From 969b0084bfa06f4f67e4ab399312cf64b1f46715 Mon Sep 17 00:00:00 2001 From: Qiang Zhao Date: Tue, 29 Aug 2023 19:15:03 +0800 Subject: [PATCH] [fix][misc] Bump GRPC version to 1.55.3 to fix CVE (#21057) (cherry picked from commit 6ff83b6f8ab34bcb9045a2c249c8b14608dd965d) --- .../server/src/assemble/LICENSE.bin.txt | 36 +++++++++---------- pom.xml | 4 +-- pulsar-sql/presto-distribution/LICENSE | 20 +++++------ 3 files changed, 30 insertions(+), 30 deletions(-) diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index b901ab7ba37a6..346d12688fcb9 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -322,7 +322,7 @@ The Apache Software License, Version 2.0 - com.fasterxml.jackson.module-jackson-module-jsonSchema-2.14.2.jar * Caffeine -- com.github.ben-manes.caffeine-caffeine-2.9.1.jar * Conscrypt -- org.conscrypt-conscrypt-openjdk-uber-2.5.2.jar - * Proto Google Common Protos -- com.google.api.grpc-proto-google-common-protos-2.0.1.jar + * Proto Google Common Protos -- com.google.api.grpc-proto-google-common-protos-2.9.0.jar * Bitbucket -- org.bitbucket.b_c-jose4j-0.9.3.jar * Gson - com.google.code.gson-gson-2.8.9.jar @@ -465,24 +465,24 @@ The Apache Software License, Version 2.0 - org.jetbrains.kotlin-kotlin-stdlib-jdk8-1.6.0.jar - org.jetbrains-annotations-13.0.jar * gRPC - - io.grpc-grpc-all-1.45.1.jar - - io.grpc-grpc-auth-1.45.1.jar - - io.grpc-grpc-context-1.45.1.jar - - io.grpc-grpc-core-1.45.1.jar - - io.grpc-grpc-netty-1.45.1.jar - - io.grpc-grpc-protobuf-1.45.1.jar - - io.grpc-grpc-protobuf-lite-1.45.1.jar - - io.grpc-grpc-stub-1.45.1.jar - - io.grpc-grpc-alts-1.45.1.jar - - io.grpc-grpc-api-1.45.1.jar - - io.grpc-grpc-grpclb-1.45.1.jar - - io.grpc-grpc-netty-shaded-1.45.1.jar - - io.grpc-grpc-services-1.45.1.jar - - io.grpc-grpc-xds-1.45.1.jar - - io.grpc-grpc-rls-1.45.1.jar + - io.grpc-grpc-all-1.55.3.jar + - io.grpc-grpc-auth-1.55.3.jar + - io.grpc-grpc-context-1.55.3.jar + - io.grpc-grpc-core-1.55.3.jar + - io.grpc-grpc-netty-1.55.3.jar + - io.grpc-grpc-protobuf-1.55.3.jar + - io.grpc-grpc-protobuf-lite-1.55.3.jar + - io.grpc-grpc-stub-1.55.3.jar + - io.grpc-grpc-alts-1.55.3.jar + - io.grpc-grpc-api-1.55.3.jar + - io.grpc-grpc-grpclb-1.55.3.jar + - io.grpc-grpc-netty-shaded-1.55.3.jar + - io.grpc-grpc-services-1.55.3.jar + - io.grpc-grpc-xds-1.55.3.jar + - io.grpc-grpc-rls-1.55.3.jar - com.google.auto.service-auto-service-annotations-1.0.jar * Perfmark - - io.perfmark-perfmark-api-0.19.0.jar + - io.perfmark-perfmark-api-0.26.0.jar * OpenCensus - io.opencensus-opencensus-api-0.28.0.jar - io.opencensus-opencensus-contrib-http-util-0.28.0.jar @@ -532,7 +532,7 @@ The Apache Software License, Version 2.0 - com.google.http-client-google-http-client-gson-1.41.0.jar - com.google.http-client-google-http-client-1.41.0.jar - com.google.auto.value-auto-value-annotations-1.9.jar - - com.google.re2j-re2j-1.5.jar + - com.google.re2j-re2j-1.6.jar * Jetcd - io.etcd-jetcd-common-0.5.11.jar - io.etcd-jetcd-core-0.5.11.jar diff --git a/pom.xml b/pom.xml index ea260e59184c6..84ec4cf033390 100644 --- a/pom.xml +++ b/pom.xml @@ -131,9 +131,9 @@ flexible messaging model and an intuitive client API. 0.5.0 3.19.6 ${protobuf3.version} - 1.45.1 + 1.55.3 1.41.0 - 0.19.0 + 0.26.0 ${grpc.version} 2.8.9 1.2.1 diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE index e9ea054dc534c..7b9e3ec1e1b69 100644 --- a/pulsar-sql/presto-distribution/LICENSE +++ b/pulsar-sql/presto-distribution/LICENSE @@ -258,14 +258,14 @@ The Apache Software License, Version 2.0 - netty-transport-native-unix-common-4.1.93.Final-linux-x86_64.jar - netty-codec-http2-4.1.93.Final.jar * GRPC - - grpc-api-1.45.1.jar - - grpc-context-1.45.1.jar - - grpc-core-1.45.1.jar - - grpc-grpclb-1.45.1.jar - - grpc-netty-1.45.1.jar - - grpc-protobuf-1.45.1.jar - - grpc-protobuf-lite-1.45.1.jar - - grpc-stub-1.45.1.jar + - grpc-api-1.55.3.jar + - grpc-context-1.55.3.jar + - grpc-core-1.55.3.jar + - grpc-grpclb-1.55.3.jar + - grpc-netty-1.55.3.jar + - grpc-protobuf-1.55.3.jar + - grpc-protobuf-lite-1.55.3.jar + - grpc-stub-1.55.3.jar * JEtcd - jetcd-common-0.5.11.jar - jetcd-core-0.5.11.jar @@ -477,7 +477,7 @@ The Apache Software License, Version 2.0 * Swagger - swagger-annotations-1.6.10.jar * Perfmark - - perfmark-api-0.19.0.jar + - perfmark-api-0.26.0.jar * Annotations - auto-service-annotations-1.0.jar @@ -485,7 +485,7 @@ Protocol Buffers License * Protocol Buffers - protobuf-java-3.19.6.jar - protobuf-java-util-3.19.6.jar - - proto-google-common-protos-2.0.1.jar + - proto-google-common-protos-2.9.0.jar BSD 3-clause "New" or "Revised" License * RE2J TD -- re2j-td-1.4.jar