[geode] branch support/1.15 updated: GEODE-10415: bump dependencies due to vulnerability scan (#7855)

mkevo Thu, 15 Sep 2022 03:51:30 -0700

This is an automated email from the ASF dual-hosted git repository.

mkevo pushed a commit to branch support/1.15
in repository https://gitbox.apache.org/repos/asf/geode.git



The following commit(s) were added to refs/heads/support/1.15 by this push:
     new 5364cce7cd GEODE-10415: bump dependencies due to vulnerability scan 
(#7855)
5364cce7cd is described below

commit 5364cce7cdda81d38f8b8275e083d6a870642d51
Author: Mario Kevo <48509719+mk...@users.noreply.github.com>
AuthorDate: Wed Sep 14 20:49:46 2022 +0200

    GEODE-10415: bump dependencies due to vulnerability scan (#7855)
---
 .../gradle/plugins/DependencyConstraints.groovy    |  4 +-
 .../session/tests/GenericAppServerInstall.java     |  2 +-
 .../integrationTest/resources/assembly_content.txt | 43 ++++++++++-----------
 .../resources/gfsh_dependency_classpath.txt        | 44 +++++++++++-----------
 .../resources/dependency_classpath.txt             | 36 +++++++++---------
 5 files changed, 65 insertions(+), 64 deletions(-)

diff --git 
a/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
 
b/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
index f8fb6e3aae..89ef3f64ef 100644
--- 
a/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
+++ 
b/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
@@ -41,7 +41,7 @@ class DependencyConstraints {
     deps.put("jgroups.version", "3.6.14.Final")
     deps.put("log4j.version", "2.17.2")
     deps.put("micrometer.version", "1.9.0")
-    deps.put("shiro.version", "1.9.0")
+    deps.put("shiro.version", "1.9.1")
     deps.put("slf4j-api.version", "1.7.32")
     deps.put("jboss-modules.version", "1.11.0.Final")
     deps.put("jackson.version", "2.13.2")
@@ -61,7 +61,7 @@ class DependencyConstraints {
 
     // The jetty version is also hard-coded in geode-assembly:test
     // at o.a.g.sessions.tests.GenericAppServerInstall.java
-    deps.put("jetty.version", "9.4.46.v20220331")
+    deps.put("jetty.version", "9.4.47.v20220610")
 
     // These versions are referenced in test.gradle, which is aggressively 
injected into all projects.
     deps.put("junit.version", "4.13.2")
diff --git 
a/geode-assembly/src/distributedTest/java/org/apache/geode/session/tests/GenericAppServerInstall.java
 
b/geode-assembly/src/distributedTest/java/org/apache/geode/session/tests/GenericAppServerInstall.java
index 42bd6e7eec..88d0e5c77b 100644
--- 
a/geode-assembly/src/distributedTest/java/org/apache/geode/session/tests/GenericAppServerInstall.java
+++ 
b/geode-assembly/src/distributedTest/java/org/apache/geode/session/tests/GenericAppServerInstall.java
@@ -34,7 +34,7 @@ import java.util.function.IntSupplier;
  * specific code outside of the {@link GenericAppServerVersion}.
  */
 public class GenericAppServerInstall extends ContainerInstall {
-  private static final String JETTY_VERSION = "9.4.46.v20220331";
+  private static final String JETTY_VERSION = "9.4.47.v20220610";
 
