sseide opened a new pull request, #5725: URL: https://github.com/apache/jmeter/pull/5725
## Description This patch updates some dependencies used to fix multiple security warnings found within these libraries or its dependencies. ## Motivation and Context * jsoup to 1.15.3 (fixes CVE-2022-36033) * jackson to 2.13.4 and jackson-databind to 2.13.4.2 (fixes CVE-2022-42004, CVE-2022-42003) * tika-parsers to 1.28.5 (CVE-2022-33879 and for updated dependencies of jackson) Additionally i added the new GPG key for the jackson project and remove one old key that expired in 2016. The other key from jackson project expired just some months ago, so i let it there. The new key is taken from the Jackson main repositories KEYS file (https://github.com/FasterXML/jackson/blob/master/KEYS) ## How Has This Been Tested? <!--- Please describe in detail how you tested your changes. --> <!--- Include details of your testing environment, tests ran to see how --> <!--- your change affects other areas of the code, etc. --> Tested ourself using jmeter with newer libraries and run `gradle check` ## Screenshots (if appropriate): ## Types of changes <!--- What types of changes does your code introduce? Delete as appropriate --> - Bug fix (non-breaking change which fixes an issue) ## Checklist: <!--- Go over all the following points, and put an `x` in all the boxes that apply. --> <!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [x] My code follows the [code style][style-guide] of this project. - [x] I have updated the documentation accordingly. [style-guide]: https://wiki.apache.org/jmeter/CodeStyleGuidelines -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@jmeter.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
