This is an automated email from the ASF dual-hosted git repository.
jackxu2011 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-linkis.git
The following commit(s) were added to refs/heads/master by this push:
new 61a85c47b issue-3640: upgrade to 2.13.4.20221013 due to CVE fixes
(#3641)
61a85c47b is described below
commit 61a85c47b000286d4fa9a45beda9cdd685f93b84
Author: PJ Fanning <[email protected]>
AuthorDate: Tue Oct 18 09:07:09 2022 +0100
issue-3640: upgrade to 2.13.4.20221013 due to CVE fixes (#3641)
* issue-3640: upgrade to 2.13.4.20221012 due to CVE fixes
* put back jackson 1.9.2 refs
* use 2.13.4.20221013 due to a bug in gradle module of 2.13.4.20221012
* Update known-dependencies.txt
---
linkis-dist/release-docs/LICENSE | 31 +++++++++++++++++--------------
pom.xml | 2 +-
tool/dependencies/known-dependencies.txt | 28 ++++++++++++++--------------
3 files changed, 32 insertions(+), 29 deletions(-)
diff --git a/linkis-dist/release-docs/LICENSE b/linkis-dist/release-docs/LICENSE
index 834a97327..fff8c559b 100644
--- a/linkis-dist/release-docs/LICENSE
+++ b/linkis-dist/release-docs/LICENSE
@@ -241,7 +241,9 @@ See licenses/ for text of these licenses.
(Apache License, Version 2.0) rest
(org.elasticsearch.client:elasticsearch-rest-client:7.6.2 -
https://github.com/elastic/elasticsearch)
(Apache License, Version 2.0) sniffer
(org.elasticsearch.client:elasticsearch-rest-client-sniffer:7.6.2 -
https://github.com/elastic/elasticsearch)
(Apache License, Version 2.0) (GNU Lesser General Public License (LGPL),
Version 2.1) JAX-RS provider for JSON content type
(org.codehaus.jackson:jackson-jaxrs:1.9.13 - http://jackson.codehaus.org)
+ (Apache License, Version 2.0) (GNU Lesser General Public License (LGPL),
Version 2.1) JAX-RS provider for JSON content type
(org.codehaus.jackson:jackson-jaxrs:1.9.2 - http://jackson.codehaus.org)
(Apache License, Version 2.0) (GNU Lesser General Public License (LGPL),
Version 2.1) Xml Compatibility extensions for Jackson
(org.codehaus.jackson:jackson-xc:1.9.13 - http://jackson.codehaus.org)
+ (Apache License, Version 2.0) (GNU Lesser General Public License (LGPL),
Version 2.1) Xml Compatibility extensions for Jackson
(org.codehaus.jackson:jackson-xc:1.9.2 - http://jackson.codehaus.org)
(Apache License, Version 2.0) (GNU Library or Lesser General Public
License (LGPL) V2.1) JSQLParser library (com.github.jsqlparser:jsqlparser:1.0 -
https://github.com/JSQLParser/JSqlParser)
(Apache License, Version 2.0) (LGPL 2.1) (MPL 1.1) Javassist
(org.javassist:javassist:3.19.0-GA - http://www.javassist.org/)
(Apache License, Version 2.0) (The SAX License) (The W3C License) XML
Commons External Components XML APIs (xml-apis:xml-apis:1.4.01 -
http://xml.apache.org/commons/components/external/)
@@ -311,6 +313,7 @@ See licenses/ for text of these licenses.
(Apache License, Version 2.0) Curator Framework
(org.apache.curator:curator-framework:2.6.0 -
http://curator.apache.org/curator-framework)
(Apache License, Version 2.0) Curator Recipes
(org.apache.curator:curator-recipes:2.6.0 -
http://curator.apache.org/curator-recipes)
(Apache License, Version 2.0) Data Mapper for Jackson
(org.codehaus.jackson:jackson-mapper-asl:1.9.13 - http://jackson.codehaus.org)
+ (Apache License, Version 2.0) Data Mapper for Jackson
(org.codehaus.jackson:jackson-mapper-asl:1.9.2 - http://jackson.codehaus.org)
(Apache License, Version 2.0) DataNucleus Core
(org.datanucleus:datanucleus-core:3.2.10 - http://www.datanucleus.org)
(Apache License, Version 2.0) Digester
(commons-digester:commons-digester:1.8 -
http://jakarta.apache.org/commons/digester/)
(Apache License, Version 2.0) Evictor (com.stoyanr:evictor:1.0.0 -
https://github.com/stoyanr/Evictor)
@@ -340,19 +343,19 @@ See licenses/ for text of these licenses.
