Fix third-party lib CVEs & Upgrade core spring libs version . (2020.0) (#258)

* Fix third-party lib CVEs & Upgrade core spring libs version .

* Update CHANGELOG.md
pull/270/head
VOPEN.XYZ 2 years ago committed by GitHub
parent fc37c77ab5
commit 7522f4826d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -2,3 +2,4 @@
--- ---
- [Feature: Add config change listener feature support](https://github.com/Tencent/spring-cloud-tencent/pull/254) - [Feature: Add config change listener feature support](https://github.com/Tencent/spring-cloud-tencent/pull/254)
- [Upgrade: fix third-party lib CVEs & upgrade core spring libs version](https://github.com/Tencent/spring-cloud-tencent/pull/258)

@ -91,6 +91,9 @@
<!-- Spring Cloud --> <!-- Spring Cloud -->
<spring.cloud.version>2020.0.5</spring.cloud.version> <spring.cloud.version>2020.0.5</spring.cloud.version>
<!-- Spring Framework -->
<spring.framework.version>5.3.21</spring.framework.version>
<!-- Maven Plugin Versions --> <!-- Maven Plugin Versions -->
<jacoco.version>0.8.3</jacoco.version> <jacoco.version>0.8.3</jacoco.version>
<maven-source-plugin.version>3.2.0</maven-source-plugin.version> <maven-source-plugin.version>3.2.0</maven-source-plugin.version>
@ -123,6 +126,15 @@
<type>pom</type> <type>pom</type>
<scope>import</scope> <scope>import</scope>
</dependency> </dependency>
<!-- Spring Framework Dependencies -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>${spring.framework.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies> </dependencies>
</dependencyManagement> </dependencyManagement>

@ -14,9 +14,8 @@
<name>Spring Cloud Tencent Commons</name> <name>Spring Cloud Tencent Commons</name>
<properties> <properties>
<commons.collections.version>3.2.2</commons.collections.version> <commons.lang.version>2.6</commons.lang.version>
<commons.lang.version>2.5</commons.lang.version> <commons.io.version>2.11.0</commons.io.version>
<commons.io.version>2.7</commons.io.version>
</properties> </properties>
<dependencies> <dependencies>
@ -47,12 +46,6 @@
<artifactId>spring-cloud-starter</artifactId> <artifactId>spring-cloud-starter</artifactId>
</dependency> </dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>${commons.collections.version}</version>
</dependency>
<dependency> <dependency>
<groupId>commons-lang</groupId> <groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId> <artifactId>commons-lang</artifactId>

@ -71,10 +71,16 @@
<properties> <properties>
<revision>1.6.0-2020.0.5</revision> <revision>1.6.0-2020.0.5</revision>
<!-- Dependencies -->
<polaris.version>1.6.1</polaris.version> <polaris.version>1.6.1</polaris.version>
<logback.version>1.2.7</logback.version> <logback.version>1.2.11</logback.version>
<mocktio.version>4.5.1</mocktio.version> <mocktio.version>4.5.1</mocktio.version>
<byte-buddy.version>1.12.10</byte-buddy.version> <byte-buddy.version>1.12.10</byte-buddy.version>
<jackson.version>2.12.7</jackson.version>
<protobuf-java.version>3.16.1</protobuf-java.version>
<bcprov-jdk15on.version>1.69</bcprov-jdk15on.version>
<guava.version>31.0.1-jre</guava.version>
<!-- Maven Plugin Versions --> <!-- Maven Plugin Versions -->
<maven-source-plugin.version>3.2.0</maven-source-plugin.version> <maven-source-plugin.version>3.2.0</maven-source-plugin.version>
@ -147,12 +153,69 @@
<version>${revision}</version> <version>${revision}</version>
</dependency> </dependency>
<!-- third part framework dependencies -->
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>${guava.version}</version>
<exclusions>
<exclusion>
<artifactId>jsr305</artifactId>
<groupId>com.google.code.findbugs</groupId>
</exclusion>
<exclusion>
<artifactId>animal-sniffer-annotations</artifactId>
<groupId>org.codehaus.mojo</groupId>
</exclusion>
<exclusion>
<artifactId>error_prone_annotations</artifactId>
<groupId>com.google.errorprone</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>${logback.version}</version>
</dependency>
<dependency> <dependency>
<groupId>ch.qos.logback</groupId> <groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId> <artifactId>logback-classic</artifactId>
<version>${logback.version}</version> <version>${logback.version}</version>
</dependency> </dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.google.protobuf</groupId>
<artifactId>protobuf-java</artifactId>
<version>${protobuf-java.version}</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>${bcprov-jdk15on.version}</version>
</dependency>
<dependency> <dependency>
<groupId>org.mockito</groupId> <groupId>org.mockito</groupId>
<artifactId>mockito-inline</artifactId> <artifactId>mockito-inline</artifactId>

@ -27,10 +27,10 @@ import com.tencent.polaris.api.pojo.DefaultServiceInstances;
import com.tencent.polaris.api.pojo.Instance; import com.tencent.polaris.api.pojo.Instance;
import com.tencent.polaris.api.pojo.ServiceInstances; import com.tencent.polaris.api.pojo.ServiceInstances;
import com.tencent.polaris.api.pojo.ServiceKey; import com.tencent.polaris.api.pojo.ServiceKey;
import org.apache.commons.collections.CollectionUtils;
import reactor.core.publisher.Flux; import reactor.core.publisher.Flux;
import org.springframework.cloud.client.ServiceInstance; import org.springframework.cloud.client.ServiceInstance;
import org.springframework.util.CollectionUtils;
/** /**
* load balancer utils. * load balancer utils.
@ -54,7 +54,7 @@ public class LoadBalancerUtils {
}).collect(Collectors.toList()); }).collect(Collectors.toList());
String serviceName = null; String serviceName = null;
if (CollectionUtils.isNotEmpty(instances)) { if (!CollectionUtils.isEmpty(instances)) {
serviceName = instances.get(0).getService(); serviceName = instances.get(0).getService();
} }

Loading…
Cancel
Save