This is an automated email from the ASF dual-hosted git repository. martijnvisser pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/flink.git
The following commit(s) were added to refs/heads/master by this push: new c28c70af5a2 [FLINK-28217] Bumps [mysql-connector-java](https://github.com/mysql/mysql-connector-j) from 8.0.27 to 8.0.29. c28c70af5a2 is described below commit c28c70af5a295a487467bf2ae789735831bdd804 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> AuthorDate: Wed Jun 22 13:01:30 2022 +0000 [FLINK-28217] Bumps [mysql-connector-java](https://github.com/mysql/mysql-connector-j) from 8.0.27 to 8.0.29. Flink doesn't bundle this dependency but only uses it for testing. Bumping this dependency will also address false positives for CVE-2022-21363 (direct vulnerability) and CVE-2021-22569 (vulnerability from included dependency). --- flink-connectors/flink-connector-jdbc/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flink-connectors/flink-connector-jdbc/pom.xml b/flink-connectors/flink-connector-jdbc/pom.xml index 0a8e849a869..87361b47673 100644 --- a/flink-connectors/flink-connector-jdbc/pom.xml +++ b/flink-connectors/flink-connector-jdbc/pom.xml @@ -133,7 +133,7 @@ under the License. <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> - <version>8.0.27</version> + <version>8.0.29</version> <scope>test</scope> </dependency> <dependency>