   /**
    * Get the version number, download URL, and container name of a generic app 
server using
diff --git a/geode-assembly/src/integrationTest/resources/assembly_content.txt 
b/geode-assembly/src/integrationTest/resources/assembly_content.txt
index 2b41f9c8cb..da0614aa45 100644
--- a/geode-assembly/src/integrationTest/resources/assembly_content.txt
+++ b/geode-assembly/src/integrationTest/resources/assembly_content.txt
@@ -1007,6 +1007,8 @@ lib/istack-commons-runtime-4.0.1.jar
 lib/jackson-annotations-2.13.2.jar
 lib/jackson-core-2.13.2.jar
 lib/jackson-databind-2.13.2.2.jar
+lib/jackson-datatype-joda-2.13.2.jar
+lib/jackson-datatype-jsr310-2.13.2.jar
 lib/javax.activation-api-1.2.0.jar
 lib/javax.mail-api-1.6.2.jar
 lib/javax.resource-api-1.7.1.jar
@@ -1014,19 +1016,20 @@ lib/javax.servlet-api-3.1.0.jar
 lib/javax.transaction-api-1.3.jar
 lib/jaxb-api-2.3.1.jar
 lib/jaxb-impl-2.3.2.jar
-lib/jetty-http-9.4.46.v20220331.jar
-lib/jetty-io-9.4.46.v20220331.jar
-lib/jetty-security-9.4.46.v20220331.jar
-lib/jetty-server-9.4.46.v20220331.jar
-lib/jetty-servlet-9.4.46.v20220331.jar
-lib/jetty-util-9.4.46.v20220331.jar
-lib/jetty-util-ajax-9.4.46.v20220331.jar
-lib/jetty-webapp-9.4.46.v20220331.jar
-lib/jetty-xml-9.4.46.v20220331.jar
+lib/jetty-http-9.4.47.v20220610.jar
+lib/jetty-io-9.4.47.v20220610.jar
+lib/jetty-security-9.4.47.v20220610.jar
+lib/jetty-server-9.4.47.v20220610.jar
+lib/jetty-servlet-9.4.47.v20220610.jar
+lib/jetty-util-9.4.47.v20220610.jar
+lib/jetty-util-ajax-9.4.47.v20220610.jar
+lib/jetty-webapp-9.4.47.v20220610.jar
+lib/jetty-xml-9.4.47.v20220610.jar
 lib/jgroups-3.6.14.Final.jar
 lib/jline-2.12.jar
 lib/jna-5.11.0.jar
 lib/jna-platform-5.11.0.jar
+lib/joda-time-2.10.14.jar
 lib/jopt-simple-5.0.4.jar
 lib/log4j-api-2.17.2.jar
 lib/log4j-core-2.17.2.jar
@@ -1044,16 +1047,17 @@ lib/mx4j-remote-3.0.2.jar
 lib/mx4j-tools-3.0.1.jar
 lib/ra.jar
 lib/rmiio-2.1.2.jar
-lib/shiro-cache-1.9.0.jar
-lib/shiro-config-core-1.9.0.jar
-lib/shiro-config-ogdl-1.9.0.jar
-lib/shiro-core-1.9.0.jar
-lib/shiro-crypto-cipher-1.9.0.jar
-lib/shiro-crypto-core-1.9.0.jar
-lib/shiro-crypto-hash-1.9.0.jar
-lib/shiro-event-1.9.0.jar
-lib/shiro-lang-1.9.0.jar
+lib/shiro-cache-1.9.1.jar
+lib/shiro-config-core-1.9.1.jar
+lib/shiro-config-ogdl-1.9.1.jar
+lib/shiro-core-1.9.1.jar
+lib/shiro-crypto-cipher-1.9.1.jar
+lib/shiro-crypto-core-1.9.1.jar
+lib/shiro-crypto-hash-1.9.1.jar
+lib/shiro-event-1.9.1.jar
+lib/shiro-lang-1.9.1.jar
 lib/slf4j-api-1.7.32.jar
+lib/slf4j-api-1.7.36.jar
 lib/snappy-0.4.jar
 lib/spring-beans-5.3.20.jar
 lib/spring-context-5.3.20.jar
@@ -1070,6 +1074,3 @@ tools/Modules/Apache_Geode_Modules-0.0.0-Tomcat.zip
 tools/Modules/Apache_Geode_Modules-0.0.0-tcServer.zip
 tools/Modules/Apache_Geode_Modules-0.0.0-tcServer30.zip
 tools/Pulse/geode-pulse-0.0.0.war
-lib/jackson-datatype-joda-2.13.2.jar
-lib/jackson-datatype-jsr310-2.13.2.jar
-lib/joda-time-2.10.14.jar
