yudao
/
spring-cloud
mirror of https://gitee.com/zhijiantianya/yudao-cloud.git
3
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Pre Merge pull request !103 from Mr.xue/master

pull/103/MERGE
Mr.xue 2024-03-27 13:12:00 +00:00 committed by Gitee
parent 9c60f128ee eb6460780e
commit 492fe3fd37
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
5 changed files with 163 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
yudao-dependencies/pom.xml
View File

@ -83,6 +83,16 @@
<jimureport.version>1.6.6</jimureport.version>
<xercesImpl.version>2.12.2</xercesImpl.version>
<weixin-java.version>4.6.0</weixin-java.version>
<!--安全漏洞cve修复-->
<thymeleaf.version>3.1.2.RELEASE</thymeleaf.version>
<snappy.version>1.1.10.5</snappy.version>
<poi.version>5.2.5</poi.version>
<autopoi.version>1.4.7</autopoi.version>
<jettison.version>1.5.3</jettison.version>
<jeecg.version>3.6.2</jeecg.version>
<bcpkix.version>1.77</bcpkix.version>
<snakeyaml.version>2.2</snakeyaml.version>
<commons-compress.verion>1.26.0</commons-compress.verion>
</properties>
<dependencyManagement>
@ -108,8 +118,16 @@
<version>${spring.cloud.alibaba.version}</version>
<type>pom</type>
<scope>import</scope>
<exclusions>
<exclusion>
<artifactId>snakeyaml</artifactId>
<groupId>org.yaml</groupId>
</exclusion>
</exclusions>
</dependency>
<!-- 业务组件 -->
<dependency>
<groupId>cn.iocoder.cloud</groupId>
@ -367,11 +385,84 @@
<artifactId>spring-boot-admin-starter-server</artifactId> <!-- 实现 Spring Boot Admin Server 服务端 -->
<version>${spring-boot-admin.version}</version>
</dependency>
<!--CVE-2023-38286漏洞修复-->
<dependency>
<groupId>org.thymeleaf</groupId>
<artifactId>thymeleaf</artifactId>
<version>${thymeleaf.version}</version>
</dependency>
<dependency>
<groupId>de.codecentric</groupId>
<artifactId>spring-boot-admin-starter-client</artifactId> <!-- 实现 Spring Boot Admin Server 服务端 -->
<version>${spring-boot-admin.version}</version>
</dependency>
<!--安全漏洞CVE修复-->
<!--CVE-2023-42809 漏洞修复-->
<dependency>
<groupId>org.xerial.snappy</groupId>
<artifactId>snappy-java</artifactId>
<version>${snappy.version}</version>
</dependency>
<!--CVE-2022-26336 漏洞修复 待明确-->
<dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi-scratchpad</artifactId>
<version>${poi.version}</version>
</dependency>
<dependency>
<groupId>org.jeecgframework</groupId>
<artifactId>autopoi-parent</artifactId>
<version>${autopoi.version}</version>
<exclusions>
<exclusion>
<groupId>org.apache.poi</groupId>
<artifactId>poi-scratchpad</artifactId>
</exclusion>
</exclusions>
</dependency>
<!--CVE-2022-40149 漏洞修复 待明确-->
<dependency>
<groupId>org.codehaus.jettison</groupId>
<artifactId>jettison</artifactId>
<version>${jettison.version}</version>
</dependency>
<!--CVE-2023-1454 漏洞修复 待明确-->
<dependency>
<groupId>org.jeecgframework.boot</groupId>
<artifactId>jeecg-boot-common</artifactId>
<version>${jeecg.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<!--CVE 2023 33202漏洞修复不明确-->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk18on</artifactId>
<version>${bcpkix.version}</version>
</dependency>
<dependency>
<groupId>com.h2database</groupId> <!-- 单元测试,我们采用 H2 作为数据库 -->
<artifactId>h2</artifactId>
<version>2.2.222</version>
</dependency>
<dependency>
<groupId>com.jayway.jsonpath</groupId>
<artifactId>json-path</artifactId>
<version>2.9.0</version>
</dependency>
<!--CVE-2023-24998漏洞修复 -->
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.5</version>
</dependency>
<!-- Test 测试相关 -->
<dependency>
@ -474,7 +565,11 @@
<artifactId>easyexcel</artifactId>
<version>${easyexcel.verion}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId>
<version>${commons-compress.verion}</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
@ -658,7 +753,14 @@
<artifactId>xercesImpl</artifactId>
<version>${xercesImpl.version}</version>
</dependency>
<!--CVE-2022-38752 漏洞修复-->
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>${snakeyaml.version}</version>
<scope>compile</scope>
</dependency>
</dependencies>
</dependencyManagement>

38
yudao-framework/yudao-spring-boot-starter-env/pom.xml
View File

@ -33,8 +33,34 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
<exclusions>
<exclusion>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
</exclusion>
<exclusion>
<artifactId>logback-classic</artifactId>
<groupId>ch.qos.logback</groupId>
</exclusion>
</exclusions>
</dependency>
<!--CVE-2022-38752 漏洞修复-->
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.4.14</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>1.4.14</version>
</dependency>
<!-- Web 相关 -->
<dependency>
<groupId>org.springframework</groupId>
@ -50,7 +76,19 @@
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-loadbalancer</artifactId>
<exclusions>
<exclusion>
<artifactId>bcpkix-jdk15on</artifactId>
<groupId>org.bouncycastle</groupId>
</exclusion>
</exclusions>
</dependency>
<!--CVE-2023-33201 CVE-2023-33202 漏洞修复-->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>io.github.openfeign</groupId>
<artifactId>feign-core</artifactId>

11
yudao-framework/yudao-spring-boot-starter-rpc/pom.xml
View File

@ -27,6 +27,17 @@
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-loadbalancer</artifactId>
<exclusions>
<exclusion>
<artifactId>bcpkix-jdk15on</artifactId>
<groupId>org.bouncycastle</groupId>
</exclusion>
</exclusions>
</dependency>
<!--CVE-2023-33201 CVE-2023-33202 漏洞修复-->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk18on</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>

5
yudao-framework/yudao-spring-boot-starter-web/pom.xml
View File

@ -44,6 +44,11 @@
<artifactId>spring-security-core</artifactId>
<scope>provided</scope> <!-- 设置为 provided主要是 GlobalExceptionHandler 使用 -->
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-crypto</artifactId>
<version>6.2.1</version>
</dependency>
<dependency>
<groupId>com.github.xiaoymin</groupId> <!-- 接口文档 -->

6
yudao-module-report/yudao-module-report-biz/pom.xml
View File

@ -109,6 +109,12 @@
<groupId>org.jeecgframework.jimureport</groupId>
<artifactId>jimureport-spring-boot-starter</artifactId>
</dependency>
<!--CVE-2022-40150漏洞修复-->
<dependency>
<groupId>org.codehaus.jettison</groupId>
<artifactId>jettison</artifactId>
<version>1.5.4</version>
</dependency>
<!-- 单独依赖升级版本解决低版本validator失败问题 -->
<dependency>
<groupId>xerces</groupId>