#26: Fix CVE-2023-4043 in test dependency org.eclipse.parsson:parsson

exasol · Nov 21, 2023 · 2180e23 · 2180e23
1 parent 6873975
commit 2180e23
Show file tree

Hide file tree

Showing 9 changed files with 107 additions and 61 deletions.
diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml
diff --git a/.github/workflows/release_droid_prepare_original_checksum.yml b/.github/workflows/release_droid_prepare_original_checksum.yml
diff --git a/.project-keeper.yml b/.project-keeper.yml
@@ -6,6 +6,8 @@ sources:
       - integration_tests
 linkReplacements:
   - https://www.microsoft.com/en-us/sql-server/sql-server-2017|https://www.microsoft.com/en-us/sql-server
-excludes:
-  - "E-PK-CORE-18: Outdated content: '.github/workflows/ci-build.yml'"
-  - "E-PK-CORE-18: Outdated content: '.github/workflows/release_droid_prepare_original_checksum.yml'"
+build:
+  runnerOs: ubuntu-20.04
+  exasolDbVersions:
+    - "7.1.24"
+    - "8.23.1"
diff --git a/dependencies.md b/dependencies.md
diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md
diff --git a/doc/changes/changes_2.1.2.md b/doc/changes/changes_2.1.2.md
@@ -0,0 +1,35 @@
+# Virtual Schema for SQLServer 2.1.2, released 2023-11-21
+
+Code name: Fix CVE-2023-4043 in test dependency `org.eclipse.parsson:parsson`
+
+## Summary
+
+This release fixes vulnerability CVE-2023-4043 in test dependency `org.eclipse.parsson:parsson`.
+
+## Security
+
+* #114: Fixed CVE-2023-4043 in test dependency `org.eclipse.parsson:parsson`
+
+## Dependency Updates
+
+### Test Dependency Updates
+
+* Updated `com.exasol:exasol-testcontainers:6.6.2` to `6.6.3`
+* Updated `com.exasol:hamcrest-resultset-matcher:1.6.1` to `1.6.3`
+* Updated `com.exasol:test-db-builder-java:3.5.1` to `3.5.2`
+* Updated `com.microsoft.sqlserver:mssql-jdbc:11.2.1.jre8` to `12.4.2.jre8`
+* Updated `org.junit.jupiter:junit-jupiter:5.10.0` to `5.10.1`
+* Updated `org.mockito:mockito-junit-jupiter:5.6.0` to `5.7.0`
+* Updated `org.testcontainers:junit-jupiter:1.19.1` to `1.19.2`
+* Updated `org.testcontainers:mssqlserver:1.19.1` to `1.19.2`
+
+### Plugin Dependency Updates
+
+* Updated `com.exasol:error-code-crawler-maven-plugin:1.3.0` to `1.3.1`
+* Updated `com.exasol:project-keeper-maven-plugin:2.9.12` to `2.9.16`
+* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.4.0` to `3.4.1`
+* Updated `org.apache.maven.plugins:maven-failsafe-plugin:3.1.2` to `3.2.2`
+* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.1.2` to `3.2.2`
+* Updated `org.codehaus.mojo:versions-maven-plugin:2.16.0` to `2.16.1`
+* Updated `org.jacoco:jacoco-maven-plugin:0.8.10` to `0.8.11`
+* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184` to `3.10.0.2594`
diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom
diff --git a/pom.xml b/pom.xml
@@ -2,30 +2,14 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <artifactId>sqlserver-virtual-schema</artifactId>
-    <version>2.1.1</version>
+    <version>2.1.2</version>
     <name>Virtual Schema for SQLServer</name>
     <description>Abstraction layer that makes an external Microsoft SQL Server database accessible from an Exasol database through regular SQL commands</description>
     <url>https://github.com/exasol/sqlserver-virtual-schema/</url>
     <properties>
         <vscjdbc.version>11.0.2</vscjdbc.version>
-        <org.testcontainers.version>1.19.1</org.testcontainers.version>
+        <org.testcontainers.version>1.19.2</org.testcontainers.version>
     </properties>
-    <repositories>
-        <repository>
-            <id>maven.exasol.com</id>
-            <url>https://maven.exasol.com/artifactory/exasol-releases</url>
-            <snapshots>
-                <enabled>false</enabled>
-            </snapshots>
-        </repository>
-        <repository>
-            <id>maven.exasol.com-snapshots</id>
-            <url>https://maven.exasol.com/artifactory/exasol-snapshots</url>
-            <snapshots>
-                <enabled>true</enabled>
-            </snapshots>
-        </repository>
-    </repositories>
     <dependencies>
         <dependency>
             <groupId>com.exasol</groupId>
@@ -59,20 +43,20 @@
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter</artifactId>
-            <version>5.10.0</version>
+            <version>5.10.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-junit-jupiter</artifactId>
-            <version>5.6.0</version>
+            <version>5.7.0</version>
             <scope>test</scope>
         </dependency>
         <!--Integration test dependencies -->
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>exasol-testcontainers</artifactId>
-            <version>6.6.2</version>
+            <version>6.6.3</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -84,7 +68,7 @@
         <dependency>
             <groupId>com.microsoft.sqlserver</groupId>
             <artifactId>mssql-jdbc</artifactId>
-            <version>11.2.1.jre8</version>
+            <version>12.4.2.jre8</version>
             <!-- COS loader in Exasol 7.1 requires a JRE 8 compatible JDBC driver. -->
             <scope>test</scope>
         </dependency>
@@ -97,13 +81,13 @@
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>test-db-builder-java</artifactId>
-            <version>3.5.1</version>
+            <version>3.5.2</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>hamcrest-resultset-matcher</artifactId>
-            <version>1.6.1</version>
+            <version>1.6.3</version>
             <scope>test</scope>
         </dependency>
     </dependencies>
@@ -135,7 +119,7 @@
             <plugin>
                 <groupId>com.exasol</groupId>
                 <artifactId>project-keeper-maven-plugin</artifactId>
-                <version>2.9.12</version>
+                <version>2.9.16</version>
                 <executions>
                     <execution>
                         <goals>
@@ -168,7 +152,7 @@
     <parent>
         <artifactId>sqlserver-virtual-schema-generated-parent</artifactId>
         <groupId>com.exasol</groupId>
-        <version>2.1.1</version>
+        <version>2.1.2</version>
         <relativePath>pk_generated_parent.pom</relativePath>
     </parent>
 </project>