[issue-2183] upgrade gson due to cve

.asf.yaml

@@ -57,7 +57,7 @@ github:
       required_pull_request_reviews:
         dismiss_stale_reviews: true
         required_approving_review_count: 2
-    dev-1.1.1:
+    dev-1.1.3:
       required_status_checks:
         strict: true
       required_pull_request_reviews:

LICENSE-binary

@@ -318,7 +318,7 @@ See licenses-binary/ for text of these licenses.
     (Apache License, Version 2.0) Flink : Metrics : Core (org.apache.flink:flink-metrics-core:1.12.2 - https://flink.apache.org/flink-metrics/flink-metrics-core)
     (Apache License, Version 2.0) Google Guice - Core Library (com.google.inject:guice:3.0 - http://code.google.com/p/google-guice/guice/)
     (Apache License, Version 2.0) Google Guice - Extensions - Servlet (com.google.inject.extensions:guice-servlet:3.0 - http://code.google.com/p/google-guice/extensions-parent/guice-servlet/)
-    (Apache License, Version 2.0) Gson (com.google.code.gson:gson:2.8.5 - https://github.com/google/gson/gson)
+    (Apache License, Version 2.0) Gson (com.google.code.gson:gson:2.8.9 - https://github.com/google/gson/gson)
     (Apache License, Version 2.0) Guava InternalFutureFailureAccess and InternalFutures (com.google.guava:failureaccess:1.0.1 - https://github.com/google/guava/failureaccess)
     (Apache License, Version 2.0) Guava ListenableFuture only (com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava - https://github.com/google/guava/listenablefuture)
     (Apache License, Version 2.0) Hadoop Metrics2 Reporter for Dropwizard Metrics (com.github.joshelser:dropwizard-metrics-hadoop-metrics2-reporter:0.1.2 - https://github.com/joshelser/dropwizard-hadoop-metrics2)

README.md

@@ -54,16 +54,16 @@ Since the first release of Linkis in 2019, it has accumulated more than **700**
 
 # Ecosystem
 
-| Component | Description | Linkis 0.x(recommend 0.11.0) Compatible | Linkis 1.x(recommend 1.0.3) Compatible |
+| Component | Description | Linkis 0.x(recommend 0.11.0) Compatible | Linkis 1.x(recommend 1.1.1) Compatible |
 | --------------- | -------------------------------------------------------------------- | --------- | --------- |
-| [**DataSphereStudio**](https://github.com/WeBankFinTech/DataSphereStudio/blob/master/README.md) | DataSphere Studio (DSS for short) is WeDataSphere, a one-stop data application development management portal. | DSS 0.9.1[released] | **DSS 1.0.1[released]** |
+| [**DataSphereStudio**](https://github.com/WeBankFinTech/DataSphereStudio/blob/master/README.md) | DataSphere Studio (DSS for short) is WeDataSphere, a one-stop data application development management portal. | DSS 0.9.1[released] | **DSS 1.0.1[released][Linkis recommend 1.1.0]** |
 | [**Scriptis**](https://github.com/WeBankFinTech/Scriptis) | Support online script writing such as SQL, Pyspark, HiveQL, etc., submit to [Linkis](https://github.com/apache/incubator-linkis) to perform data analysis web tools. | Scriptis merged in DSS（DSS 0.9.1[released]） | **In DSS 1.0.1[released]** |
 | [**Schedulis**](https://github.com/WeBankFinTech/Schedulis) | Workflow task scheduling system based on Azkaban secondary development, with financial-grade features such as high performance, high availability and multi-tenant resource isolation. | Schedulis 0.6.1[released] |  **Schedulis0.6.2 [released]** |
 | [**Qualitis**](https://github.com/WeBankFinTech/Qualitis) | Data quality verification tool, providing data verification capabilities such as data integrity and correctness  | Qualitis 0.8.0[released] | **Qualitis 0.9.1 [released]** |
-| [**Streamis**](https://github.com/WeBankFinTech/Streamis) | Streaming application development management tool. It supports the release of Flink Jar and Flink SQL, and provides the development, debugging and production management capabilities of streaming applications, such as: start-stop, status monitoring, checkpoint, etc. | **No support** | **Streamis 0.1.0 [released]** |
+| [**Streamis**](https://github.com/WeBankFinTech/Streamis) | Streaming application development management tool. It supports the release of Flink Jar and Flink SQL, and provides the development, debugging and production management capabilities of streaming applications, such as: start-stop, status monitoring, checkpoint, etc. | **No support** | **Streamis 0.1.0 [released][Linkis recommend 1.1.0]** |
 | [**Exchangis**](https://github.com/WeBankFinTech/Exchangis) | A data exchange platform that supports data transmission between structured and unstructured heterogeneous data sources, the upcoming Exchangis1. 0, will be connected with DSS workflow | **No support** | **Exchangis 1.0.0 [developing]**|
 | [**Visualis**](https://github.com/WeBankFinTech/Visualis) | A data visualization BI tool based on the second development of Davinci, an open source project of CreditEase, provides users with financial-level data visualization capabilities in terms of data security. | Visualis 0.5.0[released]| **Visualis 1.0.0[developing]**|
-| [**Prophecis**](https://github.com/WeBankFinTech/Prophecis) | A one-stop machine learning platform that integrates multiple open source machine learning frameworks. Prophecis' MLFlow can be connected to DSS workflow through AppConn. | Prophecis 0.2.2[released] | **Prophecis 0.3.0 [developing]** |
+| [**Prophecis**](https://github.com/WeBankFinTech/Prophecis) | A one-stop machine learning platform that integrates multiple open source machine learning frameworks. Prophecis' MLFlow can be connected to DSS workflow through AppConn. | Prophecis 0.2.2[released] | **Prophecis 0.3.0 [released]** |
 
