From 7522f4826d907b02edfeaad9da7247493dee0ac5 Mon Sep 17 00:00:00 2001 From: "VOPEN.XYZ" Date: Mon, 20 Jun 2022 16:42:34 +0800 Subject: [PATCH] Fix third-party lib CVEs & Upgrade core spring libs version . (2020.0) (#258) * Fix third-party lib CVEs & Upgrade core spring libs version . * Update CHANGELOG.md --- CHANGELOG.md | 1 + pom.xml | 12 ++++ spring-cloud-tencent-commons/pom.xml | 11 +--- spring-cloud-tencent-dependencies/pom.xml | 65 ++++++++++++++++++- .../loadbalancer/LoadBalancerUtils.java | 4 +- 5 files changed, 81 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 76d9a778b..123ff7d01 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,3 +2,4 @@ --- - [Feature: Add config change listener feature support](https://github.com/Tencent/spring-cloud-tencent/pull/254) +- [Upgrade: fix third-party lib CVEs & upgrade core spring libs version](https://github.com/Tencent/spring-cloud-tencent/pull/258) diff --git a/pom.xml b/pom.xml index a5613405b..214879889 100644 --- a/pom.xml +++ b/pom.xml @@ -91,6 +91,9 @@ 2020.0.5 + + 5.3.21 + 0.8.3 3.2.0 @@ -123,6 +126,15 @@ pom import + + + + org.springframework + spring-framework-bom + ${spring.framework.version} + pom + import + diff --git a/spring-cloud-tencent-commons/pom.xml b/spring-cloud-tencent-commons/pom.xml index 29398bbbc..e8de59272 100644 --- a/spring-cloud-tencent-commons/pom.xml +++ b/spring-cloud-tencent-commons/pom.xml @@ -14,9 +14,8 @@ Spring Cloud Tencent Commons - 3.2.2 - 2.5 - 2.7 + 2.6 + 2.11.0 @@ -47,12 +46,6 @@ spring-cloud-starter - - commons-collections - commons-collections - ${commons.collections.version} - - commons-lang commons-lang diff --git a/spring-cloud-tencent-dependencies/pom.xml b/spring-cloud-tencent-dependencies/pom.xml index 793b89ade..46a35f9c7 100644 --- a/spring-cloud-tencent-dependencies/pom.xml +++ b/spring-cloud-tencent-dependencies/pom.xml @@ -71,10 +71,16 @@ 1.6.0-2020.0.5 + + 1.6.1 - 1.2.7 + 1.2.11 4.5.1 1.12.10 + 2.12.7 + 3.16.1 + 1.69 + 31.0.1-jre 3.2.0 @@ -147,12 +153,69 @@ ${revision} + + + com.google.guava + guava + ${guava.version} + + + jsr305 + com.google.code.findbugs + + + animal-sniffer-annotations + org.codehaus.mojo + + + error_prone_annotations + com.google.errorprone + + + + + + ch.qos.logback + logback-core + ${logback.version} + + ch.qos.logback logback-classic ${logback.version} + + com.fasterxml.jackson.core + jackson-annotations + ${jackson.version} + + + + com.fasterxml.jackson.core + jackson-core + ${jackson.version} + + + + com.fasterxml.jackson.core + jackson-databind + ${jackson.version} + + + + com.google.protobuf + protobuf-java + ${protobuf-java.version} + + + + org.bouncycastle + bcprov-jdk15on + ${bcprov-jdk15on.version} + + org.mockito mockito-inline diff --git a/spring-cloud-tencent-polaris-loadbalancer/src/main/java/com/tencent/cloud/polaris/loadbalancer/LoadBalancerUtils.java b/spring-cloud-tencent-polaris-loadbalancer/src/main/java/com/tencent/cloud/polaris/loadbalancer/LoadBalancerUtils.java index 33f67d2b1..0a6816ba0 100644 --- a/spring-cloud-tencent-polaris-loadbalancer/src/main/java/com/tencent/cloud/polaris/loadbalancer/LoadBalancerUtils.java +++ b/spring-cloud-tencent-polaris-loadbalancer/src/main/java/com/tencent/cloud/polaris/loadbalancer/LoadBalancerUtils.java @@ -27,10 +27,10 @@ import com.tencent.polaris.api.pojo.DefaultServiceInstances; import com.tencent.polaris.api.pojo.Instance; import com.tencent.polaris.api.pojo.ServiceInstances; import com.tencent.polaris.api.pojo.ServiceKey; -import org.apache.commons.collections.CollectionUtils; import reactor.core.publisher.Flux; import org.springframework.cloud.client.ServiceInstance; +import org.springframework.util.CollectionUtils; /** * load balancer utils. @@ -54,7 +54,7 @@ public class LoadBalancerUtils { }).collect(Collectors.toList()); String serviceName = null; - if (CollectionUtils.isNotEmpty(instances)) { + if (!CollectionUtils.isEmpty(instances)) { serviceName = instances.get(0).getService(); }