From fefe90be372b1db89fe13d3eacda8e25fd14a8d0 Mon Sep 17 00:00:00 2001
From: kezhenxu94 <kezhenxu94@apache.org>
Date: Wed, 31 Aug 2022 13:47:38 +0800
Subject: [PATCH] Bump up dependencies to fix some cve (#9545)

---
 dist-material/release-docs/LICENSE | 47 +++++++++---------------------
 oap-server-bom/pom.xml             |  2 +-
 pom.xml                            |  2 +-
 3 files changed, 16 insertions(+), 35 deletions(-)

diff --git a/dist-material/release-docs/LICENSE b/dist-material/release-docs/LICENSE
index 57e815b25f..1c0f0f7e51 100755
--- a/dist-material/release-docs/LICENSE
+++ b/dist-material/release-docs/LICENSE
@@ -228,16 +228,15 @@ The text of each license is the standard Apache 2.0 license.
     https://mvnrepository.com/artifact/com.fasterxml.jackson.module/jackson-module-parameter-names/2.13.2 Apache-2.0
     https://mvnrepository.com/artifact/com.fasterxml/classmate/1.5.1 Apache-2.0
     https://mvnrepository.com/artifact/com.google.android/annotations/4.1.1.4 Apache-2.0
-    https://mvnrepository.com/artifact/com.google.api.grpc/proto-google-common-protos/2.0.1 Apache-2.0
+    https://mvnrepository.com/artifact/com.google.api.grpc/proto-google-common-protos/2.9.0 Apache-2.0
     https://mvnrepository.com/artifact/com.google.code.findbugs/jsr305/3.0.2 Apache-2.0
     https://mvnrepository.com/artifact/com.google.code.findbugs/jsr305/1.3.9 Apache-2.0
-    https://mvnrepository.com/artifact/com.google.code.gson/gson/2.8.9 Apache-2.0
     https://mvnrepository.com/artifact/com.google.code.gson/gson/2.9.0 Apache-2.0
-    https://mvnrepository.com/artifact/com.google.errorprone/error_prone_annotations/2.10.0 Apache-2.0
+    https://mvnrepository.com/artifact/com.google.errorprone/error_prone_annotations/2.14.0 Apache-2.0
     https://mvnrepository.com/artifact/com.google.errorprone/error_prone_annotations/2.11.0 Apache-2.0
     https://mvnrepository.com/artifact/com.google.flatbuffers/flatbuffers-java/1.12.0 Apache-2.0
     https://mvnrepository.com/artifact/com.google.guava/failureaccess/1.0.1 Apache-2.0
-    https://mvnrepository.com/artifact/com.google.guava/guava/31.0.1-android Apache-2.0
+    https://mvnrepository.com/artifact/com.google.guava/guava/31.1-android Apache-2.0
     https://mvnrepository.com/artifact/com.google.guava/guava/31.1-jre Apache-2.0
     https://mvnrepository.com/artifact/com.google.guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava Apache-2.0
     https://mvnrepository.com/artifact/com.google.inject/guice/4.1.0 Apache-2.0
@@ -269,41 +268,32 @@ The text of each license is the standard Apache 2.0 license.
     https://mvnrepository.com/artifact/io.etcd/jetcd-common/0.5.3 Apache-2.0
     https://mvnrepository.com/artifact/io.etcd/jetcd-core/0.5.3 Apache-2.0
     https://mvnrepository.com/artifact/io.etcd/jetcd-resolver/0.5.3 Apache-2.0
-    https://mvnrepository.com/artifact/io.grpc/grpc-api/1.46.0 Apache-2.0
-    https://mvnrepository.com/artifact/io.grpc/grpc-context/1.46.0 Apache-2.0
-    https://mvnrepository.com/artifact/io.grpc/grpc-core/1.46.0 Apache-2.0
-    https://mvnrepository.com/artifact/io.grpc/grpc-grpclb/1.46.0 Apache-2.0
-    https://mvnrepository.com/artifact/io.grpc/grpc-netty/1.46.0 Apache-2.0
-    https://mvnrepository.com/artifact/io.grpc/grpc-protobuf/1.46.0 Apache-2.0
-    https://mvnrepository.com/artifact/io.grpc/grpc-protobuf-lite/1.46.0 Apache-2.0
-    https://mvnrepository.com/artifact/io.grpc/grpc-stub/1.46.0 Apache-2.0
+    https://mvnrepository.com/artifact/io.grpc/grpc-api/1.49.0 Apache-2.0
+    https://mvnrepository.com/artifact/io.grpc/grpc-context/1.49.0 Apache-2.0
+    https://mvnrepository.com/artifact/io.grpc/grpc-core/1.49.0 Apache-2.0
+    https://mvnrepository.com/artifact/io.grpc/grpc-grpclb/1.49.0 Apache-2.0
+    https://mvnrepository.com/artifact/io.grpc/grpc-netty/1.49.0 Apache-2.0
