Skip to content

Commit

Permalink
CVE-2024-36114 (#73)
Browse files Browse the repository at this point in the history 
* Updated dependencies
Fixed CVE-2024-36114 via transitive dependency override
  • Loading branch information
@pj-spoelders
pj-spoelders authored Jun 3, 2024
1 parent e99b050 commit 064d364
Show file tree
Hide file tree
Showing 9 changed files with 151 additions and 116 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/broken_links_checker.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 0 additions & 7 deletions .github/workflows/ci-build-next-java.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 0 additions & 1 deletion .github/workflows/ci-build.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

14 changes: 5 additions & 9 deletions .github/workflows/dependencies_update.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

168 changes: 85 additions & 83 deletions dependencies.md
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/changes/changelog.md
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

36 changes: 36 additions & 0 deletions doc/changes/changes_2.0.9.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# Parquet for Java 2.0.9, released 2024-06-03

Code name: Security update - fix for CVE-2024-36114

## Summary

Fixed CVE-2024-36114 https://github.com/advisories/GHSA-973x-65j7-xcf4 via transitive version update.
Updated dependencies.

## Security

* #72: CVE-2024-36114: io.airlift:aircompressor:jar:0.21:compile

## Dependency Updates

### Compile Dependency Updates

* Added `io.airlift:aircompressor:0.27`
* Updated `org.apache.commons:commons-compress:1.26.1` to `1.26.2`

### Test Dependency Updates

* Updated `org.mockito:mockito-core:5.11.0` to `5.12.0`
* Updated `org.mockito:mockito-junit-jupiter:5.11.0` to `5.12.0`

### Plugin Dependency Updates

* Updated `com.exasol:error-code-crawler-maven-plugin:2.0.2` to `2.0.3`
* Updated `com.exasol:project-keeper-maven-plugin:4.3.0` to `4.3.2`
* Updated `org.apache.maven.plugins:maven-deploy-plugin:3.1.1` to `3.1.2`
* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.4.1` to `3.5.0`
* Updated `org.apache.maven.plugins:maven-gpg-plugin:3.2.2` to `3.2.4`
* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.6.3` to `3.7.0`
* Updated `org.apache.maven.plugins:maven-toolchains-plugin:3.1.0` to `3.2.0`
* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922` to `4.0.0.4121`
* Updated `org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13` to `1.7.0`
Loading

0 comments on commit 064d364

Please sign in to comment.