Skip to content

Commit

Permalink
Fix CVEs (#89)
Browse files Browse the repository at this point in the history 
* Fix deps, PK upgrade

* Run PK fix

---------

Co-authored-by: Christoph Pirkl <[email protected]>
  • Loading branch information
@Shmuma @kaklakariada
Shmuma and kaklakariada authored Jun 4, 2024
1 parent 5ea51ca commit ce02a02
Show file tree
Hide file tree
Showing 9 changed files with 64 additions and 57 deletions.
14 changes: 5 additions & 9 deletions .github/workflows/dependencies_update.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

52 changes: 26 additions & 26 deletions dependencies.md
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

17 changes: 11 additions & 6 deletions doc/changes/changes_1.0.6.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,13 +25,14 @@ This release upgrades dependencies.
#### Plugin Dependency Updates

* Updated `com.exasol:error-code-crawler-maven-plugin:1.3.1` to `2.0.3`
* Updated `com.exasol:project-keeper-maven-plugin:3.0.0` to `4.3.1`
* Updated `com.exasol:project-keeper-maven-plugin:3.0.0` to `4.3.2`
* Updated `org.apache.maven.plugins:maven-compiler-plugin:3.11.0` to `3.13.0`
* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.4.1` to `3.5.0`
* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.2.3` to `3.2.5`
* Updated `org.apache.maven.plugins:maven-toolchains-plugin:3.1.0` to `3.2.0`
* Updated `org.codehaus.mojo:flatten-maven-plugin:1.5.0` to `1.6.0`
* Updated `org.jacoco:jacoco-maven-plugin:0.8.11` to `0.8.12`
* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594` to `3.11.0.3922`
* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594` to `4.0.0.4121`

### Tableau Server GUI Tests

Expand All @@ -42,6 +43,8 @@ This release upgrades dependencies.
* Updated `com.fasterxml.jackson.core:jackson-databind:2.16.1` to `2.17.1`
* Updated `commons-io:commons-io:2.15.1` to `2.16.1`
* Updated `io.github.bonigarcia:webdrivermanager:5.6.3` to `5.8.0`
* Added `org.bouncycastle:bcpkix-jdk18on:1.78.1`
* Removed `org.bouncycastle:bcprov-jdk15on:1.70`
* Updated `org.json:json:20231013` to `20240303`
* Updated `org.junit.jupiter:junit-jupiter:5.10.1` to `5.10.2`
* Updated `org.mockito:mockito-junit-jupiter:5.9.0` to `5.12.0`
Expand All @@ -51,23 +54,25 @@ This release upgrades dependencies.
#### Plugin Dependency Updates

* Updated `com.exasol:error-code-crawler-maven-plugin:1.3.1` to `2.0.3`
* Updated `com.exasol:project-keeper-maven-plugin:3.0.0` to `4.3.1`
* Updated `com.exasol:project-keeper-maven-plugin:3.0.0` to `4.3.2`
* Updated `org.apache.maven.plugins:maven-compiler-plugin:3.11.0` to `3.13.0`
* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.4.1` to `3.5.0`
* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.2.3` to `3.2.5`
* Updated `org.apache.maven.plugins:maven-toolchains-plugin:3.1.0` to `3.2.0`
* Updated `org.codehaus.mojo:flatten-maven-plugin:1.5.0` to `1.6.0`
* Updated `org.jacoco:jacoco-maven-plugin:0.8.11` to `0.8.12`
* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594` to `3.11.0.3922`
* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594` to `4.0.0.4121`

### Exasol Connector for Tableau

#### Plugin Dependency Updates

* Updated `com.exasol:error-code-crawler-maven-plugin:1.3.1` to `2.0.3`
* Updated `com.exasol:project-keeper-maven-plugin:3.0.0` to `4.3.1`
* Updated `com.exasol:project-keeper-maven-plugin:3.0.0` to `4.3.2`
* Updated `org.apache.maven.plugins:maven-compiler-plugin:3.11.0` to `3.13.0`
* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.4.1` to `3.5.0`
* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.2.3` to `3.2.5`
* Updated `org.apache.maven.plugins:maven-toolchains-plugin:3.1.0` to `3.2.0`
* Updated `org.codehaus.mojo:flatten-maven-plugin:1.5.0` to `1.6.0`
* Updated `org.jacoco:jacoco-maven-plugin:0.8.11` to `0.8.12`
* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594` to `3.11.0.3922`
* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594` to `4.0.0.4121`
4 changes: 2 additions & 2 deletions jdbc-kerberos-setup-test/pk_generated_parent.pom
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion jdbc-kerberos-setup-test/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
<plugin>
<groupId>com.exasol</groupId>
<artifactId>project-keeper-maven-plugin</artifactId>
<version>4.3.1</version>
<version>4.3.2</version>
<executions>
<execution>
<goals>
Expand Down
4 changes: 2 additions & 2 deletions pk_generated_parent.pom
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
<plugin>
<groupId>com.exasol</groupId>
<artifactId>project-keeper-maven-plugin</artifactId>
<version>4.3.1</version>
<version>4.3.2</version>
<executions>
<execution>
<goals>
Expand Down
4 changes: 2 additions & 2 deletions tableau-server-GUI-tests/pk_generated_parent.pom
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

22 changes: 14 additions & 8 deletions tableau-server-GUI-tests/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,19 @@
<artifactId>webdrivermanager</artifactId>
<version>5.8.0</version>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk18on</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<!-- Fix CVE-2024-34447 in transitive dependency of webdrivermanager -->
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk18on</artifactId>
<version>1.78.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
Expand Down Expand Up @@ -66,13 +79,6 @@
<version>3.5.4</version>
<scope>test</scope>
</dependency>
<dependency>
<!-- Upgrade to fix CVE-2020-0187 -->
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.70</version>
<scope>test</scope>
</dependency>
<dependency>
<!-- Upgrade to fix CVE-2020-25649, CVE-2020-36518, CVE-2022-42003, CVE-2022-42004 -->
<groupId>com.fasterxml.jackson.core</groupId>
Expand All @@ -93,7 +99,7 @@
<plugin>
<groupId>com.exasol</groupId>
<artifactId>project-keeper-maven-plugin</artifactId>
<version>4.3.1</version>
<version>4.3.2</version>
<executions>
<execution>
<goals>
Expand Down

0 comments on commit ce02a02

Please sign in to comment.