[openwhisk] branch master updated: add base dependency version to cve remediations for downstream runtime builds (#5385)

Fri, 24 Feb 2023 10:42:58 -0800 

This is an automated email from the ASF dual-hosted git repository.

dgrove pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/openwhisk.git


The following commit(s) were added to refs/heads/master by this push:
     new 949c513de add base dependency version to cve remediations for 
downstream runtime builds (#5385)
949c513de is described below

commit 949c513de55c06e8e244a05c57f5d2419eb00466
Author: Brendan Doyle <[email protected]>
AuthorDate: Fri Feb 24 10:42:43 2023 -0800

    add base dependency version to cve remediations for downstream runtime 
builds (#5385)
    
    Co-authored-by: Brendan Doyle <[email protected]>
---
 core/monitoring/user-events/build.gradle | 2 +-
 core/standalone/build.gradle             | 2 +-
 tests/build.gradle                       | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/core/monitoring/user-events/build.gradle 
b/core/monitoring/user-events/build.gradle
index f9e81492e..c6f4a9fc4 100644
--- a/core/monitoring/user-events/build.gradle
+++ b/core/monitoring/user-events/build.gradle
@@ -45,7 +45,7 @@ dependencies {
 
     testImplementation "junit:junit:4.11"
     testImplementation 
"org.scalatest:scalatest_${gradle.scala.depVersion}:3.0.8"
-    testImplementation 
"io.github.embeddedkafka:embedded-kafka_${gradle.scala.depVersion}"
+    testImplementation 
"io.github.embeddedkafka:embedded-kafka_${gradle.scala.depVersion}:2.4.0"
     constraints {
         
testImplementation("io.github.embeddedkafka:embedded-kafka_${gradle.scala.depVersion}:2.4.0")
         testImplementation('org.apache.avro:avro:1.11.1') {
diff --git a/core/standalone/build.gradle b/core/standalone/build.gradle
index 422c25a71..031e529d8 100644
--- a/core/standalone/build.gradle
+++ b/core/standalone/build.gradle
@@ -169,7 +169,7 @@ dependencies {
     implementation project(':tools:admin')
     implementation "org.rogach:scallop_${gradle.scala.depVersion}:3.3.2"
 
-    implementation 
"io.github.embeddedkafka:embedded-kafka_${gradle.scala.depVersion}"
+    implementation 
"io.github.embeddedkafka:embedded-kafka_${gradle.scala.depVersion}:2.4.0"
     constraints {
         
implementation("io.github.embeddedkafka:embedded-kafka_${gradle.scala.depVersion}:2.4.0")
         implementation('org.apache.avro:avro:1.11.1') {
diff --git a/tests/build.gradle b/tests/build.gradle
index 45ab3ec27..fe0ef9eeb 100644
--- a/tests/build.gradle
+++ b/tests/build.gradle
@@ -232,14 +232,14 @@ dependencies {
     implementation 
("org.apache.curator:curator-test:${gradle.curator.version}") {
         exclude group: 'log4j'
     }
-    implementation "com.atlassian.oai:swagger-request-validator-core"
+    implementation "com.atlassian.oai:swagger-request-validator-core:1.4.5"
     constraints {
         
implementation("com.atlassian.oai:swagger-request-validator-core:1.4.5")
         implementation("org.slf4j:slf4j-ext:1.7.36") {
             because 'swagger-request-validator-core cannot be upgraded to 2.x 
where vuln is remediated'
         }
     }
-    implementation 
"io.github.embeddedkafka:embedded-kafka_${gradle.scala.depVersion}"
+    implementation 
"io.github.embeddedkafka:embedded-kafka_${gradle.scala.depVersion}:2.4.0"
     constraints {
         
implementation("io.github.embeddedkafka:embedded-kafka_${gradle.scala.depVersion}:2.4.0")
         implementation('org.apache.avro:avro:1.11.1') {

Reply via email to