This is an automated email from the ASF dual-hosted git repository.
martijnvisser pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/flink.git
The following commit(s) were added to refs/heads/master by this push:
new c28c70af5a2 [FLINK-28217] Bumps
[mysql-connector-java](https://github.com/mysql/mysql-connector-j) from 8.0.27
to 8.0.29.
c28c70af5a2 is described below
commit c28c70af5a295a487467bf2ae789735831bdd804
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Wed Jun 22 13:01:30 2022 +0000
[FLINK-28217] Bumps
[mysql-connector-java](https://github.com/mysql/mysql-connector-j) from 8.0.27
to 8.0.29.
Flink doesn't bundle this dependency but only uses it for testing. Bumping
this dependency will also address false positives for CVE-2022-21363 (direct
vulnerability) and CVE-2021-22569 (vulnerability from included dependency).
---
flink-connectors/flink-connector-jdbc/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/flink-connectors/flink-connector-jdbc/pom.xml
b/flink-connectors/flink-connector-jdbc/pom.xml
index 0a8e849a869..87361b47673 100644
--- a/flink-connectors/flink-connector-jdbc/pom.xml
+++ b/flink-connectors/flink-connector-jdbc/pom.xml
@@ -133,7 +133,7 @@ under the License.
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
- <version>8.0.27</version>
+ <version>8.0.29</version>
<scope>test</scope>
</dependency>
<dependency>
