This is an automated email from the ASF dual-hosted git repository.
fanningpj pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-pekko-connectors.git
The following commit(s) were added to refs/heads/main by this push:
new 1241de68e Upgrade protobuf java due to CVEs (#230)
1241de68e is described below
commit 1241de68ee22eaea719cf0929b2e1c186994dee1
Author: PJ Fanning <[email protected]>
AuthorDate: Mon Aug 21 11:01:27 2023 +0100
Upgrade protobuf java due to CVEs (#230)
* update release notes (1.0.0)
* use protobuf-java 3.21.12
---
docs/src/main/paradox/release-notes/index.md | 3 ++-
project/Dependencies.scala | 3 +++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/docs/src/main/paradox/release-notes/index.md
b/docs/src/main/paradox/release-notes/index.md
index 97970f842..1916247a9 100644
--- a/docs/src/main/paradox/release-notes/index.md
+++ b/docs/src/main/paradox/release-notes/index.md
@@ -35,7 +35,7 @@ We haven't had to fix many bugs that were in Alpakka 4.0.0.
### Additions
* Add back Scala 2.12 support
([PR65](https://github.com/apache/incubator-pekko-connectors/pull/65))
-* Scala 3 support
([126](https://github.com/apache/incubator-pekko-connectors/issues/126))
+* Scala 3 support
([#126](https://github.com/apache/incubator-pekko-connectors/issues/126))
* The connectors that still only support Scala 2 are Geode, MongoDB and
Slick.
* FTP Connector now supports UTF8 Autodetect mode
([PR221](https://github.com/apache/incubator-pekko-connectors/pull/221))
* IronMQ Connector: changed the Circe JSON integration to use
[mdedetrich/pekko-streams-circe](https://github.com/mdedetrich/pekko-streams-circe)
([PR134](https://github.com/apache/incubator-pekko-connectors/pull/134))
@@ -45,6 +45,7 @@ We haven't had to fix many bugs that were in Alpakka 4.0.0.
We have tried to limit the changes to third party dependencies that are used
in Pekko HTTP 1.0.0. These are some exceptions:
* Cassandra Driver 4.15.0
([PR100](https://github.com/apache/incubator-pekko-connectors/pull/100))
+* protobuf 3.21.12
([#222](https://github.com/apache/incubator-pekko-connectors/issues/222))
* jackson 2.14.3
* scalatest 3.2.14. Pekko users who have existing tests based on Akka Testkit
may need to migrate their tests due to the scalatest upgrade. The [scalatest
3.2 release notes](https://www.scalatest.org/release_notes/3.2.0) have a
detailed description of the changes needed.
diff --git a/project/Dependencies.scala b/project/Dependencies.scala
index 140406c08..9ec4c475f 100644
--- a/project/Dependencies.scala
+++ b/project/Dependencies.scala
@@ -33,6 +33,7 @@ object Dependencies {
val ScalaTestVersion = "3.2.14"
val TestContainersScalaTestVersion = "0.40.14"
val mockitoVersion = "4.2.0" // check even
https://github.com/scalatest/scalatestplus-mockito/releases
+ val protobufJavaVersion = "3.21.12"
val hoverflyVersion = "0.14.1"
val scalaCheckVersion = "1.16.0"
@@ -211,6 +212,7 @@ object Dependencies {
"org.apache.avro" % "avro" % "1.9.2" % "provided",
"org.apache.arrow" % "arrow-vector" % "4.0.0" % "provided",
"io.grpc" % "grpc-auth" %
org.apache.pekko.grpc.gen.BuildInfo.grpcVersion,
+ "com.google.protobuf" % "protobuf-java" % protobufJavaVersion,
"org.apache.pekko" %% "pekko-http-spray-json" % PekkoHttpVersion,
"org.apache.pekko" %% "pekko-http-core" % PekkoHttpVersion,
"org.apache.pekko" %% "pekko-http" % PekkoHttpVersion,
@@ -231,6 +233,7 @@ object Dependencies {
"com.google.cloud" % "google-cloud-pubsub" % "1.112.5" % "protobuf-src",
"io.grpc" % "grpc-auth" %
org.apache.pekko.grpc.gen.BuildInfo.grpcVersion,
"com.google.auth" % "google-auth-library-oauth2-http" % "0.22.2",
+ "com.google.protobuf" % "protobuf-java" % protobufJavaVersion,
// pull in Pekko Discovery for our Pekko version
"org.apache.pekko" %% "pekko-discovery" % PekkoVersion))
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
