[jira] [Work logged] (HADOOP-17633) Please upgrade json-smart dependency to the latest version

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/HADOOP-17633?focusedWorklogId=582539&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-582539
 ]

ASF GitHub Bot logged work on HADOOP-17633:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 14/Apr/21 14:25
            Start Date: 14/Apr/21 14:25
    Worklog Time Spent: 10m 
      Work Description: virajjasani commented on a change in pull request #2895:
URL: https://github.com/apache/hadoop/pull/2895#discussion_r613292135



##########
File path: hadoop-project/pom.xml
##########
@@ -210,6 +210,8 @@
     <openssl-wildfly.version>1.0.7.Final</openssl-wildfly.version>
     <jsonschema2pojo.version>1.0.2</jsonschema2pojo.version>
     <woodstox.version>5.3.0</woodstox.version>
+    <json-smart.version>2.4.2</json-smart.version>
+    <nimbus-jose-jwt.version>9.8</nimbus-jose-jwt.version>

Review comment:
       That's correct, 9.8.1 seems latest. Maven repository showed highest 
usage for 9.8 and 9.8.1 is quite recent, hence I thought of using 9.8. However, 
I think we can use 9.8.1 as things look good with 9.8 so there should not be 
much difference with 9.8.1 either.
   
   Edit: Just realized 9.8 is also recent only, so I agree we should go with 
9.8.1




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 582539)
    Time Spent: 3h  (was: 2h 50m)

> Please upgrade json-smart dependency to the latest version
> ----------------------------------------------------------
>
>                 Key: HADOOP-17633
>                 URL: https://issues.apache.org/jira/browse/HADOOP-17633
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: auth, build
>    Affects Versions: 3.3.0, 3.2.1, 3.2.2, 3.4.0
>            Reporter: helen huang
>            Assignee: Viraj Jasani
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 3h
>  Remaining Estimate: 0h
>
> Please upgrade the json-smart dependency to the latest version available.
> Currently hadoop-auth is using version 2.3. Fortify scan picked up a security 
> issue with this version. Please upgrade to the latest version. 
> Thanks!
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org