Skip to content

Commit

Permalink
Bump up dependencies to fix CVEs (#12080)
Browse files Browse the repository at this point in the history
  • Loading branch information
@kezhenxu94
kezhenxu94 authored Apr 9, 2024
1 parent 8dd8421 commit c79423c
Show file tree
Hide file tree
Showing 5 changed files with 72 additions and 61 deletions.
9 changes: 6 additions & 3 deletions .licenserc.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,10 +105,10 @@ dependency:
version: 2.13.4
license: Apache-2.0
- name: com.fasterxml.jackson.datatype:jackson-datatype-jsr310
version: 2.15.2
version: 2.16.1
license: Apache-2.0
- name: com.fasterxml.jackson.datatype:jackson-datatype-jdk8
version: 2.15.2
version: 2.16.1
license: Apache-2.0
- name: com.fasterxml.jackson.dataformat:jackson-dataformat-yaml
version: 2.15.2
Expand Down Expand Up @@ -138,6 +138,9 @@ dependency:
version: 0.6.13
license: Apache-2.0
- name: com.aayushatharva.brotli4j:service
version: 1.12.0
version: 1.15.0
license: Apache-2.0
- name: io.vertx:vertx-grpc
version: 4.5.1
license: EPL-2.0

107 changes: 55 additions & 52 deletions dist-material/release-docs/LICENSE
View file
Original file line number Diff line number Diff line change
Expand Up @@ -210,23 +210,24 @@ The following components are provided under the Apache-2.0 License. See project
The text of each license is the standard Apache 2.0 license.
https://mvnrepository.com/artifact/build.buf.protoc-gen-validate/pgv-java-stub/0.6.13 Apache-2.0
https://mvnrepository.com/artifact/build.buf.protoc-gen-validate/protoc-gen-validate/0.6.13 Apache-2.0
https://mvnrepository.com/artifact/com.aayushatharva.brotli4j/brotli4j/1.12.0 Apache-2.0
https://mvnrepository.com/artifact/com.aayushatharva.brotli4j/service/1.12.0 Apache-2.0
https://mvnrepository.com/artifact/com.aayushatharva.brotli4j/brotli4j/1.15.0 Apache-2.0
https://mvnrepository.com/artifact/com.aayushatharva.brotli4j/service/1.15.0 Apache-2.0
https://mvnrepository.com/artifact/com.alibaba.nacos/nacos-api/1.4.2 Apache-2.0
https://mvnrepository.com/artifact/com.alibaba.nacos/nacos-client/1.4.2 Apache-2.0
https://mvnrepository.com/artifact/com.alibaba.nacos/nacos-common/1.4.2 Apache-2.0
https://mvnrepository.com/artifact/com.ctrip.framework.apollo/apollo-client/1.8.0 Apache-2.0
https://mvnrepository.com/artifact/com.ctrip.framework.apollo/apollo-core/1.8.0 Apache-2.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-annotations/2.15.2 Apache-2.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core/2.15.2 Apache-2.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.15.2 Apache-2.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-annotations/2.16.1 Apache-2.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core/2.16.1 Apache-2.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.16.1 Apache-2.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.15.2 Apache-2.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.datatype/jackson-datatype-guava/2.12.0 Apache-2.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.datatype/jackson-datatype-jdk8/2.15.2 Apache-2.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.15.2 Apache-2.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.datatype/jackson-datatype-jdk8/2.16.1 Apache-2.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.16.1 Apache-2.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.module/jackson-module-kotlin/2.13.4 Apache-2.0
https://mvnrepository.com/artifact/com.fasterxml/classmate/1.5.1 Apache-2.0
https://mvnrepository.com/artifact/com.google.api.grpc/proto-google-common-protos/2.9.0 Apache-2.0
https://mvnrepository.com/artifact/com.google.api.grpc/proto-google-common-protos/2.29.0 Apache-2.0
https://mvnrepository.com/artifact/com.google.auto.service/auto-service-annotations/1.0.1 Apache-2.0
https://mvnrepository.com/artifact/com.google.code.findbugs/jsr305/3.0.2 Apache-2.0
https://mvnrepository.com/artifact/com.google.code.gson/gson/2.9.0 Apache-2.0
https://mvnrepository.com/artifact/com.google.errorprone/error_prone_annotations/2.11.0 Apache-2.0
Expand All @@ -237,10 +238,10 @@ The text of each license is the standard Apache 2.0 license.
https://mvnrepository.com/artifact/com.google.inject/guice/4.1.0 Apache-2.0
https://mvnrepository.com/artifact/com.google.j2objc/j2objc-annotations/1.3 Apache-2.0
https://mvnrepository.com/artifact/com.graphql-java/java-dataloader/3.2.0 Apache-2.0
https://mvnrepository.com/artifact/com.linecorp.armeria/armeria/1.25.0 Apache-2.0
https://mvnrepository.com/artifact/com.linecorp.armeria/armeria-graphql/1.25.0 Apache-2.0
https://mvnrepository.com/artifact/com.linecorp.armeria/armeria-graphql-protocol/1.25.0 Apache-2.0
https://mvnrepository.com/artifact/com.linecorp.armeria/armeria-protobuf/1.25.0 Apache-2.0
https://mvnrepository.com/artifact/com.linecorp.armeria/armeria/1.27.3 Apache-2.0
https://mvnrepository.com/artifact/com.linecorp.armeria/armeria-graphql/1.27.3 Apache-2.0
https://mvnrepository.com/artifact/com.linecorp.armeria/armeria-graphql-protocol/1.27.3 Apache-2.0
https://mvnrepository.com/artifact/com.linecorp.armeria/armeria-protobuf/1.27.3 Apache-2.0