(Apache License, Version 2.0) JMES Path Query library
(com.amazonaws:jmespath-java:1.11.277 - https://aws.amazon.com/sdkforjava)
(Apache License, Version 2.0) JVM Integration for Metrics
(io.dropwizard.metrics:metrics-jvm:3.1.0 -
http://metrics.codahale.com/metrics-jvm/)
(Apache License, Version 2.0) Jackson
(org.codehaus.jackson:jackson-core-asl:1.9.13 - http://jackson.codehaus.org)
+ (Apache License, Version 2.0) Jackson
(org.codehaus.jackson:jackson-core-asl:1.9.2 - http://jackson.codehaus.org)
(Apache License, Version 2.0) Jackson Integration for Metrics
(io.dropwizard.metrics:metrics-json:3.1.0 -
http://metrics.codahale.com/metrics-json/)
- (Apache License, Version 2.0) Jackson datatype: JSR310
(com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.10.0 -
https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310)
- (Apache License, Version 2.0) Jackson datatype: jdk8
(com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.10.1 -
https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jdk8)
- (Apache License, Version 2.0) Jackson module: JAXB Annotations
(com.fasterxml.jackson.module:jackson-module-jaxb-annotations:2.10.1 -
https://github.com/FasterXML/jackson-modules-base)
- (Apache License, Version 2.0) Jackson module: Paranamer
(com.fasterxml.jackson.module:jackson-module-paranamer:2.11.3 -
https://github.com/FasterXML/jackson-modules-base)
- (Apache License, Version 2.0) Jackson-annotations
(com.fasterxml.jackson.core:jackson-annotations:2.10.0 -
http://github.com/FasterXML/jackson)
- (Apache License, Version 2.0) Jackson-dataformat-CBOR
(com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.6.7 -
http://wiki.fasterxml.com/JacksonForCbor)
- (Apache License, Version 2.0) Jackson dataformat: CBOR
(com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.13.2 -
http://github.com/FasterXML/jackson-dataformats-binary)
- (Apache License, Version 2.0) Jackson-dataformat-CSV
(com.fasterxml.jackson.dataformat:jackson-dataformat-csv:2.13.2 -
https://github.com/FasterXML/jackson-dataformats-text)
- (Apache License, Version 2.0) Jackson dataformat: Smile
(com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.13.2 -
http://github.com/FasterXML/jackson-dataformats-binary)
- (Apache License, Version 2.0) Jackson-dataformat-YAML
(com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.2 -
https://github.com/FasterXML/jackson-dataformats-text)
- (Apache License, Version 2.0) Jackson-dataformat-XML
(com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.10.1 -
https://github.com/FasterXML/jackson-dataformat-xml)
- (Apache License, Version 2.0) Jackson-module-parameter-names
(com.fasterxml.jackson.module:jackson-module-parameter-names:2.10.1 -
https://github.com/FasterXML/jackson-modules-java8/jackson-module-parameter-names)
+ (Apache License, Version 2.0) Jackson datatype: JSR310
(com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.13.4 -
https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310)
+ (Apache License, Version 2.0) Jackson datatype: jdk8
(com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.13.4 -
https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jdk8)
+ (Apache License, Version 2.0) Jackson module: JAXB Annotations
(com.fasterxml.jackson.module:jackson-module-jaxb-annotations:2.13.4 -
https://github.com/FasterXML/jackson-modules-base)
+ (Apache License, Version 2.0) Jackson module: Paranamer
(com.fasterxml.jackson.module:jackson-module-paranamer:2.13.4 -
https://github.com/FasterXML/jackson-modules-base)
+ (Apache License, Version 2.0) Jackson-annotations
(com.fasterxml.jackson.core:jackson-annotations:2.13.4 -
http://github.com/FasterXML/jackson)
+ (Apache License, Version 2.0) Jackson dataformat: CBOR
(com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.13.4 -
http://github.com/FasterXML/jackson-dataformats-binary)
+ (Apache License, Version 2.0) Jackson-dataformat-CSV
(com.fasterxml.jackson.dataformat:jackson-dataformat-csv:2.13.4 -
https://github.com/FasterXML/jackson-dataformats-text)
+ (Apache License, Version 2.0) Jackson dataformat: Smile
(com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.13.4 -
http://github.com/FasterXML/jackson-dataformats-binary)
+ (Apache License, Version 2.0) Jackson-dataformat-YAML
(com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.4 -
https://github.com/FasterXML/jackson-dataformats-text)
+ (Apache License, Version 2.0) Jackson-dataformat-XML
(com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.13.4 -
https://github.com/FasterXML/jackson-dataformat-xml)
+ (Apache License, Version 2.0) Jackson-module-parameter-names
(com.fasterxml.jackson.module:jackson-module-parameter-names:2.13.4 -
https://github.com/FasterXML/jackson-modules-java8/jackson-module-parameter-names)
(Apache License, Version 2.0) Jettison
(org.codehaus.jettison:jettison:1.3.7 - http://codehaus.org/jettison/)
(Apache License, Version 2.0) Joda-Time (joda-time:joda-time:2.3 -
http://www.joda.org/joda-time/)
(Apache License, Version 2.0) Netty/All-in-One
(io.netty:netty-all:4.0.23.Final - http://netty.io/netty-all/)
@@ -439,8 +442,8 @@ See licenses/ for text of these licenses.
