Skip to content

Commit

Permalink
[FLINK-33238][Formats/Avro] Upgrade used AVRO version to 1.11.3. This c…
Browse files Browse the repository at this point in the history 
…loses #59

* [FLINK-33238][Formats/Avro] Upgrade used AVRO version to 1.11.3 to mitigate scanners flagging Flink or the Flink Kafka connector as vulnerable for CVE-2023-39410

* [FLINK-33238][Formats/Avro] Pin transitive dependency org.apache.commons:commons-compress to 1.22 to address dependency convergence
  • Loading branch information
@MartijnVisser
MartijnVisser authored Oct 11, 2023
1 parent bd260f1 commit c829d7a
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ under the License.
<scala-reflect.version>2.12.7</scala-reflect.version>
<scala-library.version>2.12.7</scala-library.version>
<snappy-java.version>1.1.10.5</snappy-java.version>
<avro.version>1.11.1</avro.version>
<avro.version>1.11.3</avro.version>

<japicmp.skip>false</japicmp.skip>
<japicmp.referenceVersion>1.17.0</japicmp.referenceVersion>
Expand Down Expand Up @@ -405,6 +405,13 @@ under the License.
<version>2.1</version>
</dependency>

<!-- For dependency convergence -->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId>
<version>1.22</version>
</dependency>

<dependency>
<groupId>org.testcontainers</groupId>
<artifactId>testcontainers-bom</artifactId>
Expand Down

0 comments on commit c829d7a

Please sign in to comment.