This is an automated email from the ASF dual-hosted git repository.
fanjia pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/seatunnel-web.git
The following commit(s) were added to refs/heads/main by this push:
new ee671d33 [Improvement][Seatunnel-web] dom4j-1.6.1.jar has multiple
CVEs, update the versions-maven-plugin version to avoid downloading the
vulnerable version (#209)
ee671d33 is described below
commit ee671d33b7a88f16338aa269983aa95985e9d20b
Author: BilwaST <stbi...@gmail.com>
AuthorDate: Mon Sep 9 07:55:49 2024 +0530
[Improvement][Seatunnel-web] dom4j-1.6.1.jar has multiple CVEs, update the
versions-maven-plugin version to avoid downloading the vulnerable version (#209)
---
pom.xml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/pom.xml b/pom.xml
index e784d668..50cc05d6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -86,6 +86,7 @@
<flatten-maven-plugin.version>1.3.0</flatten-maven-plugin.version>
<maven-remote-resources-plugin.version>3.2.0</maven-remote-resources-plugin.version>
<maven-site-plugin.version>4.0.0-M16</maven-site-plugin.version>
+ <versions-maven-plugin.version>2.14.1</versions-maven-plugin.version>
<spring-boot.version>2.6.8</spring-boot.version>
<spring.version>5.3.20</spring.version>
@@ -1429,6 +1430,11 @@
<artifactId>maven-dependency-plugin</artifactId>
<version>${maven-dependency-plugin.version}</version>
</plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>versions-maven-plugin</artifactId>
+ <version>${versions-maven-plugin.version}</version>
+ </plugin>
<plugin>
<groupId>com.diffplug.spotless</groupId>
