This is an automated email from the ASF dual-hosted git repository.
mkevo pushed a commit to branch support/1.15
in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/support/1.15 by this push:
new 5364cce7cd GEODE-10415: bump dependencies due to vulnerability scan
(#7855)
5364cce7cd is described below
commit 5364cce7cdda81d38f8b8275e083d6a870642d51
Author: Mario Kevo <48509719+mk...@users.noreply.github.com>
AuthorDate: Wed Sep 14 20:49:46 2022 +0200
GEODE-10415: bump dependencies due to vulnerability scan (#7855)
---
.../gradle/plugins/DependencyConstraints.groovy| 4 +-
.../session/tests/GenericAppServerInstall.java | 2 +-
.../integrationTest/resources/assembly_content.txt | 43 ++---
.../resources/gfsh_dependency_classpath.txt| 44 +++---
.../resources/dependency_classpath.txt | 36 +-
5 files changed, 65 insertions(+), 64 deletions(-)
diff --git
a/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
b/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
index f8fb6e3aae..89ef3f64ef 100644
---
a/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
+++
b/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
@@ -41,7 +41,7 @@ class DependencyConstraints {
deps.put("jgroups.version", "3.6.14.Final")
deps.put("log4j.version", "2.17.2")
deps.put("micrometer.version", "1.9.0")
-deps.put("shiro.version", "1.9.0")
+deps.put("shiro.version", "1.9.1")
deps.put("slf4j-api.version", "1.7.32")
deps.put("jboss-modules.version", "1.11.0.Final")
deps.put("jackson.version", "2.13.2")
@@ -61,7 +61,7 @@ class DependencyConstraints {
// The jetty version is also hard-coded in geode-assembly:test
// at o.a.g.sessions.tests.GenericAppServerInstall.java
-deps.put("jetty.version", "9.4.46.v20220331")
+deps.put("jetty.version", "9.4.47.v20220610")
// These versions are referenced in test.gradle, which is aggressively
injected into all projects.
deps.put("junit.version", "4.13.2")
diff --git
a/geode-assembly/src/distributedTest/java/org/apache/geode/session/tests/GenericAppServerInstall.java
b/geode-assembly/src/distributedTest/java/org/apache/geode/session/tests/GenericAppServerInstall.java
index 42bd6e7eec..88d0e5c77b 100644
---
a/geode-assembly/src/distributedTest/java/org/apache/geode/session/tests/GenericAppServerInstall.java
+++
b/geode-assembly/src/distributedTest/java/org/apache/geode/session/tests/GenericAppServerInstall.java
@@ -34,7 +34,7 @@ import java.util.function.IntSupplier;
* specific code outside of the {@link GenericAppServerVersion}.
*/
public class GenericAppServerInstall extends ContainerInstall {
- private static final String JETTY_VERSION = "9.4.46.v20220331";
+ private static final String JETTY_VERSION = "9.4.47.v20220610";
/**
* Get the version number, download URL, and container name of a generic app
server using
diff --git a/geode-assembly/src/integrationTest/resources/assembly_content.txt
b/geode-assembly/src/integrationTest/resources/assembly_content.txt
index 2b41f9c8cb..da0614aa45 100644
--- a/geode-assembly/src/integrationTest/resources/assembly_content.txt
+++ b/geode-assembly/src/integrationTest/resources/assembly_content.txt
@@ -1007,6 +1007,8 @@ lib/istack-commons-runtime-4.0.1.jar
lib/jackson-annotations-2.13.2.jar
lib/jackson-core-2.13.2.jar
lib/jackson-databind-2.13.2.2.jar
+lib/jackson-datatype-joda-2.13.2.jar
+lib/jackson-datatype-jsr310-2.13.2.jar
lib/javax.activation-api-1.2.0.jar
lib/javax.mail-api-1.6.2.jar
lib/javax.resource-api-1.7.1.jar
@@ -1014,19 +1016,20 @@ lib/javax.servlet-api-3.1.0.jar
lib/javax.transaction-api-1.3.jar
lib/jaxb-api-2.3.1.jar
lib/jaxb-impl-2.3.2.jar
-lib/jetty-http-9.4.46.v20220331.jar
-lib/jetty-io-9.4.46.v20220331.jar
-lib/jetty-security-9.4.46.v20220331.jar
-lib/jetty-server-9.4.46.v20220331.jar
-lib/jetty-servlet-9.4.46.v20220331.jar
-lib/jetty-util-9.4.46.v20220331.jar
-lib/jetty-util-ajax-9.4.46.v20220331.jar
-lib/jetty-webapp-9.4.46.v20220331.jar
-lib/jetty-xml-9.4.46.v20220331.jar
+lib/jetty-http-9.4.47.v20220610.jar
+lib/jetty-io-9.4.47.v20220610.jar
+lib/jetty-security-9.4.47.v20220610.jar
+lib/jetty-server-9.4.47.v20220610.jar
+lib/jetty-servlet-9.4.47.v20220610.jar
+lib/jetty-util-9.4.47.v20220610.jar
+lib/jetty-util-ajax-9.4.47.v20220610.jar
+lib/jetty-webapp-9.4.47.v20220610.jar
+lib/jetty-xml-9.4.47.v20220610.jar
lib/jgroups-3.6.14.Final.jar
lib/jline-2.12.jar
lib/jna-5.11.0.jar
lib/jna-platform-5.11.0.jar
+lib/joda-time-2.10.14.jar
lib/jopt-simple-5.0.4.jar
lib/log4j-api-2.17.2.jar
lib/log4j-core-2.17.2.jar
@@ -1044,16 +1047,17 @@