+    https://mvnrepository.com/artifact/io.grpc/grpc-protobuf/1.49.0 Apache-2.0
+    https://mvnrepository.com/artifact/io.grpc/grpc-protobuf-lite/1.49.0 Apache-2.0
+    https://mvnrepository.com/artifact/io.grpc/grpc-stub/1.49.0 Apache-2.0
     https://mvnrepository.com/artifact/io.gsonfire/gson-fire/1.8.5 Apache-2.0
     https://mvnrepository.com/artifact/io.kubernetes/client-java/16.0.0 Apache-2.0
     https://mvnrepository.com/artifact/io.kubernetes/client-java-api/16.0.0 Apache-2.0
     https://mvnrepository.com/artifact/io.kubernetes/client-java-proto/16.0.0 Apache-2.0
     https://mvnrepository.com/artifact/io.micrometer/micrometer-core/1.8.5 Apache-2.0
     https://mvnrepository.com/artifact/io.micrometer/micrometer-core/1.8.4 Apache-2.0
-    https://mvnrepository.com/artifact/io.netty/netty-buffer/4.1.72.Final Apache-2.0
     https://mvnrepository.com/artifact/io.netty/netty-buffer/4.1.77.Final Apache-2.0
-    https://mvnrepository.com/artifact/io.netty/netty-codec/4.1.72.Final Apache-2.0
     https://mvnrepository.com/artifact/io.netty/netty-codec/4.1.77.Final Apache-2.0
     https://mvnrepository.com/artifact/io.netty/netty-codec-dns/4.1.77.Final Apache-2.0
     https://mvnrepository.com/artifact/io.netty/netty-codec-dns/4.1.76.Final Apache-2.0
     https://mvnrepository.com/artifact/io.netty/netty-codec-haproxy/4.1.77.Final Apache-2.0
     https://mvnrepository.com/artifact/io.netty/netty-codec-haproxy/4.1.76.Final Apache-2.0
-    https://mvnrepository.com/artifact/io.netty/netty-codec-http/4.1.72.Final Apache-2.0
     https://mvnrepository.com/artifact/io.netty/netty-codec-http/4.1.77.Final Apache-2.0
-    https://mvnrepository.com/artifact/io.netty/netty-codec-http2/4.1.72.Final Apache-2.0
     https://mvnrepository.com/artifact/io.netty/netty-codec-http2/4.1.77.Final Apache-2.0
-    https://mvnrepository.com/artifact/io.netty/netty-codec-socks/4.1.72.Final Apache-2.0
     https://mvnrepository.com/artifact/io.netty/netty-codec-socks/4.1.77.Final Apache-2.0
-    https://mvnrepository.com/artifact/io.netty/netty-common/4.1.72.Final Apache-2.0
     https://mvnrepository.com/artifact/io.netty/netty-common/4.1.77.Final Apache-2.0
-    https://mvnrepository.com/artifact/io.netty/netty-handler/4.1.72.Final Apache-2.0
     https://mvnrepository.com/artifact/io.netty/netty-handler/4.1.77.Final Apache-2.0
-    https://mvnrepository.com/artifact/io.netty/netty-handler-proxy/4.1.72.Final Apache-2.0
     https://mvnrepository.com/artifact/io.netty/netty-handler-proxy/4.1.77.Final Apache-2.0
-    https://mvnrepository.com/artifact/io.netty/netty-resolver/4.1.72.Final Apache-2.0
     https://mvnrepository.com/artifact/io.netty/netty-resolver/4.1.77.Final Apache-2.0
     https://mvnrepository.com/artifact/io.netty/netty-resolver-dns/4.1.77.Final Apache-2.0
     https://mvnrepository.com/artifact/io.netty/netty-resolver-dns/4.1.76.Final Apache-2.0
@@ -314,7 +304,6 @@ The text of each license is the standard Apache 2.0 license.
     https://mvnrepository.com/artifact/io.netty/netty-tcnative-boringssl-static/2.0.52.Final Apache-2.0
     https://mvnrepository.com/artifact/io.netty/netty-tcnative-boringssl-static/2.0.51.Final Apache-2.0
     https://mvnrepository.com/artifact/io.netty/netty-tcnative-classes/2.0.52.Final Apache-2.0
-    https://mvnrepository.com/artifact/io.netty/netty-transport/4.1.72.Final Apache-2.0
     https://mvnrepository.com/artifact/io.netty/netty-transport/4.1.77.Final Apache-2.0
     https://mvnrepository.com/artifact/io.netty/netty-transport-classes-epoll/4.1.77.Final Apache-2.0
     https://mvnrepository.com/artifact/io.netty/netty-transport-classes-epoll/4.1.76.Final Apache-2.0
@@ -441,7 +430,7 @@ The following components are provided under the BSD-2-Clause License. See projec
 The text of each license is also included in licenses/LICENSE-[project].txt.
 