https://mvnrepository.com/artifact/com.orbitz.consul/consul-client/1.5.3 Apache-2.0
https://mvnrepository.com/artifact/com.squareup.okhttp3/okhttp/4.9.0 Apache-2.0
https://mvnrepository.com/artifact/com.squareup.okio/okio/2.8.0 Apache-2.0
Expand All @@ -255,9 +256,10 @@ The text of each license is the standard Apache 2.0 license.
https://mvnrepository.com/artifact/commons-validator/commons-validator/1.7 Apache-2.0
https://npmjs.com/package/d3-flame-graph/v/4.1.3 4.1.3 Apache-2.0
https://npmjs.com/package/echarts/v/5.4.1 5.4.1 Apache-2.0
https://mvnrepository.com/artifact/io.etcd/jetcd-common/0.5.3 Apache-2.0
https://mvnrepository.com/artifact/io.etcd/jetcd-core/0.5.3 Apache-2.0
https://mvnrepository.com/artifact/io.etcd/jetcd-resolver/0.5.3 Apache-2.0
https://mvnrepository.com/artifact/io.etcd/jetcd-api/0.6.1 Apache-2.0
https://mvnrepository.com/artifact/io.etcd/jetcd-common/0.6.1 Apache-2.0
https://mvnrepository.com/artifact/io.etcd/jetcd-core/0.6.1 Apache-2.0
https://mvnrepository.com/artifact/io.etcd/jetcd-grpc/0.6.1 Apache-2.0
https://mvnrepository.com/artifact/io.fabric8/istio-client/6.7.1 Apache-2.0
https://mvnrepository.com/artifact/io.fabric8/istio-model-v1alpha3/6.7.1 Apache-2.0
https://mvnrepository.com/artifact/io.fabric8/istio-model-v1beta1/6.7.1 Apache-2.0
Expand Down Expand Up @@ -287,43 +289,44 @@ The text of each license is the standard Apache 2.0 license.
https://mvnrepository.com/artifact/io.fabric8/kubernetes-model-scheduling/6.7.1 Apache-2.0
https://mvnrepository.com/artifact/io.fabric8/kubernetes-model-storageclass/6.7.1 Apache-2.0
https://mvnrepository.com/artifact/io.fabric8/zjsonpatch/0.3.0 Apache-2.0
https://mvnrepository.com/artifact/io.grpc/grpc-api/1.53.0 Apache-2.0
https://mvnrepository.com/artifact/io.grpc/grpc-context/1.53.0 Apache-2.0
https://mvnrepository.com/artifact/io.grpc/grpc-core/1.53.0 Apache-2.0
https://mvnrepository.com/artifact/io.grpc/grpc-grpclb/1.53.0 Apache-2.0
https://mvnrepository.com/artifact/io.grpc/grpc-netty/1.53.0 Apache-2.0
https://mvnrepository.com/artifact/io.grpc/grpc-protobuf/1.53.0 Apache-2.0
https://mvnrepository.com/artifact/io.grpc/grpc-protobuf-lite/1.53.0 Apache-2.0
https://mvnrepository.com/artifact/io.grpc/grpc-stub/1.53.0 Apache-2.0
https://mvnrepository.com/artifact/io.micrometer/micrometer-commons/1.11.3 Apache-2.0
https://mvnrepository.com/artifact/io.micrometer/micrometer-core/1.11.3 Apache-2.0
https://mvnrepository.com/artifact/io.micrometer/micrometer-observation/1.11.3 Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-buffer/4.1.100.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-codec/4.1.100.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-codec-dns/4.1.96.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-codec-haproxy/4.1.96.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-codec-http/4.1.100.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-codec-http2/4.1.100.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-codec-socks/4.1.100.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-common/4.1.100.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-handler/4.1.100.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-handler-proxy/4.1.100.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-resolver/4.1.96.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-resolver-dns/4.1.96.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-resolver-dns-classes-macos/4.1.96.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-resolver-dns-native-macos/4.1.96.Final Apache-2.0
https://mvnrepository.com/artifact/io.grpc/grpc-api/1.62.2 Apache-2.0
https://mvnrepository.com/artifact/io.grpc/grpc-context/1.62.2 Apache-2.0
https://mvnrepository.com/artifact/io.grpc/grpc-core/1.62.2 Apache-2.0
https://mvnrepository.com/artifact/io.grpc/grpc-grpclb/1.62.2 Apache-2.0
https://mvnrepository.com/artifact/io.grpc/grpc-netty/1.62.2 Apache-2.0
https://mvnrepository.com/artifact/io.grpc/grpc-protobuf/1.62.2 Apache-2.0
https://mvnrepository.com/artifact/io.grpc/grpc-protobuf-lite/1.62.2 Apache-2.0
https://mvnrepository.com/artifact/io.grpc/grpc-stub/1.62.2 Apache-2.0
https://mvnrepository.com/artifact/io.grpc/grpc-util/1.62.2 Apache-2.0
https://mvnrepository.com/artifact/io.micrometer/micrometer-commons/1.12.2 Apache-2.0
https://mvnrepository.com/artifact/io.micrometer/micrometer-core/1.12.2 Apache-2.0
https://mvnrepository.com/artifact/io.micrometer/micrometer-observation/1.12.2 Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-buffer/4.1.108.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-codec/4.1.108.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-codec-dns/4.1.106.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-codec-haproxy/4.1.106.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-codec-http/4.1.108.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-codec-http2/4.1.108.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-codec-socks/4.1.108.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-common/4.1.108.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-handler/4.1.108.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-handler-proxy/4.1.108.