This is an automated email from the ASF dual-hosted git repository. nfilotto pushed a commit to branch camel-3.21.x in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/camel-3.21.x by this push: new 7f6e62d0cfa CAMEL-19695: camel-google-bigquery - Bump org.json to 20230618 (#10966) 7f6e62d0cfa is described below commit 7f6e62d0cfa0c84d8d10f0411d0bd40ac466fae8 Author: Nicolas Filotto <essob...@users.noreply.github.com> AuthorDate: Wed Aug 2 16:57:35 2023 +0200 CAMEL-19695: camel-google-bigquery - Bump org.json to 20230618 (#10966) ## Motivation The component `camel-google-bigquery` indirectly depends on `org.json:json:jar:20200518:compile` which has a know CVE https://nvd.nist.gov/vuln/detail/CVE-2022-45688 that can be fixed by upgrading it to `20230227` or higher. ## Modifications: * Add `org.json:json:20230618` to the dependencyManagement section * Replace `org.json:json:20200518` with `org.json:json:20230618` in `camel-google-bigquery` --- camel-dependencies/pom.xml | 1 + components/camel-google/camel-google-bigquery/pom.xml | 8 ++++++++ parent/pom.xml | 6 ++++++ 3 files changed, 15 insertions(+) diff --git a/camel-dependencies/pom.xml b/camel-dependencies/pom.xml index faed9ef420c..2d2c15ca5c0 100644 --- a/camel-dependencies/pom.xml +++ b/camel-dependencies/pom.xml @@ -348,6 +348,7 @@ <jslt-version>0.1.11</jslt-version> <jsmpp-version>2.3.11</jsmpp-version> <json-api>1.0</json-api> + <json-org-version>20230618</json-org-version> <json-patch-version>1.13</json-patch-version> <json-path-version>2.8.0</json-path-version> <json-schema-validator-version>2.2.14</json-schema-validator-version> diff --git a/components/camel-google/camel-google-bigquery/pom.xml b/components/camel-google/camel-google-bigquery/pom.xml index 44732ecffdb..01a6fba6607 100644 --- a/components/camel-google/camel-google-bigquery/pom.xml +++ b/components/camel-google/camel-google-bigquery/pom.xml @@ -76,8 +76,16 @@ <groupId>com.google.code.findbugs</groupId> <artifactId>jsr305</artifactId> </exclusion> + <exclusion> + <groupId>org.json</groupId> + <artifactId>json</artifactId> + </exclusion> </exclusions> </dependency> + <dependency> + <groupId>org.json</groupId> + <artifactId>json</artifactId> + </dependency> <dependency> <groupId>org.apache.camel</groupId> diff --git a/parent/pom.xml b/parent/pom.xml index ad3bb7ad649..3bed363dc64 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -333,6 +333,7 @@ <jsmpp-version>2.3.11</jsmpp-version> <jsch-version>0.2.1</jsch-version> <json-api>1.0</json-api> + <json-org-version>20230618</json-org-version> <jsonassert-version>1.5.1</jsonassert-version> <json-path-version>2.8.0</json-path-version> <json-patch-version>1.13</json-patch-version> @@ -3228,6 +3229,11 @@ <artifactId>jaxp-ri</artifactId> <version>1.4.5</version> </dependency> + <dependency> + <groupId>org.json</groupId> + <artifactId>json</artifactId> + <version>${json-org-version}</version> + </dependency> <!-- logging --> <dependency>