     https://mvnrepository.com/artifact/com.github.luben/zstd-jni/1.4.3-1 BSD-2-Clause
-    https://mvnrepository.com/artifact/org.postgresql/postgresql/42.3.3 BSD-2-Clause
+    https://mvnrepository.com/artifact/org.postgresql/postgresql/42.4.1 BSD-2-Clause
 
 ========================================================================
 BSD-3-Clause licenses
@@ -452,7 +441,7 @@ The text of each license is also included in licenses/LICENSE-[project].txt.
     https://npmjs.com/package/@intlify/message-compiler/node_modules/source-map/v/0.6.1 0.6.1 BSD-3-Clause
     https://npmjs.com/package/@vue/compiler-core/node_modules/source-map/v/0.6.1 0.6.1 BSD-3-Clause
     https://npmjs.com/package/@vue/compiler-sfc/node_modules/source-map/v/0.6.1 0.6.1 BSD-3-Clause
-    https://mvnrepository.com/artifact/com.google.protobuf/protobuf-java/3.19.2 BSD-3-Clause
+    https://mvnrepository.com/artifact/com.google.protobuf/protobuf-java/3.21.1 BSD-3-Clause
     https://mvnrepository.com/artifact/com.google.protobuf/protobuf-java/3.19.4 BSD-3-Clause
     https://mvnrepository.com/artifact/com.google.protobuf/protobuf-java-util/3.19.4 BSD-3-Clause
     https://npmjs.com/package/d3-collection/v/1.0.7 1.0.7 BSD-3-Clause
@@ -508,14 +497,6 @@ The text of each license is also included in licenses/LICENSE-[project].txt.
 
     https://mvnrepository.com/artifact/jakarta.annotation/jakarta.annotation-api/1.3.5 EPL-2.0 and GPL-2.0
 
-========================================================================
-GPL-2.0-with-classpath-exception and MIT licenses
-========================================================================
-The following components are provided under the GPL-2.0-with-classpath-exception and MIT License. See project link for details.
-The text of each license is also included in licenses/LICENSE-[project].txt.
-
-    https://mvnrepository.com/artifact/org.checkerframework/checker-compat-qual/2.5.5 GPL-2.0-with-classpath-exception and MIT
-
 ========================================================================
 ISC licenses
 ========================================================================
@@ -639,7 +620,7 @@ The text of each license is also included in licenses/LICENSE-[project].txt.
     https://mvnrepository.com/artifact/org.bouncycastle/bcutil-jdk18on/1.71 MIT
     https://mvnrepository.com/artifact/org.checkerframework/checker-qual/3.12.0 MIT
     https://mvnrepository.com/artifact/org.checkerframework/checker-qual/3.5.0 MIT
-    https://mvnrepository.com/artifact/org.codehaus.mojo/animal-sniffer-annotations/1.19 MIT
+    https://mvnrepository.com/artifact/org.codehaus.mojo/animal-sniffer-annotations/1.21 MIT
     https://npmjs.com/package/pinia/v/2.0.9 2.0.9 MIT
     https://npmjs.com/package/pinia/node_modules/vue-demi/v/0.12.1 0.12.1 MIT
     https://npmjs.com/package/postcss/v/8.4.16 8.4.16 MIT
diff --git a/oap-server-bom/pom.xml b/oap-server-bom/pom.xml
index 636379130d..6c0e522e21 100644
--- a/oap-server-bom/pom.xml
+++ b/oap-server-bom/pom.xml
@@ -68,7 +68,7 @@
         <mvel.version>2.4.8.Final</mvel.version>
         <commons-beanutils.version>1.9.4</commons-beanutils.version>
         <flatbuffers-java.version>1.12.0</flatbuffers-java.version>
-        <postgresql.version>42.3.3</postgresql.version>
+        <postgresql.version>42.4.1</postgresql.version>
         <jetcd.version>0.5.3</jetcd.version>
         <testcontainers.version>1.15.3</testcontainers.version>
         <armeria.version>1.16.0</armeria.version>
diff --git a/pom.xml b/pom.xml
index 0f5ca52c00..00c8fdc987 100755
--- a/pom.xml
+++ b/pom.xml
@@ -155,7 +155,7 @@
         <lombok.version>1.18.22</lombok.version>
 
         <!-- core lib dependency -->
-        <grpc.version>1.46.0</grpc.version>
+        <grpc.version>1.49.0</grpc.version>
         <netty.version>4.1.77.Final</netty.version>
         <netty-tcnative-boringssl-static.version>2.0.52.Final</netty-tcnative-boringssl-static.version>
         <gson.version>2.9.0</gson.version>
-- 
GitLab