Skip to content

[IOTDB-1792]remove tomcat-embed dependency and make all transitive dependencies versions consistent#4077

Merged
SteveYurongSu merged 4 commits intomasterfrom
fix_cve
Oct 11, 2021
Merged

[IOTDB-1792]remove tomcat-embed dependency and make all transitive dependencies versions consistent#4077
SteveYurongSu merged 4 commits intomasterfrom
fix_cve

Conversation

@jixuan1989
Copy link
Member

@jixuan1989 jixuan1989 commented Oct 5, 2021

This PR upgrades the following dependencies:

httpclient: 4.5.12,4.5.2,4.3.5 -> 4.5.13
jetty-server: 9.4.35 -> 11.0.6
junit: 4.12 -> 4.13.2
httpcore: xxx -> 4.4.13
tomcat-embed-core: removed
net.java.dev.jna: 5.5.0
zookeeper: 3.4.9
commons-beanutils: 1.9.4
commons-compress:1.21
error_prone_annotations:2.5.1 -> 2.7.1

@coveralls
Copy link

coveralls commented Oct 5, 2021
edited
Loading

Coverage Status

Coverage increased (+0.01%) to 67.794% when pulling f81fc99 on fix_cve into cbbdc6c on master.

SteveYurongSu
SteveYurongSu reviewed Oct 11, 2021
View reviewed changes
@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 11, 2021

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@SteveYurongSu SteveYurongSu merged commit 3da5c6d into master Oct 11, 2021
@SteveYurongSu SteveYurongSu deleted the fix_cve branch October 11, 2021 08:04
@LIU-WEI-git
Copy link
Contributor

LIU-WEI-git commented Oct 11, 2021

Thanks for your fix. Shall we fix those CVE in version 0.12.3?

@SteveYurongSu
Copy link
Member

SteveYurongSu commented Oct 11, 2021

Thanks for your fix. Shall we fix those CVE in version 0.12.3?

Sure. I am cherry-picking the fix now, PR's coming!

@SteveYurongSu SteveYurongSu mentioned this pull request Oct 11, 2021
Merged
cornmonster pushed a commit to cornmonster/iotdb that referenced this pull request Oct 25, 2021
@jixuan1989 @SteveYurongSu @cornmonster
[IOTDB-1792] Remove tomcat-embed dependency and make all transitive d…
f1aed23 
…ependencies versions consistent (apache#4077)

Co-authored-by: xiangdong huang <sainthxd@gmail.com>
Co-authored-by: Steve Yurong Su <rong@apache.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@HTHou HTHou HTHou approved these changes

@SteveYurongSu SteveYurongSu SteveYurongSu approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jixuan1989 @coveralls @LIU-WEI-git @SteveYurongSu @HTHou