[incubator-linkis] branch dev-1.0.3 updated: upgrade component(guava/netty/xstream/druid) versions with security vulnerabilities

Tue, 21 Dec 2021 04:56:39 -0800 

This is an automated email from the ASF dual-hosted git repository.

peacewong pushed a commit to branch dev-1.0.3
in repository https://gitbox.apache.org/repos/asf/incubator-linkis.git


The following commit(s) were added to refs/heads/dev-1.0.3 by this push:
     new fa5640b  upgrade component(guava/netty/xstream/druid) versions with 
security vulnerabilities
     new cf7d994  Merge pull request #1226 from casionone/upgrade
fa5640b is described below

commit fa5640b73e2cbac5dfd76a39b9329a5f6afb422b
Author: casionone <[email protected]>
AuthorDate: Tue Dec 21 19:59:46 2021 +0800

    upgrade component(guava/netty/xstream/druid) versions with security 
vulnerabilities
---
 .../linkis-datasource/linkis-metadata/pom.xml               |  2 +-
 pom.xml                                                     | 13 +++++++------
 scalastyle-config.xml                                       | 13 +++++++------
 3 files changed, 15 insertions(+), 13 deletions(-)

diff --git 
a/linkis-public-enhancements/linkis-datasource/linkis-metadata/pom.xml 
b/linkis-public-enhancements/linkis-datasource/linkis-metadata/pom.xml
index 70f8bd3..1aceaf6 100644
--- a/linkis-public-enhancements/linkis-datasource/linkis-metadata/pom.xml
+++ b/linkis-public-enhancements/linkis-datasource/linkis-metadata/pom.xml
@@ -120,7 +120,7 @@
         <dependency>
             <groupId>com.alibaba</groupId>
             <artifactId>druid</artifactId>
-            <version>0.2.9</version>
+            <version>${druid.version}</version>
         </dependency>
 
         <dependency>
diff --git a/pom.xml b/pom.xml
index 270e3de..6bb1ec0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -106,25 +106,25 @@
         <spring.feign.version>2.2.1.RELEASE</spring.feign.version>
         <spring.boot.version>2.3.2.RELEASE</spring.boot.version>
         <spring.cloud.version>2.2.1.RELEASE</spring.cloud.version>
-        <guava.version>25.1-jre</guava.version>
+        <guava.version>30.0-jre</guava.version>
         <gson.version>2.8.5</gson.version>
         <fasterxml.jackson.version>2.11.3</fasterxml.jackson.version>
         <scala.version>2.11.12</scala.version>
         <jdk.compile.version>1.8</jdk.compile.version>
         <plugin.scala.version>2.15.2</plugin.scala.version>
         <scala.binary.version>2.11</scala.binary.version>
-        <netty.version>4.1.44.Final</netty.version>
+        <netty.version>4.1.60.Final</netty.version>
         <json4s.version>3.5.3</json4s.version>
         <jersey.version>2.16</jersey.version>
         <jersey.servlet.version>2.23.1</jersey.servlet.version>
         <jetty.version>9.4.20.v20190813</jetty.version>
-        <httpclient.version>4.5.4</httpclient.version>
+        <httpclient.version>4.5.13</httpclient.version>
         <httpmime.version>4.5.4</httpmime.version>
         <slf4j.version>1.7.30</slf4j.version>
         <maven.version>3.3.3</maven.version>
-        <xstream.core.version>1.4.15</xstream.core.version>
-        <spring.version>5.2.12.RELEASE</spring.version>
-        
<spring.security.cryto.version>5.3.6.RELEASE</spring.security.cryto.version>
+        <xstream.core.version>1.4.18</xstream.core.version>
+        <spring.version>5.2.15.RELEASE</spring.version>
+        <spring.security.cryto.version>5.4.4</spring.security.cryto.version>
         <reflections.version>0.9.10</reflections.version>
         
<mybatis-plus.boot.starter.version>3.4.1</mybatis-plus.boot.starter.version>
         <mysql.connector.version>5.1.49</mysql.connector.version>
@@ -133,6 +133,7 @@
         <commons-collections.version>3.2.2</commons-collections.version>
         <commons-lang.version>2.6</commons-lang.version>
         <commons-io.version>2.4</commons-io.version>
+        <druid.version>1.1.22</druid.version>
         <apache-rat-plugin.version>0.13</apache-rat-plugin.version>
         <assembly.package.rootpath>${basedir}</assembly.package.rootpath>
         <maven.compiler.source>1.8</maven.compiler.source>
diff --git a/scalastyle-config.xml b/scalastyle-config.xml
index 68df985..2261f0c 100644
--- a/scalastyle-config.xml
+++ b/scalastyle-config.xml
@@ -27,13 +27,14 @@ This file is divided into 3 sections:
     <check level="error" class="org.scalastyle.file.HeaderMatchesChecker" 
enabled="true">
         <parameters>
             <parameter name="header"><![CDATA[/*
- * Copyright 2019 WeBank
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
  *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
+ *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to