diff --git 
a/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt 
b/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt
index 8105a12f20..65638250bf 100644
--- a/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt
+++ b/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt
@@ -21,8 +21,10 @@ spring-shell-1.2.0.RELEASE.jar
 spring-web-5.3.20.jar
 commons-lang3-3.12.0.jar
 rmiio-2.1.2.jar
+jackson-datatype-joda-2.13.2.jar
 jackson-annotations-2.13.2.jar
 jackson-core-2.13.2.jar
+jackson-datatype-jsr310-2.13.2.jar
 jackson-databind-2.13.2.2.jar
 swagger-annotations-2.2.0.jar
 jopt-simple-5.0.4.jar
@@ -45,8 +47,8 @@ antlr-2.7.7.jar
 istack-commons-runtime-4.0.1.jar
 jaxb-impl-2.3.2.jar
 commons-validator-1.7.jar
-shiro-core-1.9.0.jar
-shiro-config-ogdl-1.9.0.jar
+shiro-core-1.9.1.jar
+shiro-config-ogdl-1.9.1.jar
 commons-beanutils-1.9.4.jar
 commons-codec-1.15.jar
 commons-collections-3.2.2.jar
@@ -57,23 +59,24 @@ classgraph-4.8.146.jar
 micrometer-core-1.9.0.jar
 fastutil-8.5.8.jar
 javax.resource-api-1.7.1.jar
-jetty-webapp-9.4.46.v20220331.jar
-jetty-servlet-9.4.46.v20220331.jar
-jetty-security-9.4.46.v20220331.jar
-jetty-server-9.4.46.v20220331.jar
+jetty-webapp-9.4.47.v20220610.jar
+jetty-servlet-9.4.47.v20220610.jar
+jetty-security-9.4.47.v20220610.jar
+jetty-server-9.4.47.v20220610.jar
 javax.servlet-api-3.1.0.jar
+joda-time-2.10.14.jar
 jna-platform-5.11.0.jar
 jna-5.11.0.jar
 snappy-0.4.jar
 jgroups-3.6.14.Final.jar
-shiro-cache-1.9.0.jar
-shiro-crypto-hash-1.9.0.jar
-shiro-crypto-cipher-1.9.0.jar
-shiro-config-core-1.9.0.jar
-shiro-event-1.9.0.jar
-shiro-crypto-core-1.9.0.jar
-shiro-lang-1.9.0.jar
-slf4j-api-1.7.32.jar
+shiro-cache-1.9.1.jar
+shiro-crypto-hash-1.9.1.jar
+shiro-crypto-cipher-1.9.1.jar
+shiro-config-core-1.9.1.jar
+shiro-event-1.9.1.jar
+shiro-crypto-core-1.9.1.jar
+shiro-lang-1.9.1.jar
+slf4j-api-1.7.36.jar
 spring-beans-5.3.20.jar
 javax.activation-api-1.2.0.jar
 jline-2.12.jar
@@ -82,11 +85,8 @@ spring-jcl-5.3.20.jar
 HdrHistogram-2.1.12.jar
 LatencyUtils-2.0.3.jar
 javax.transaction-api-1.3.jar
-jetty-xml-9.4.46.v20220331.jar
-jetty-http-9.4.46.v20220331.jar
-jetty-io-9.4.46.v20220331.jar
-jetty-util-ajax-9.4.46.v20220331.jar
-jetty-util-9.4.46.v20220331.jar
-jackson-datatype-joda-2.13.2.jar
-jackson-datatype-jsr310-2.13.2.jar
-joda-time-2.10.14.jar
\ No newline at end of file
+jetty-xml-9.4.47.v20220610.jar
+jetty-http-9.4.47.v20220610.jar
+jetty-io-9.4.47.v20220610.jar
+jetty-util-ajax-9.4.47.v20220610.jar
+jetty-util-9.4.47.v20220610.jar
diff --git 
a/geode-server-all/src/integrationTest/resources/dependency_classpath.txt 
b/geode-server-all/src/integrationTest/resources/dependency_classpath.txt
index 6af61dfa67..c33e6edbf0 100644
--- a/geode-server-all/src/integrationTest/resources/dependency_classpath.txt
+++ b/geode-server-all/src/integrationTest/resources/dependency_classpath.txt
@@ -1,8 +1,8 @@
 spring-web-5.3.20.jar
