From 9a75758fada29da860364fb80915bd364a057734 Mon Sep 17 00:00:00 2001 From: penghuo Date: Wed, 23 Feb 2022 09:43:41 -0800 Subject: [PATCH 1/2] Version Bump: springframework and jackson Signed-off-by: penghuo --- core/build.gradle | 6 +++--- plugin/build.gradle | 5 +++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/core/build.gradle b/core/build.gradle index 461815cffbf..d26af11cc2d 100644 --- a/core/build.gradle +++ b/core/build.gradle @@ -40,8 +40,8 @@ repositories { dependencies { compile group: 'com.google.guava', name: 'guava', version: '31.0.1-jre' - compile group: 'org.springframework', name: 'spring-context', version: '5.2.5.RELEASE' - compile group: 'org.springframework', name: 'spring-beans', version: '5.2.5.RELEASE' + compile group: 'org.springframework', name: 'spring-context', version: '5.2.19.RELEASE' + compile group: 'org.springframework', name: 'spring-beans', version: '5.2.19.RELEASE' compile group: 'org.apache.commons', name: 'commons-lang3', version: '3.10' compile group: 'com.facebook.presto', name: 'presto-matching', version: '0.240' compile group: 'org.apache.commons', name: 'commons-math3', version: '3.6.1' @@ -49,7 +49,7 @@ dependencies { testImplementation('org.junit.jupiter:junit-jupiter:5.6.2') testCompile group: 'org.hamcrest', name: 'hamcrest-library', version: '2.1' - testCompile group: 'org.springframework', name: 'spring-test', version: '5.2.5.RELEASE' + testCompile group: 'org.springframework', name: 'spring-test', version: '5.2.19.RELEASE' testCompile group: 'org.mockito', name: 'mockito-core', version: '3.3.3' testCompile group: 'org.mockito', name: 'mockito-junit-jupiter', version: '3.3.3' } diff --git a/plugin/build.gradle b/plugin/build.gradle index 60eb12393bd..b934a804a3f 100644 --- a/plugin/build.gradle +++ b/plugin/build.gradle @@ -56,7 +56,8 @@ configurations.all { resolutionStrategy.force 'junit:junit:4.13.2' // conflict with spring-jcl exclude group: "commons-logging", module: "commons-logging" - resolutionStrategy.force 'com.fasterxml.jackson.core:jackson-core:2.10.5' + // enforce 2.12.6, https://github.com/opensearch-project/sql/issues/424 + resolutionStrategy.force 'com.fasterxml.jackson.core:jackson-core:2.12.6' // enforce 1.1.3, https://www.whitesourcesoftware.com/vulnerability-database/WS-2019-0379 resolutionStrategy.force 'commons-codec:commons-codec:1.13' resolutionStrategy.force 'com.google.guava:guava:31.0.1-jre' @@ -64,7 +65,7 @@ configurations.all { } dependencies { - compile group: 'org.springframework', name: 'spring-beans', version: '5.2.5.RELEASE' + compile group: 'org.springframework', name: 'spring-beans', version: '5.2.19.RELEASE' compile project(":ppl") compile project(':legacy') compile project(':opensearch') From 87ba2bc6fe5bf115a57ee33373db0b550f7e7919 Mon Sep 17 00:00:00 2001 From: penghuo Date: Wed, 23 Feb 2022 09:50:23 -0800 Subject: [PATCH 2/2] fix springframework Signed-off-by: penghuo --- ppl/build.gradle | 4 ++-- sql/build.gradle | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ppl/build.gradle b/ppl/build.gradle index 9a95003a4c3..4b88c000fef 100644 --- a/ppl/build.gradle +++ b/ppl/build.gradle @@ -48,8 +48,8 @@ dependencies { compile group: 'com.google.guava', name: 'guava', version: '31.0.1-jre' compile group: 'org.opensearch', name: 'opensearch-x-content', version: "${opensearch_version}" compile group: 'org.json', name: 'json', version: '20180813' - compile group: 'org.springframework', name: 'spring-context', version: '5.2.5.RELEASE' - compile group: 'org.springframework', name: 'spring-beans', version: '5.2.5.RELEASE' + compile group: 'org.springframework', name: 'spring-context', version: '5.2.19.RELEASE' + compile group: 'org.springframework', name: 'spring-beans', version: '5.2.19.RELEASE' compile group: 'org.apache.logging.log4j', name: 'log4j-core', version:'2.17.1' compile project(':common') compile project(':core') diff --git a/sql/build.gradle b/sql/build.gradle index 9a6fdec2275..1acb115137d 100644 --- a/sql/build.gradle +++ b/sql/build.gradle @@ -47,8 +47,8 @@ dependencies { compile "org.antlr:antlr4-runtime:4.7.1" implementation group: 'com.google.guava', name: 'guava', version: '31.0.1-jre' compile group: 'org.json', name: 'json', version:'20180813' - compile group: 'org.springframework', name: 'spring-context', version: '5.2.5.RELEASE' - compile group: 'org.springframework', name: 'spring-beans', version: '5.2.5.RELEASE' + compile group: 'org.springframework', name: 'spring-context', version: '5.2.19.RELEASE' + compile group: 'org.springframework', name: 'spring-beans', version: '5.2.19.RELEASE' compile project(':common') compile project(':core') compile project(':protocol')