This is an automated email from the ASF dual-hosted git repository.
abhishek pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/master by this push:
new ddeb55fac11 update few minor dependencies to resolve CVEs (#15464)
ddeb55fac11 is described below
commit ddeb55fac1148489d6b35eca912e6a92035b3342
Author: Jan Werner <[email protected]>
AuthorDate: Sun Dec 3 22:19:51 2023 -0500
update few minor dependencies to resolve CVEs (#15464)
Update multiple dependencies to clear CVEs
Update dropwizard-metrics to 4.2.22 to address GHSA-mm8h-8587-p46h in
com.rabbitmq:amqp-client
Update ant to 1.10.14 to resolve GHSA-f62v-xpxf-3v68 GHSA-4p6w-m9wc-c9c9
GHSA-q5r4-cfpx-h6fh GHSA-5v34-g2px-j4fw
Update comomons-compress to resolve GHSA-cgwf-w82q-5jrr
Update jose4j to 0.9.3 to resolve GHSA-7g24-qg88-p43q GHSA-jgvc-jfgh-rjvv
Update kotlin-stdlib to 1.6.0 to resolve GHSA-cqj8-47ch-rvvq and
CVE-2022-24329
---
licenses.yaml | 6 +++---
pom.xml | 27 +++++++++++++++++++++++++--
2 files changed, 28 insertions(+), 5 deletions(-)
diff --git a/licenses.yaml b/licenses.yaml
index 3ebf7d829a7..b1742f624c4 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -655,7 +655,7 @@ name: Apache Commons Compress
license_category: binary
module: java-core
license_name: Apache License version 2.0
-version: 1.23.0
+version: 1.24.0
libraries:
- org.apache.commons: commons-compress
notices:
@@ -791,7 +791,7 @@ name: DropWizard Metrics Core
license_category: binary
module: java-core
license_name: Apache License version 2.0
-version: 4.2.19
+version: 4.2.22
libraries:
- io.dropwizard.metrics: metrics-core
@@ -1001,7 +1001,7 @@ name: org.bitbucket.b_c jose4j
license_category: binary
module: extensions/druid-kubernetes-extensions
license_name: Apache License version 2.0
-version: 0.7.3
+version: 0.9.3
libraries:
- org.bitbucket.b_c: jose4j
diff --git a/pom.xml b/pom.xml
index b70045188f5..468a830d2dc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -91,7 +91,7 @@
<datasketches.version>4.2.0</datasketches.version>
<datasketches.memory.version>2.2.0</datasketches.memory.version>
<derby.version>10.14.2.0</derby.version>
- <dropwizard.metrics.version>4.2.19</dropwizard.metrics.version>
+ <dropwizard.metrics.version>4.2.22</dropwizard.metrics.version>
<errorprone.version>2.20.0</errorprone.version>
<fastutil.version>8.5.4</fastutil.version>
<guava.version>31.1-jre</guava.version>
@@ -389,6 +389,29 @@
<artifactId>bcutil-jdk15on</artifactId>
<version>1.70</version>
</dependency>
+ <!-- transitive dependency of testng
+ this would be resolved by updating
+ testng to 7.8.0 -->
+ <dependency>
+ <groupId>org.apache.ant</groupId>
+ <artifactId>ant</artifactId>
+ <version>1.10.14</version>
+ </dependency>
+ <!-- transitive dependency of kafka-clients and kubernetes client
+ this should get resolved with the update of above depdendencies -->
+ <dependency>
+ <groupId>org.bitbucket.b_c</groupId>
+ <artifactId>jose4j</artifactId>
+ <version>0.9.3</version>
+ </dependency>
+ <!-- transitive dependency of
kafka-clientorg.apache.calcite:calcite-testkit
+ and kafka-protobuf-provider
+ this should get resolved with the update of above depdendencies -->
+ <dependency>
+ <groupId>org.jetbrains.kotlin</groupId>
+ <artifactId>kotlin-stdlib</artifactId>
+ <version>1.6.10</version>
+ </dependency>
<dependency>
<groupId>org.apache.zookeeper</groupId>
<artifactId>zookeeper</artifactId>
@@ -551,7 +574,7 @@
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId>
- <version>1.23.0</version>
+ <version>1.24.0</version>
</dependency>
<dependency>
<groupId>org.tukaani</groupId>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
