Update dependencies to avoid CVE #2267

linghengqian · 2023-09-18T14:32:56Z

Changes proposed in this pull request:

Update Netty to 4.1.97.Final.
- Fixes fix(sec): upgrade io.netty:netty-common to 4.1.77.Final #2256.
- Fixes Bump netty-handler from 4.1.59.Final to 4.1.94.Final #2234.
Update Mesos Client to 1.11.0 and update Fenzo to 1.0.1.
- Fixes There is a vulnerability in Apache Mesos 1.1.0 ,upgrade recommended #1750.
- The Fenzo project has been archived, maybe we should consider changing to a mesos client. Refer to https://github.com/Netflix/Fenzo .
Update Guava to 30.0-jre.
- Synchronize with https://github.com/apache/shardingsphere/blob/master/pom.xml .
- Fixes Bump guava from 29.0-jre to 32.0.0-jre #2232.
Update Zookeeper Client to 3.9.0 and update Curator to 5.5.0.
- Split from Add elasticjob-lite-reachability-metadata module for nativeTest and nativeRun #2263.
- Avoid ZOOKEEPER-4460 to break the GraalVM Native Image build. Refer to Add support for org.apache.curator:curator-*:5.4.0 oracle/graalvm-reachability-metadata#163 (comment) .
Update Slf4j to 1.7.36 and update logback to 1.2.12.
- Synchronize GraalVM Reachability Metadata from https://github.com/oracle/graalvm-reachability-metadata/tree/883199aa0a6212942f95ee2150f552d438eb8e14/metadata/ch.qos.logback/logback-classic .
Update Apache Commons dependency to avoid CVE.
- Fixes fix(sec): upgrade commons-codec:commons-codec to 1.13 #2158 .
Update Gson to 2.10.1 to avoid CVE.

codecov-commenter · 2023-09-18T14:38:48Z

Codecov Report

Merging #2267 (b665e3c) into master (d4f7d94) will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master    #2267   +/-   ##
=========================================
  Coverage     84.46%   84.46%           
+ Complexity     1929     1928    -1     
=========================================
  Files           287      287           
  Lines          6341     6341           
  Branches        704      704           
=========================================
  Hits           5356     5356           
- Misses          659      660    +1     
+ Partials        326      325    -1

Files Changed	Coverage Δ
...elasticjob/lite/internal/server/ServerService.java	`72.34% <ø> (ø)`

... and 4 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

Update dependencies to avoid CVE

b665e3c

linghengqian marked this pull request as ready for review September 18, 2023 14:51

TeslaCN approved these changes Sep 18, 2023

View reviewed changes

TeslaCN merged commit de93e07 into apache:master Sep 18, 2023
9 checks passed

linghengqian deleted the update-dep branch September 18, 2023 14:59

linghengqian added the dependencies Pull requests that update a dependency file label Sep 18, 2023

linghengqian added this to the 3.0.4 milestone Sep 18, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependencies to avoid CVE #2267

Update dependencies to avoid CVE #2267

linghengqian commented Sep 18, 2023 •

edited

Loading

codecov-commenter commented Sep 18, 2023

Update dependencies to avoid CVE #2267

Update dependencies to avoid CVE #2267

Conversation

linghengqian commented Sep 18, 2023 • edited Loading

codecov-commenter commented Sep 18, 2023

Codecov Report

linghengqian commented Sep 18, 2023 •

edited

Loading