symat opened a new pull request, #1957: URL: https://github.com/apache/zookeeper/pull/1957
dependency checks are failing currently on branch-3.6: ``` mvn clean package -DskipTests dependency-check:check (...) [ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.1.0:check (default-cli) on project zookeeper: [ERROR] [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '0.0': [ERROR] [ERROR] jackson-databind-2.13.2.1.jar: CVE-2022-42003(7.5), CVE-2022-42004(7.5) [ERROR] jetty-io-9.4.43.v20210629.jar: CVE-2022-2047(2.7), CVE-2022-2048(7.5) [ERROR] jetty-server-9.4.43.v20210629.jar: CVE-2022-2047(2.7), CVE-2022-2048(7.5) [ERROR] netty-transport-4.1.76.Final.jar: CVE-2022-24823(5.5) ``` In this commit I updated several third party libraries and also updated / fixed license and notice files. Because of the bouncycastle upgrade, I also had to do a very minimal code change: the `setPasssword` method on a builder was deprecated as it had a typo in the method name, and it caused compile error after the upgrade. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
