sseide opened a new pull request #695: URL: https://github.com/apache/jmeter/pull/695
## Description <!--- Provide a general summary of your changes in the Title above --> <!--- Describe your changes in detail here --> This PR updates dependencies to fix open security warnings. ## Motivation and Context <!--- Why is this change required? What problem does it solve? --> <!--- If it fixes an open issue, please link to the issue here. --> * update jackson to 2.13.1 (https://github.com/FasterXML/jackson-databind/issues/3328) and set to same version as tika-parsers * update jsoup to 1.14.3 (CVE-2021-37714) and same version as in tika-parsers too * tika-parsers to 1.28, fixes dependent jsoup as well as * commons-compress (CVE-2021-36090, CVE-2021-35517,CVE-2021-35516, CVE-2021-35515) * jdom2 (CVE-2021-33813) Question - the `changes.xml` mentions direct dependency updates only i think. Shall these indirect dependency updates for commons-compress and jdom2 also get an entry there or mention update of tika-parsers only is enough? ## How Has This Been Tested? <!--- Please describe in detail how you tested your changes. --> <!--- Include details of your testing environment, tests ran to see how --> <!--- your change affects other areas of the code, etc. --> run `gradlew check` and used updated libs in our installation for some days. ## Screenshots (if appropriate): ## Types of changes <!--- What types of changes does your code introduce? Delete as appropriate --> - Bug fix (non-breaking change which fixes an issue) ## Checklist: <!--- Go over all the following points, and put an `x` in all the boxes that apply. --> <!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [x] My code follows the [code style][style-guide] of this project. - [x] I have updated the documentation accordingly. [style-guide]: https://wiki.apache.org/jmeter/CodeStyleGuidelines -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