 # Download
 

README_CN.md

@@ -47,16 +47,16 @@ Linkis 自2019年开源发布以来，已累计积累了700多家试验企业和
 
 # 生态组件
 
-| 应用工具     | 描述                                                          | Linkis 0.X(推荐0.11.0) 兼容版本   | Linkis 1.X(推荐1.0.3) 兼容版本    | 
+| 应用工具     | 描述                                                          | Linkis 0.X(推荐0.11.0) 兼容版本   | Linkis 1.X(推荐1.1.1) 兼容版本    | 
 | --------------- | -------------------------------------------------------------------- | --------- | ---------- | 
-| [**DataSphere Studio**](https://github.com/WeBankFinTech/DataSphereStudio/blob/master/README-ZH.md)  | DataSphere Studio（简称 DSS）数据应用开发管理集成框架    | DSS 0.9.1[已发布] | **DSS 1.0.1[开发中]** |
-| [**Scriptis**](https://github.com/WeBankFinTech/Scriptis)   | 支持在线写 SQL、Pyspark、HiveQL 等脚本，提交给[Linkis](https://github.com/apache/incubator-linkis)执行的数据分析 Web 工具。 | Scriptis合并在DSS中（DSS 0.9.1[已发布]） | 在DSS 1.0.1中[开发中] |
-| [**Schedulis**](https://github.com/WeBankFinTech/Schedulis) | 基于 Azkaban 二次开发的工作流任务调度系统,具备高性能，高可用和多租户资源隔离等金融级特性。 | Schedulis 0.6.1[已发布] | **Schedulis0.6.2 [开发中]** |
-| [**Qualitis**](https://github.com/WeBankFinTech/Qualitis)   | 数据质量校验工具，提供数据完整性、正确性等数据校验能力 | Qualitis 0.8.0[已发布] | **Qualitis 0.9.0 [开发中]** |
-| [**Streamis**](https://github.com/WeBankFinTech/Streamis)  | 流式应用开发管理工具。支持发布 Flink Jar 和 Flink SQL ，提供流式应用的开发调试和生产管理能力，如：启停、状态监控、checkpoint 等。 | 不支持 | **Streamis 0.1.0 [开发中]** |
+| [**DataSphere Studio**](https://github.com/WeBankFinTech/DataSphereStudio/blob/master/README-ZH.md)  | DataSphere Studio（简称 DSS）数据应用开发管理集成框架    | DSS 0.9.1[已发布] | **DSS 1.0.1[已发布][Linkis 推荐1.1.0]** |
+| [**Scriptis**](https://github.com/WeBankFinTech/Scriptis)   | 支持在线写 SQL、Pyspark、HiveQL 等脚本，提交给[Linkis](https://github.com/apache/incubator-linkis)执行的数据分析 Web 工具。 | Scriptis合并在DSS中（DSS 0.9.1[已发布]） | 在DSS 1.0.1中[已发布] |
+| [**Schedulis**](https://github.com/WeBankFinTech/Schedulis) | 基于 Azkaban 二次开发的工作流任务调度系统,具备高性能，高可用和多租户资源隔离等金融级特性。 | Schedulis 0.6.1[已发布] | **Schedulis0.6.2 [已发布]** |
