Merge pull request #42369 from HindujaB/ballerina-1.2.50-patch

Update vulnerable versions
ballerina-platform · Mar 21, 2024 · 2504f06 · 2504f06
2 parents 6b7572d + e3c9a41
commit 2504f06
Show file tree

Hide file tree

Showing 13 changed files with 22 additions and 21 deletions.
diff --git a/.trivyignore b/.trivyignore
@@ -4,6 +4,7 @@ CVE-2021-42392
 CVE-2022-23221
 GHSA-h376-j262-vhq6
 GMS-2022-7
+CVE-2022-45868
 
 # com.github.docker-java:docker-java:3.1.5
 CVE-2020-13956

diff --git a/cli/ballerina-cli-module/build.gradle b/cli/ballerina-cli-module/build.gradle
@@ -35,7 +35,7 @@ dependencies {
     implementation project(':toml-parser')
     implementation 'com.moandjiezana.toml:toml4j'
     implementation 'info.picocli:picocli'
-    implementation 'org.apache.commons:commons-compress:1.21'
+    implementation 'org.apache.commons:commons-compress:1.26.0'
     implementation 'me.tongfei:progressbar:0.7.4'
     implementation 'org.jline:jline:3.11.0'
     implementation 'javax.ws.rs:javax.ws.rs-api'

diff --git a/cli/ballerina-packerina/build.gradle b/cli/ballerina-packerina/build.gradle
@@ -47,7 +47,7 @@ dependencies {
     implementation project(':maven-resolver')
     implementation 'com.moandjiezana.toml:toml4j'
     implementation 'info.picocli:picocli'
-    implementation 'org.apache.commons:commons-compress:1.21'
+    implementation 'org.apache.commons:commons-compress:1.26.0'
 
     testCompile 'org.testng:testng'
     testCompile 'com.moandjiezana.toml:toml4j'

diff --git a/distribution/zip/jballerina-tools/build.gradle b/distribution/zip/jballerina-tools/build.gradle
@@ -77,7 +77,7 @@ dependencies {
     // dist 'org.ow2.asm:asm:6.2.1'
     dist 'com.fasterxml.woodstox:woodstox-core:6.5.0'
     dist 'org.codehaus.woodstox:stax2-api:4.2.1'
-    dist 'org.apache.commons:commons-compress:1.21'
+    dist 'org.apache.commons:commons-compress:1.26.0'
     dist 'me.tongfei:progressbar:0.7.4'
     dist 'org.jline:jline:3.11.0'
 

diff --git a/gradle/javaLibsProject.gradle b/gradle/javaLibsProject.gradle
@@ -40,7 +40,7 @@ dependencies {
     dist 'org.wso2.securevault:org.wso2.securevault:1.0.0-wso2v2'
     dist 'org.wso2.transport.file:org.wso2.transport.local-file-system:6.0.55'
     dist 'org.wso2.transport.http:org.wso2.transport.http.netty:6.3.48'
-    dist 'org.bouncycastle:bcprov-jdk15on:1.69'
+    dist 'org.bouncycastle:bcprov-jdk18on:1.73'
     dist 'org.bouncycastle:bcpkix-jdk15on:1.61'
 
     dist 'info.picocli:picocli:4.0.1'

diff --git a/gradle/javaProject.gradle b/gradle/javaProject.gradle
@@ -62,7 +62,7 @@ dependencies {
         implementation 'org.apache.kafka:kafka-clients:2.8.2'
         implementation 'org.apache.kafka:kafka_2.13:2.8.2'
         implementation 'org.apache.avro:avro:1.9.2'
-        implementation 'org.apache.james:apache-mime4j-core:0.8.9'
+        implementation 'org.apache.james:apache-mime4j-core:0.8.10'
         implementation 'org.apache.mina:mina-core:2.0.16'
         implementation 'org.apache.maven:maven-plugin-api:3.6.0'
         implementation 'org.apache.maven.plugin-tools:maven-plugin-annotations:3.6.0'
@@ -75,7 +75,7 @@ dependencies {
         implementation 'org.codehaus.woodstox:stax2-api:4.2.1'
         implementation 'org.awaitility:awaitility:3.1.6'
         implementation 'org.apache.thrift:libthrift:0.14.1'
-        implementation 'org.bouncycastle:bcprov-jdk15on:1.69'
+        implementation 'org.bouncycastle:bcprov-jdk18on:1.73'
         implementation 'org.bouncycastle:bcpkix-jdk15on:1.61'
         implementation 'org.bytedeco.javacpp-presets:llvm-platform:6.0.1-1.4.2'
         implementation 'org.codehaus.plexus:plexus-utils:3.0.8'

