Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update dependencies to address CVEs #16374

Merged
merged 2 commits into from
May 3, 2024
Merged

update dependencies to address CVEs #16374

merged 2 commits into from
May 3, 2024

Conversation

janjwerner-confluent
Copy link
Contributor

@janjwerner-confluent janjwerner-confluent commented May 2, 2024
edited
Loading

Description

Update dependencies:

This PR has:

  • been self-reviewed.
  • added documentation for new or modified features or behaviors.
  • a release note entry in the PR description.
  • added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
  • added or updated version, license, or notice information in licenses.yaml
  • added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
  • added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
  • added integration tests.
  • been tested in a test Druid cluster.

@xvrl xvrl merged commit b164013 into apache:master May 3, 2024
88 checks passed
@LakshSingla LakshSingla added this to the 30.0.0 milestone May 3, 2024
IgorBerman pushed a commit to IgorBerman/druid that referenced this pull request May 5, 2024
@janjwerner-confluent @IgorBerman
update dependencies to address CVEs (apache#16374)
25227c5 
update dependencies to address new batch of CVEs:
- Azure POM from 1.2.19 to 1.2.23 to update transitive dependency nimbus-jose-jwt to address:  CVE-2023-52428
- commons-configuration2 from 2.8.0 to 2.10.1 to address: CVE-2024-29131 CVE-2024-29133
- bcpkix-jdk18on from 1.76 to 1.78.1 to address: CVE-2024-30172 CVE-2024-30171 CVE-2024-29857
adarshsanjeev pushed a commit to adarshsanjeev/druid that referenced this pull request May 6, 2024
@janjwerner-confluent @adarshsanjeev
update dependencies to address CVEs (apache#16374)
57ecfb9 
update dependencies to address new batch of CVEs:
- Azure POM from 1.2.19 to 1.2.23 to update transitive dependency nimbus-jose-jwt to address:  CVE-2023-52428
- commons-configuration2 from 2.8.0 to 2.10.1 to address: CVE-2024-29131 CVE-2024-29133
- bcpkix-jdk18on from 1.76 to 1.78.1 to address: CVE-2024-30172 CVE-2024-30171 CVE-2024-29857
@adarshsanjeev adarshsanjeev mentioned this pull request May 6, 2024
Merged
kfaraz pushed a commit that referenced this pull request May 7, 2024
@adarshsanjeev @janjwerner-confluent
[Backport] update dependencies to address CVEs (#16374) (#16395)
b26394e 
update dependencies to address new batch of CVEs:
- Azure POM from 1.2.19 to 1.2.23 to update transitive dependency nimbus-jose-jwt to address:  CVE-2023-52428
- commons-configuration2 from 2.8.0 to 2.10.1 to address: CVE-2024-29131 CVE-2024-29133
- bcpkix-jdk18on from 1.76 to 1.78.1 to address: CVE-2024-30172 CVE-2024-30171 CVE-2024-29857

Co-authored-by: Jan Werner <105367074+janjwerner-confluent@users.noreply.github.com>
@adarshsanjeev adarshsanjeev mentioned this pull request May 28, 2024
Closed
pagrawal10 pushed a commit to confluentinc/druid that referenced this pull request Jun 1, 2024
@janjwerner-confluent @pagrawal10
update dependencies to address CVEs (apache#16374)
0d01526 
update dependencies to address new batch of CVEs:
- Azure POM from 1.2.19 to 1.2.23 to update transitive dependency nimbus-jose-jwt to address:  CVE-2023-52428
- commons-configuration2 from 2.8.0 to 2.10.1 to address: CVE-2024-29131 CVE-2024-29133
- bcpkix-jdk18on from 1.76 to 1.78.1 to address: CVE-2024-30172 CVE-2024-30171 CVE-2024-29857
pagrawal10 pushed a commit to confluentinc/druid that referenced this pull request Jun 1, 2024
@janjwerner-confluent @pagrawal10
update dependencies to address CVEs (apache#16374)
1c0251c 
update dependencies to address new batch of CVEs:
- Azure POM from 1.2.19 to 1.2.23 to update transitive dependency nimbus-jose-jwt to address:  CVE-2023-52428
- commons-configuration2 from 2.8.0 to 2.10.1 to address: CVE-2024-29131 CVE-2024-29133
- bcpkix-jdk18on from 1.76 to 1.78.1 to address: CVE-2024-30172 CVE-2024-30171 CVE-2024-29857
@pagrawal10 pagrawal10 mentioned this pull request Jun 1, 2024
Merged
10 tasks
pagrawal10 pushed a commit to confluentinc/druid that referenced this pull request Jun 2, 2024
@janjwerner-confluent @pagrawal10
update dependencies to address CVEs (apache#16374)
f4edde5 
update dependencies to address new batch of CVEs:
- Azure POM from 1.2.19 to 1.2.23 to update transitive dependency nimbus-jose-jwt to address:  CVE-2023-52428
- commons-configuration2 from 2.8.0 to 2.10.1 to address: CVE-2024-29131 CVE-2024-29133
- bcpkix-jdk18on from 1.76 to 1.78.1 to address: CVE-2024-30172 CVE-2024-30171 CVE-2024-29857
pagrawal10 pushed a commit to confluentinc/druid that referenced this pull request Jun 3, 2024
@janjwerner-confluent @pagrawal10
update dependencies to address CVEs (apache#16374)
e21523d 
update dependencies to address new batch of CVEs:
- Azure POM from 1.2.19 to 1.2.23 to update transitive dependency nimbus-jose-jwt to address:  CVE-2023-52428
- commons-configuration2 from 2.8.0 to 2.10.1 to address: CVE-2024-29131 CVE-2024-29133
- bcpkix-jdk18on from 1.76 to 1.78.1 to address: CVE-2024-30172 CVE-2024-30171 CVE-2024-29857
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xvrl xvrl xvrl approved these changes

Assignees
No one assigned
Labels
Area - Dependencies
Projects
None yet
Milestone
30.0.0
Development

Successfully merging this pull request may close these issues.
3 participants
@janjwerner-confluent @xvrl @LakshSingla