Address CVE-2022-42003 (#312)

* address jackson-databind cve Signed-off-by: Kaushal Kumar <kshkmr@amazon.com> * upgrade protobuf-java Signed-off-by: Kaushal Kumar <kshkmr@amazon.com> Signed-off-by: Kaushal Kumar <kshkmr@amazon.com> Co-authored-by: Kaushal Kumar <kshkmr@amazon.com>
opensearch-project · Oct 20, 2022 · cda3760 · cda3760
1 parent f44ca26
commit cda3760
Show file tree

Hide file tree

Showing 6 changed files with 5 additions and 5 deletions.
diff --git a/build.gradle b/build.gradle
@@ -240,7 +240,7 @@ checkstyleTest.enabled = false
 dependencies {
 
     def jacksonVersion = "2.13.4"
-    def jacksonDataBindVersion = "2.13.4"
+    def jacksonDataBindVersion = "2.13.4.2"
     def nettyVersion = "4.1.79.Final"
 
     configurations {
@@ -281,7 +281,7 @@ dependencies {
     implementation(group: 'com.google.errorprone', name: 'error_prone_annotations', version: '2.9.0') {
         force = 'true'
     }
-    implementation(group: 'com.google.protobuf', name:'protobuf-java', version: '3.19.2') {
+    implementation(group: 'com.google.protobuf', name:'protobuf-java', version: '3.21.8') {
         force = 'true'
     }
     implementation("io.netty:netty-buffer:${nettyVersion}") {

diff --git a/licenses/jackson-databind-2.13.4.2.jar.sha1 b/licenses/jackson-databind-2.13.4.2.jar.sha1
@@ -0,0 +1 @@
+325c06bdfeb628cfb80ebaaf1a26cc1eb558a585
diff --git a/licenses/jackson-databind-2.13.4.jar.sha1 b/licenses/jackson-databind-2.13.4.jar.sha1
diff --git a/licenses/performanceanalyzer-rca-2.4.0.0-SNAPSHOT.jar.sha1 b/licenses/performanceanalyzer-rca-2.4.0.0-SNAPSHOT.jar.sha1
@@ -1 +1 @@
-b094cbaa8ddb1d30573c98115754a5928cb03327
+8c5cb2ca38982c8d45e3dca9033d44687b9cb798
diff --git a/licenses/protobuf-java-3.19.2.jar.sha1 b/licenses/protobuf-java-3.19.2.jar.sha1
diff --git a/licenses/protobuf-java-3.21.8.jar.sha1 b/licenses/protobuf-java-3.21.8.jar.sha1
@@ -0,0 +1 @@
+2a1eebb74b844d9ccdf1d22eb2f57cec709698a9