-shiro-event-1.9.0.jar
-shiro-crypto-hash-1.9.0.jar
-shiro-crypto-cipher-1.9.0.jar
-shiro-config-core-1.9.0.jar
+shiro-event-1.9.1.jar
+shiro-crypto-hash-1.9.1.jar
+shiro-crypto-cipher-1.9.1.jar
+shiro-config-core-1.9.1.jar
 commons-digester-2.1.jar
 commons-validator-1.7.jar
 spring-jcl-5.3.20.jar
@@ -16,18 +16,18 @@ javax.activation-api-1.2.0.jar
 javax.resource-api-1.7.1.jar
 LatencyUtils-2.0.3.jar
 jline-2.12.jar
-jetty-servlet-9.4.46.v20220331.jar
+jetty-servlet-9.4.47.v20220610.jar
 spring-core-5.3.20.jar
-jetty-util-ajax-9.4.46.v20220331.jar
+jetty-util-ajax-9.4.47.v20220610.jar
 geode-cq-0.0.0.jar
 geode-old-client-support-0.0.0.jar
 javax.servlet-api-3.1.0.jar
 jgroups-3.6.14.Final.jar
-shiro-cache-1.9.0.jar
+shiro-cache-1.9.1.jar
 httpcore-4.4.15.jar
 spring-beans-5.3.20.jar
 lucene-queries-6.6.6.jar
-shiro-core-1.9.0.jar
+shiro-core-1.9.1.jar
 HikariCP-4.0.3.jar
 slf4j-api-1.7.32.jar
 geode-http-service-0.0.0.jar
@@ -38,18 +38,18 @@ geode-lucene-0.0.0.jar
 lucene-core-6.6.6.jar
 fastutil-8.5.8.jar
 geode-gfsh-0.0.0.jar
-jetty-http-9.4.46.v20220331.jar
+jetty-http-9.4.47.v20220610.jar
 geode-memcached-0.0.0.jar
 rmiio-2.1.2.jar
 geode-tcp-server-0.0.0.jar
 log4j-jcl-2.17.2.jar
 geode-connectors-0.0.0.jar
 jackson-core-2.13.2.jar
-jetty-util-9.4.46.v20220331.jar
+jetty-util-9.4.47.v20220610.jar
 log4j-slf4j-impl-2.17.2.jar
 lucene-analyzers-common-6.6.6.jar
 geode-membership-0.0.0.jar
-jetty-webapp-9.4.46.v20220331.jar
+jetty-webapp-9.4.47.v20220610.jar
 commons-lang3-3.12.0.jar
 jopt-simple-5.0.4.jar
 swagger-annotations-2.2.0.jar
@@ -59,11 +59,11 @@ log4j-api-2.17.2.jar
 geode-serialization-0.0.0.jar
 istack-commons-runtime-4.0.1.jar
 lucene-queryparser-6.6.6.jar
-jetty-io-9.4.46.v20220331.jar
+jetty-io-9.4.47.v20220610.jar
 geode-deployment-legacy-0.0.0.jar
 commons-beanutils-1.9.4.jar
 log4j-core-2.17.2.jar
-shiro-crypto-core-1.9.0.jar
+shiro-crypto-core-1.9.1.jar
 jaxb-api-2.3.1.jar
 geode-unsafe-0.0.0.jar
 spring-shell-1.2.0.RELEASE.jar
@@ -73,20 +73,20 @@ log4j-jul-2.17.2.jar
 HdrHistogram-2.1.12.jar
 jackson-annotations-2.13.2.jar
 micrometer-core-1.9.0.jar
-shiro-config-ogdl-1.9.0.jar
+shiro-config-ogdl-1.9.1.jar
 geode-log4j-0.0.0.jar
 lucene-analyzers-phonetic-6.6.6.jar
 spring-context-5.3.20.jar
-jetty-security-9.4.46.v20220331.jar
+jetty-security-9.4.47.v20220610.jar
 geode-logging-0.0.0.jar
 commons-io-2.11.0.jar
-shiro-lang-1.9.0.jar
+shiro-lang-1.9.1.jar
 javax.transaction-api-1.3.jar
 geode-common-0.0.0.jar
 antlr-2.7.7.jar
-jetty-xml-9.4.46.v20220331.jar
+jetty-xml-9.4.47.v20220610.jar
 geode-rebalancer-0.0.0.jar
-jetty-server-9.4.46.v20220331.jar
+jetty-server-9.4.47.v20220610.jar
 jackson-datatype-jsr310-2.13.2.jar
 jackson-datatype-joda-2.13.2.jar
 joda-time-2.10.14.jar
\ No newline at end of file

[geode] branch support/1.15 updated: GEODE-10415: bump dependencies due to vulnerability scan (#7855)

Reply via email to