This is an automated email from the ASF dual-hosted git repository.

tilman pushed a commit to branch branch_2x
in repository https://gitbox.apache.org/repos/asf/tika.git


The following commit(s) were added to refs/heads/branch_2x by this push:
     new 599a3f80e TIKA-4239: update google cloud, jackson, threetenbp, 
plexus-utils
599a3f80e is described below

commit 599a3f80e21e9beda6c580e96fd9a529ac4b5ca1
Author: Tilman Hausherr <[email protected]>
AuthorDate: Fri Sep 27 13:13:40 2024 +0200

    TIKA-4239: update google cloud, jackson, threetenbp, plexus-utils
---
 tika-parent/pom.xml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/tika-parent/pom.xml b/tika-parent/pom.xml
index 814f1c6e8..d615f2e80 100644
--- a/tika-parent/pom.xml
+++ b/tika-parent/pom.xml
@@ -306,7 +306,7 @@
     <rat.version>0.16.1</rat.version>
 
     <!-- dependency versions -->
-    <google.cloud.version>2.43.0</google.cloud.version>
+    <google.cloud.version>2.43.1</google.cloud.version>
     <aws.version>1.12.772</aws.version>
     <!-- WARNING: when you upgrade asm make sure that you update the
         OpCode in the initializer in 
org.apache.tika.parser.asm.XHTMLClassVisitor
@@ -348,7 +348,7 @@
     <imageio.version>1.4.0</imageio.version>
     <!-- jackrabbit 2.21.23 requires java 11 -->
     <jackrabbit.version>2.21.22</jackrabbit.version>
-    <jackson.version>2.17.2</jackson.version>
+    <jackson.version>2.18.0</jackson.version>
     <javax.annotation.version>1.3.2</javax.annotation.version>
     <javax.jcr.version>2.0</javax.jcr.version>
     <javax.rest.version>2.1.1</javax.rest.version>
@@ -846,7 +846,7 @@
       <dependency>
         <groupId>org.codehaus.plexus</groupId>
         <artifactId>plexus-utils</artifactId>
-        <version>4.0.1</version>
+        <version>4.0.2</version>
       </dependency>
       <dependency>
         <groupId>org.freemarker</groupId>
@@ -1117,10 +1117,11 @@
               <version>1.3.3</version>
             </coordinate>
             <!-- brought in by gcs fetcher -->
+            <!-- CVE-2024-23082 and CVE-2024-23081 are disputed -->
             <coordinate>
               <groupId>org.threeten</groupId>
               <artifactId>threetenbp</artifactId>
-              <version>1.6.9</version>
+              <version>1.7.0</version>
             </coordinate>
             <!-- while waiting for 1.14.4 to appear on maven central, see
                  
https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/

Reply via email to