lindong28 opened a new pull request, #239:
URL: https://github.com/apache/flink-ml/pull/239
## What is the purpose of the change
Upgrade dependency to fix security vulnerabilities.
## Brief change log
- Upgraded jackson.version to 2.13.4 for consistency with Flink. Versions
below 2.12.7.1 has known security vulnerabilities according to CVE-2022-42004
and CVE-2022-42003.
- Upgraded hadoop.version to 2.10.2 for consistency with Flink.
- Upgraded com.puppycrawl.tools version to 8.18 because versions below 8.18
has known security vulnerabilities according to CVE-2019-9658 and
CVE-2019-10782.
- Updated maven-enforcer-plugin configurations for consistency with Flink.
## Does this pull request potentially affect one of the following parts:
- Dependencies (does it add or upgrade a dependency): yes
- The public API, i.e., is any changed class annotated with
`@Public(Evolving)`: no
## Documentation
- Does this pull request introduce a new feature? no
- If yes, how is the feature documented? not applicable
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