(Apache License, Version 2.0) hadoop-yarn-server-common
(org.apache.hadoop:hadoop-yarn-server-common:2.6.5 - https://hadoop.apache.org/)
(Apache License, Version 2.0) htrace-core
(org.apache.htrace:htrace-core:3.1.0-incubating -
http://incubator.apache.org/projects/htrace.html)
(Apache License, Version 2.0) hystrix-core
(com.netflix.hystrix:hystrix-core:1.4.3 - https://github.com/Netflix/Hystrix)
- (Apache License, Version 2.0) jackson-databind
(com.fasterxml.jackson.core:jackson-databind:2.10.0 -
http://github.com/FasterXML/jackson)
- (Apache License, Version 2.0) jackson-module-scala
(com.fasterxml.jackson.module:jackson-module-scala_2.11:2.11.3 -
http://wiki.fasterxml.com/JacksonModuleScala)
+ (Apache License, Version 2.0) jackson-databind
(com.fasterxml.jackson.core:jackson-databind:2.13.4.1 -
http://github.com/FasterXML/jackson)
+ (Apache License, Version 2.0) jackson-module-scala
(com.fasterxml.jackson.module:jackson-module-scala_2.11:2.13.4 -
http://wiki.fasterxml.com/JacksonModuleScala)
(Apache License, Version 2.0) javax.inject (javax.inject:javax.inject:1 -
http://code.google.com/p/atinject/)
(Apache License, Version 2.0) json4s-ast (org.json4s:json4s-ast_2.11:3.5.3
- https://github.com/json4s/json4s)
(Apache License, Version 2.0) json4s-core
(org.json4s:json4s-core_2.11:3.5.3 - https://github.com/json4s/json4s)
diff --git a/pom.xml b/pom.xml
index 1e4348a2f..43d2c1b07 100644
--- a/pom.xml
+++ b/pom.xml
@@ -118,7 +118,7 @@
<guava.version>30.0-jre</guava.version>
<netty.version>4.1.78.Final</netty.version>
<gson.version>2.8.9</gson.version>
- <jackson-bom.version>2.13.2.1</jackson-bom.version>
+ <jackson-bom.version>2.13.4.20221013</jackson-bom.version>
<!-- spark2.4 use 3.5.3, spark3.2 use 3.7.0-M11 -->
<json4s.version>3.5.3</json4s.version>
<jersey.version>1.19.4</jersey.version>
diff --git a/tool/dependencies/known-dependencies.txt
b/tool/dependencies/known-dependencies.txt
index 2fe0aa1c4..a2bc8dd1c 100644
--- a/tool/dependencies/known-dependencies.txt
+++ b/tool/dependencies/known-dependencies.txt
@@ -213,26 +213,26 @@ hystrix-core-1.5.18.jar
istack-commons-runtime-3.0.12.jar
ivy-2.4.0.jar
j2objc-annotations-1.3.jar
-jackson-annotations-2.13.2.jar
-jackson-core-2.13.2.jar
+jackson-annotations-2.13.4.jar
+jackson-core-2.13.4.jar
jackson-core-asl-1.9.13.jar
jackson-core-asl-1.9.2.jar
-jackson-databind-2.13.2.1.jar
-jackson-dataformat-cbor-2.13.2.jar
-jackson-dataformat-csv-2.13.2.jar
-jackson-dataformat-smile-2.13.2.jar
-jackson-dataformat-xml-2.13.2.jar
-jackson-dataformat-yaml-2.13.2.jar
-jackson-datatype-guava-2.13.2.jar
-jackson-datatype-jdk8-2.13.2.jar
-jackson-datatype-joda-2.13.2.jar
-jackson-datatype-jsr310-2.13.2.jar
+jackson-databind-2.13.4.2.jar
+jackson-dataformat-cbor-2.13.4.jar
+jackson-dataformat-csv-2.13.4.jar
+jackson-dataformat-smile-2.13.4.jar
+jackson-dataformat-xml-2.13.4.jar
+jackson-dataformat-yaml-2.13.4.jar
+jackson-datatype-guava-2.13.4.jar
+jackson-datatype-jdk8-2.13.4.jar
+jackson-datatype-joda-2.13.4.jar
+jackson-datatype-jsr310-2.13.4.jar
jackson-jaxrs-1.9.13.jar
jackson-jaxrs-1.9.2.jar
jackson-mapper-asl-1.9.13.jar
jackson-mapper-asl-1.9.2.jar
-jackson-module-parameter-names-2.13.2.jar
-jackson-module-scala_2.11-2.13.2.jar
+jackson-module-parameter-names-2.13.4.jar
+jackson-module-scala_2.11-2.13.4.jar
jackson-xc-1.9.13.jar
jackson-xc-1.9.2.jar
jakarta.activation-1.2.2.jar
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
