This is an automated email from the ASF dual-hosted git repository. ningjiang pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/servicecomb-pack.git
commit f53e77330929560cbd37e243fc15f151283d6471 Author: Willem Jiang <willem.ji...@gmail.com> AuthorDate: Fri Feb 25 18:09:32 2022 +0800 SCB-2368 Fixed the CVE issues with CVSS 9 --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 6b3b6cd..71b9c2b 100644 --- a/pom.xml +++ b/pom.xml @@ -47,7 +47,7 @@ <java.version>1.8</java.version> <log4j.version>2.17.1</log4j.version> <disruptor.version>3.3.7</disruptor.version> - <dubbo.version>2.6.4</dubbo.version> + <dubbo.version>2.6.12</dubbo.version> <spring.boot.version>2.1.6.RELEASE</spring.boot.version> <spring.cloud.version>2.1.1.RELEASE</spring.cloud.version> <spring.cloud.starter.consul.discovery.version>2.1.1.RELEASE</spring.cloud.starter.consul.discovery.version> @@ -65,7 +65,7 @@ <kryo.version>4.0.1</kryo.version> <javax.transaction.version>1.2</javax.transaction.version> <eclipse.link.version>2.7.1</eclipse.link.version> - <jackson.version>2.13.2</jackson.version> + <jackson.version>2.13.1</jackson.version> <byteman.version>4.0.1</byteman.version> <jaxb.version>2.3.0</jaxb.version> <javax.activation.version>1.1.1</javax.activation.version> @@ -886,7 +886,7 @@ <configuration> <name>notifier-dependency-check</name> <format>HTML</format> - <failBuildOnCVSS>10</failBuildOnCVSS> + <failBuildOnCVSS>9</failBuildOnCVSS> <failOnError>false</failOnError> <skipProvidedScope>true</skipProvidedScope> <skipRuntimeScope>true</skipRuntimeScope>