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-resolver/4.1.106.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-resolver-dns/4.1.106.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-resolver-dns-classes-macos/4.1.106.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-resolver-dns-native-macos/4.1.106.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-tcnative-boringssl-static/2.0.52.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-tcnative-boringssl-static/2.0.61.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-tcnative-classes/2.0.61.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-transport/4.1.96.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-transport-classes-epoll/4.1.96.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-transport-classes-kqueue/4.1.96.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-transport/4.1.106.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-transport-classes-epoll/4.1.106.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-transport-classes-kqueue/4.1.106.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-transport-native-epoll/4.1.45.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-transport-native-epoll/4.1.96.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-transport-native-kqueue/4.1.96.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-transport-native-unix-common/4.1.79.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-transport-native-unix-common/4.1.96.Final Apache-2.0
https://mvnrepository.com/artifact/io.perfmark/perfmark-api/0.25.0 Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-transport-native-epoll/4.1.106.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-transport-native-kqueue/4.1.106.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-transport-native-unix-common/4.1.100.Final Apache-2.0
https://mvnrepository.com/artifact/io.netty/netty-transport-native-unix-common/4.1.106.Final Apache-2.0
https://mvnrepository.com/artifact/io.perfmark/perfmark-api/0.26.0 Apache-2.0
https://mvnrepository.com/artifact/io.prometheus/simpleclient/0.6.0 Apache-2.0
https://mvnrepository.com/artifact/io.prometheus/simpleclient_common/0.6.0 Apache-2.0
https://mvnrepository.com/artifact/io.prometheus/simpleclient_hotspot/0.6.0 Apache-2.0
Expand All @@ -333,7 +336,7 @@ The text of each license is the standard Apache 2.0 license.
https://mvnrepository.com/artifact/io.zipkin/zipkin-lens/2.24.1 Apache-2.0
https://mvnrepository.com/artifact/javax.inject/javax.inject/1 Apache-2.0
https://mvnrepository.com/artifact/joda-time/joda-time/2.10.5 Apache-2.0
https://mvnrepository.com/artifact/net.jodah/failsafe/2.3.4 Apache-2.0
https://mvnrepository.com/artifact/net.jodah/failsafe/2.4.4 Apache-2.0
https://mvnrepository.com/artifact/org.apache.commons/commons-lang3/3.11 Apache-2.0
https://mvnrepository.com/artifact/org.apache.commons/commons-text/1.4 Apache-2.0
https://mvnrepository.com/artifact/org.apache.curator/curator-client/4.3.0 Apache-2.0
Expand Down Expand Up @@ -505,7 +508,7 @@ The text of each license is also included in licenses/LICENSE-[project].txt.
https://npmjs.com/package/@vue/shared/v/3.2.45 3.2.45 MIT
https://npmjs.com/package/async-validator/v/4.2.5 4.2.5 MIT
https://npmjs.com/package/asynckit/v/0.4.0 0.4.0 MIT
https://npmjs.com/package/axios/v/1.6.0 1.6.0 MIT
https://npmjs.com/package/axios/v/1.6.8 1.6.8 MIT
https://npmjs.com/package/axios/node_modules/form-data/v/4.0.0 4.0.0 MIT
https://npmjs.com/package/axios/node_modules/proxy-from-env/v/1.1.0 1.1.0 MIT
https://npmjs.com/package/batch-processor/v/1.0.0 1.0.0 MIT
Expand All @@ -529,7 +532,7 @@ The text of each license is also included in licenses/LICENSE-[project].txt.
https://npmjs.com/package/element-resize-detector/v/1.2.4 1.2.4 MIT
https://npmjs.com/package/escape-html/v/1.0.3 1.0.3 MIT
https://npmjs.com/package/estree-walker/v/2.0.2 2.0.2 MIT
https://npmjs.com/package/follow-redirects/v/1.15.4 1.15.4 MIT
https://npmjs.com/package/follow-redirects/v/1.15.6 1.15.6 MIT
https://npmjs.com/package/iconv-lite/v/0.6.3 0.6.3 MIT
https://npmjs.com/package/is-plain-object/v/5.0.0 5.0.0 MIT
https://npmjs.com/package/lodash/v/4.17.21 4.17.21 MIT
Expand All @@ -543,7 +546,7 @@ The text of each license is also included in licenses/LICENSE-[project].txt.
https://npmjs.com/package/monaco-editor/v/0.34.1 0.34.1 MIT
https://npmjs.com/package/nanoid/v/3.3.7 3.3.7 MIT
https://mvnrepository.com/artifact/org.checkerframework/checker-qual/3.33.0 MIT
https://mvnrepository.com/artifact/org.codehaus.mojo/animal-sniffer-annotations/1.21 MIT
https://mvnrepository.com/artifact/org.codehaus.mojo/animal-sniffer-annotations/1.23 MIT
https://npmjs.com/package/pinia/v/2.0.28 2.0.28 MIT
https://npmjs.com/package/pinia/node_modules/vue-demi/v/0.13.11 0.13.11 MIT
https://npmjs.com/package/postcss/v/8.4.33 8.4.33 MIT
Expand Down
1 change: 1 addition & 0 deletions docs/en/changes/changes.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
* Remove CLI(`swctl`) from the image.
* Remove CLI_VERSION variable from Makefile build.
* Add BanyanDB to docker-compose quickstart.
* Bump up Armeria, jackson, netty, jetcd and grpc to fix CVEs.

