janjwerner-confluent opened a new pull request, #15407:
URL: https://github.com/apache/druid/pull/15407
Fixes # Multiple CVEs in dependencies. .
### Description
Update multiple dependencies to clear CVEs
CVE-2023-46120 in com.rabbitmq:amqp-client
CVE-2023-2976 in Guava
CVE-2023-39410 in Avro
CVE-2022-42003 CVE-2022-42004 in Jackson-databind
CVE-2020-11979 CVE-2020-1945 CVE-2021-36373 CVE-2021-36374 in Ant
CVE-2023-42503 in Commons-compress
CVE-2023-31582 GHSA-jgvc-jfgh-rjvv in
jose4j
CVE-2023-33201 bouncycastle
updated licenses and suppressions.
This PR has:
- [ x] been self-reviewed.
- [ ] using the [concurrency
checklist](https://github.com/apache/druid/blob/master/dev/code-review/concurrency.md)
(Remove this item if the PR doesn't have any relation to concurrency.)
- [ ] added documentation for new or modified features or behaviors.
- [ ] a release note entry in the PR description.
- [ ] added Javadocs for most classes and all non-trivial methods. Linked
related entities via Javadoc links.
- [ x] added or updated version, license, or notice information in
[licenses.yaml](https://github.com/apache/druid/blob/master/dev/license.md)
- [ ] added comments explaining the "why" and the intent of the code
wherever would not be obvious for an unfamiliar reader.
- [ ] added unit tests or modified existing tests to cover new code paths,
ensuring the threshold for [code
coverage](https://github.com/apache/druid/blob/master/dev/code-review/code-coverage.md)
is met.
- [ ] added integration tests.
- [ ] been tested in a test Druid cluster.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
