This is an automated email from the ASF dual-hosted git repository.
chengpan pushed a commit to branch branch-0.12
in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/branch-0.12 by this push:
new b8ed7f511a [ZEPPELIN-6169] upgrade to bcpkix-jdk18on 1.80
b8ed7f511a is described below
commit b8ed7f511a539765625847dbab351c222d965ab2
Author: PJ Fanning <pjfann...@users.noreply.github.com>
AuthorDate: Thu Mar 20 03:20:08 2025 +0100
[ZEPPELIN-6169] upgrade to bcpkix-jdk18on 1.80
### What is this PR for?
See ZEPPELIN-6169
Some CVEs in old transitive dependencies
### What type of PR is it?
Bug Fix
Improvement
Feature
Documentation
Hot Fix
Refactoring
*Please leave your type of PR only*
### Todos
* [ ] - Task
### What is the Jira issue?
* Open an issue on Jira https://issues.apache.org/jira/browse/ZEPPELIN/
* Put link here, and add [ZEPPELIN-*Jira number*] in PR title, eg.
[ZEPPELIN-533]
### How should this be tested?
* Strongly recommended: add automated unit tests for any new or changed
behavior
* Outline any manual steps to test the PR here.
### Screenshots (if appropriate)
### Questions:
* Does the license files need to update?
* Is there breaking changes for older versions?
* Does this needs documentation?
Closes #4912 from pjfanning/bcprov.
Signed-off-by: Cheng Pan <cheng...@apache.org>
(cherry picked from commit a279ceb7ccb03f7272fba009416b133ede934ec6)
Signed-off-by: Cheng Pan <cheng...@apache.org>
---
pom.xml | 4 ++--
zeppelin-distribution/src/bin_license/LICENSE | 4 ++--
zeppelin-plugins/launcher/docker/pom.xml | 6 ++++++
zeppelin-server/pom.xml | 2 +-
zeppelin-zengine/pom.xml | 2 +-
5 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/pom.xml b/pom.xml
index 4bab6bb51c..1ea266ca56 100644
--- a/pom.xml
+++ b/pom.xml
@@ -138,7 +138,7 @@
<commons.collections.version>3.2.2</commons.collections.version>
<commons.cli.version>1.4</commons.cli.version>
<shiro.version>1.13.0</shiro.version>
- <bouncycastle.version>1.70</bouncycastle.version>
+ <bouncycastle.version>1.80</bouncycastle.version>
<maven.version>3.6.3</maven.version>
<dropwizard.version>4.1.14</dropwizard.version>
<micrometer.version>1.6.0</micrometer.version>
@@ -394,7 +394,7 @@
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
+ <artifactId>bcpkix-jdk18on</artifactId>
<version>${bouncycastle.version}</version>
</dependency>
diff --git a/zeppelin-distribution/src/bin_license/LICENSE
b/zeppelin-distribution/src/bin_license/LICENSE
index 926aacedda..62ffec2ded 100644
--- a/zeppelin-distribution/src/bin_license/LICENSE
+++ b/zeppelin-distribution/src/bin_license/LICENSE
@@ -261,7 +261,7 @@ The text of each license is also included at
licenses/LICENSE-[project]-[version
(The MIT License) slf4j v1.7.35 (org.slf4j:slf4j-api:jar:1.7.35 -
http://www.slf4j.org) - http://www.slf4j.org/license.html
(The MIT License) slf4j v1.7.21 (org.slf4j:slf4j-simple:1.7.21 -
http://www.slf4j.org) - http://www.slf4j.org/license.html
(The MIT License) slf4j-reload4j v1.7.35
(org.slf4j:slf4j-reload4j:jar:1.7.35 - http://www.slf4j.org) -
http://www.slf4j.org/license.html
- (The MIT License) bcprov-jdk15on v1.70
(org.bouncycastle:bcprov-jdk15on:jar:1.70 -
http://www.bouncycastle.org/java.html) -
http://www.bouncycastle.org/licence.html
+ (The MIT License) bcprov-jdk18on v1.80
(org.bouncycastle:bcprov-jdk18on:jar:1.80 -
http://www.bouncycastle.org/java.html) -
http://www.bouncycastle.org/licence.html
(The MIT License) AnchorJS (https://github.com/bryanbraun/anchorjs) -
https://github.com/bryanbraun/anchorjs/blob/master/README.md#license
(The MIT License) moment-duration-format v1.3.0
(https://github.com/jsmreese/moment-duration-format) -
https://github.com/jsmreese/moment-duration-format/blob/master/LICENSE
(The MIT License) github-markdown-css 2.6.0
(https://github.com/sindresorhus/github-markdown-css) -
https://github.com/sindresorhus/github-markdown-css/blob/v2.6.0/license
@@ -283,7 +283,7 @@ The text of each license is also included at
licenses/LICENSE-[project]-[version
(The MIT License) headroom.js 0.9.3
(https://github.com/WickyNilliams/headroom.js) -
https://github.com/WickyNilliams/headroom.js/blob/master/LICENSE
(The MIT License) angular-viewport-watch 0.135
(https://github.com/wix/angular-viewport-watch) -
https://github.com/wix/angular-viewport-watch/blob/master/LICENSE
(The MIT License) ansi-up 2.0.2 (https://github.com/drudru/ansi_up) -
https://github.com/drudru/ansi_up#license
- (The MIT License) bcpkix-jdk15on 1.70
(org.bouncycastle:bcpkix-jdk15on:1.70 https://github.com/bcgit/bc-java) -
https://github.com/bcgit/bc-java/blob/master/LICENSE.html
+ (The MIT License) bcpkix-jdk18on 1.80
(org.bouncycastle:bcpkix-jdk18on:1.80 https://github.com/bcgit/bc-java) -
https://github.com/bcgit/bc-java/blob/master/LICENSE.html
(The MIT License) influxdb-client-java 1.4.0
(com.influxdb:influxdb-client-java:1.4.0
https://github.com/influxdata/influxdb-client-java) -
https://github.com/influxdata/influxdb-client-java/blob/master/LICENSE
========================================================================
diff --git a/zeppelin-plugins/launcher/docker/pom.xml
b/zeppelin-plugins/launcher/docker/pom.xml
index 47dd23af38..6928df5511 100644
--- a/zeppelin-plugins/launcher/docker/pom.xml
+++ b/zeppelin-plugins/launcher/docker/pom.xml
@@ -55,6 +55,12 @@
<artifactId>docker-client</artifactId>
<classifier>shaded</classifier>
<version>8.15.2</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
diff --git a/zeppelin-server/pom.xml b/zeppelin-server/pom.xml
index cb747ef606..0888921534 100644
--- a/zeppelin-server/pom.xml
+++ b/zeppelin-server/pom.xml
@@ -183,7 +183,7 @@
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
+ <artifactId>bcpkix-jdk18on</artifactId>
</dependency>
<dependency>
diff --git a/zeppelin-zengine/pom.xml b/zeppelin-zengine/pom.xml
index 38c904dedd..198de44d94 100644
--- a/zeppelin-zengine/pom.xml
+++ b/zeppelin-zengine/pom.xml
@@ -89,7 +89,7 @@
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
+ <artifactId>bcpkix-jdk18on</artifactId>
</dependency>
<dependency>