diff --git a/misc/debug-adapter/modules/debug-adapter-core/build.gradle b/misc/debug-adapter/modules/debug-adapter-core/build.gradle
@@ -8,7 +8,7 @@ repositories {
 dependencies {
     implementation 'org.eclipse.lsp4j:org.eclipse.lsp4j.debug:0.8.1'
     implementation project(':ballerina-lang')
-    implementation 'org.apache.commons:commons-compress:1.21'
+    implementation 'org.apache.commons:commons-compress:1.26.0'
     implementation files(org.gradle.internal.jvm.Jvm.current().toolsJar)
 }
 

diff --git a/stdlib/grpc/src/main/ballerina/Ballerina.toml b/stdlib/grpc/src/main/ballerina/Ballerina.toml
@@ -111,9 +111,9 @@ target = "java8"
     modules = ["grpc"]
 
     [[platform.libraries]]
-    artifactId = "bcprov-jdk15on"
-    version = "1.69"
-    path = "./lib/bcprov-jdk15on-1.69.jar"
+    artifactId = "bcprov-jdk18on"
+    version = "1.73"
+    path = "./lib/bcprov-jdk18on-1.73.jar"
     groupId = "org.bouncycastle"
     modules = ["grpc"]
 

diff --git a/stdlib/http/build.gradle b/stdlib/http/build.gradle
@@ -94,7 +94,7 @@ dependencies {
     implementation 'org.wso2.carbon.messaging:org.wso2.carbon.messaging'
     implementation 'org.apache.commons:commons-lang3'
     implementation 'org.jvnet.mimepull:mimepull'
-    implementation 'org.bouncycastle:bcprov-jdk15on'
+    implementation 'org.bouncycastle:bcprov-jdk18on'
     implementation 'org.bouncycastle:bcpkix-jdk15on'
     testCompile project(path: ':ballerina-mime', configuration: 'tests')
     testCompile project(path: ':ballerina-test-common', configuration: 'tests')

diff --git a/stdlib/http/src/main/ballerina/Ballerina.toml b/stdlib/http/src/main/ballerina/Ballerina.toml
@@ -104,9 +104,9 @@ target = "java8"
     modules = ["http"]
 
     [[platform.libraries]]
-    artifactId = "bcprov-jdk15on"
-    version = "1.69"
-    path = "./lib/bcprov-jdk15on-1.69.jar"
+    artifactId = "bcprov-jdk18on"
+    version = "1.73"
+    path = "./lib/bcprov-jdk18on-1.73.jar"
     groupId = "org.bouncycastle"
     modules = ["http"]
 

diff --git a/stdlib/mime/src/main/ballerina/Ballerina.toml b/stdlib/mime/src/main/ballerina/Ballerina.toml
@@ -111,9 +111,9 @@ target = "java8"
     modules = ["mime"]
 
     [[platform.libraries]]
-    artifactId = "bcprov-jdk15on"
-    version = "1.69"
-    path = "./lib/bcprov-jdk15on-1.69.jar"
+    artifactId = "bcprov-jdk18on"
+    version = "1.73"
+    path = "./lib/bcprov-jdk18on-1.73.jar"
     groupId = "org.bouncycastle"
     modules = ["mime"]
 

diff --git a/stdlib/websub/src/main/ballerina/Ballerina.toml b/stdlib/websub/src/main/ballerina/Ballerina.toml
@@ -104,9 +104,9 @@ target = "java8"
     modules = ["web-sub"]
 
     [[platform.libraries]]
-    artifactId = "bcprov-jdk15on"
-    version = "1.69"
-    path = "./lib/bcprov-jdk15on-1.69.jar"
+    artifactId = "bcprov-jdk18on"
+    version = "1.73"
+    path = "./lib/bcprov-jdk18on-1.73.jar"
     groupId = "org.bouncycastle"
     modules = ["web-sub"]
 

diff --git a/tests/ballerina-test-utils/build.gradle b/tests/ballerina-test-utils/build.gradle
@@ -80,7 +80,7 @@ shadowJar {
         exclude(dependency('commons-pool.wso2:commons-pool'))
         exclude(dependency('commons-pool:commons-pool'))
         exclude(dependency('org.yaml:snakeyaml'))
-        exclude(dependency('org.bouncycastle:bcprov-jdk15on'))
+        exclude(dependency('org.bouncycastle:bcprov-jdk18on'))
         exclude(dependency('org.bouncycastle:bcpkix-jdk15on'))
         exclude(dependency('io.netty:netty-tcnative-boringssl-static'))
         exclude(dependency('org.testng:testng'))