#### OAP Server

Expand Down
12 changes: 8 additions & 4 deletions oap-server-bom/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,8 @@
<kubernetes.version>6.7.1</kubernetes.version>
<hikaricp.version>3.1.0</hikaricp.version>
<zipkin.version>2.24.1</zipkin.version>
<jackson.version>2.15.2</jackson.version>
<jackson-databind.version>2.15.2</jackson-databind.version>
<jackson.version>2.16.0</jackson.version>
<jackson-databind.version>2.16.0</jackson-databind.version>
<simpleclient.version>0.6.0</simpleclient.version>
<apollo.version>1.8.0</apollo.version>
<nacos.version>1.4.2</nacos.version>
Expand All @@ -66,9 +66,9 @@
<commons-beanutils.version>1.9.4</commons-beanutils.version>
<flatbuffers-java.version>1.12.0</flatbuffers-java.version>
<postgresql.version>42.4.4</postgresql.version>
<jetcd.version>0.5.3</jetcd.version>
<jetcd.version>0.6.1</jetcd.version>
<testcontainers.version>1.17.6</testcontainers.version>
<armeria.version>1.25.0</armeria.version>
<armeria.version>1.27.3</armeria.version>
<awaitility.version>3.0.0</awaitility.version>
<httpcore.version>4.4.13</httpcore.version>
<commons-compress.version>1.21</commons-compress.version>
Expand Down Expand Up @@ -404,6 +404,10 @@
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
<exclusion>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-annotations</artifactId>
</exclusion>
</exclusions>
</dependency>

Expand Down
4 changes: 2 additions & 2 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,8 +163,8 @@
<byte-buddy.version>1.14.9</byte-buddy.version>

<!-- core lib dependency -->
<grpc.version>1.53.0</grpc.version>
<netty.version>4.1.100.Final</netty.version>
<grpc.version>1.62.2</grpc.version>
<netty.version>4.1.108.Final</netty.version>
<netty-tcnative-boringssl-static.version>2.0.52.Final</netty-tcnative-boringssl-static.version>
<gson.version>2.9.0</gson.version>
<os-maven-plugin.version>1.6.2</os-maven-plugin.version>
Expand Down

0 comments on commit c79423c

Please sign in to comment.