-boot-starter-cache-2.5.6.jar
-spring-context-5.3.12.jar
+spring-context-5.3.19.jar
spring-context-support-5.3.12.jar
-spring-core-5.3.12.jar
+spring-core-5.3.19.jar
spring-expression-5.3.12.jar
spring-jcl-5.3.12.jar
-spring-jdbc-5.3.12.jar
+spring-jdbc-5.3.19.jar
spring-plugin-core-1.2.0.RELEASE.jar
spring-plugin-metadata-1.2.0.RELEASE.jar
-spring-tx-5.3.12.jar
+spring-tx-5.3.19.jar
spring-web-5.3.12.jar
spring-webmvc-5.3.12.jar
springfox-core-2.9.2.jar