+| [**Qualitis**](https://github.com/WeBankFinTech/Qualitis)   | 数据质量校验工具，提供数据完整性、正确性等数据校验能力 | Qualitis 0.8.0[已发布] | **Qualitis 0.9.0 [已发布]** |
+| [**Streamis**](https://github.com/WeBankFinTech/Streamis)  | 流式应用开发管理工具。支持发布 Flink Jar 和 Flink SQL ，提供流式应用的开发调试和生产管理能力，如：启停、状态监控、checkpoint 等。 | 不支持 | **Streamis 0.1.0 [已发布][Linkis 推荐1.1.0]** |
 | [**Exchangis**](https://github.com/WeBankFinTech/Exchangis) | 支持对结构化及无结构化的异构数据源之间的数据传输的数据交换平台，即将发布的 Exchangis1.0，将与 DSS 工作流打通 | 不支持 | **Exchangis 1.0.0 [开发中]** |
 | [**Visualis**](https://github.com/WeBankFinTech/Visualis)   | 基于宜信开源项目 Davinci 二次开发的数据可视化 BI 工具，为用户在数据安全方面提供金融级数据可视化能力。 | Visualis 0.5.0[已发布] | **Visualis 1.0.0[开发中]** |
-| [**Prophecis**](https://github.com/WeBankFinTech/Prophecis)     | 一站式机器学习平台，集成多种开源机器学习框架。Prophecis 的 MLFlow 通过 AppConn 可以接入到 DSS 工作流中。      | Prophecis 0.2.2[已发布] | **Prophecis 0.3.0 [开发中]** |
+| [**Prophecis**](https://github.com/WeBankFinTech/Prophecis)     | 一站式机器学习平台，集成多种开源机器学习框架。Prophecis 的 MLFlow 通过 AppConn 可以接入到 DSS 工作流中。      | Prophecis 0.2.2[已发布] | **Prophecis 0.3.0 [已发布]** |
 
 # 下载
 

pom.xml

@@ -104,7 +104,7 @@
         <zookeeper.version>3.5.9</zookeeper.version>
         <spring.boot.version>2.3.12.RELEASE</spring.boot.version>
         <guava.version>30.0-jre</guava.version>
-        <gson.version>2.8.5</gson.version>
+        <gson.version>2.8.9</gson.version>
         <scala.version>2.11.12</scala.version>
         <jdk.compile.version>1.8</jdk.compile.version>
         <plugin.scala.version>2.15.2</plugin.scala.version>

tool/dependencies/known-dependencies.txt

@@ -151,7 +151,7 @@ geronimo-annotation_1.0_spec-1.1.1.jar
 geronimo-jaspic_1.0_spec-1.0.jar
 geronimo-jta_1.1_spec-1.1.1.jar
 grizzled-slf4j_2.11-1.3.2.jar
-gson-2.8.5.jar
+gson-2.8.9.jar
 guava-30.0-jre.jar
 guava-retrying-2.0.0.jar
 guice-3.0.jar