dolphinscheduler
dolphinscheduler copied to clipboard
apache
[Improvement][pom]chore: update mysql dependency
Purpose of the pull request
ref: https://github.com/apache/dolphinscheduler/issues/14683
ref: https://dev.mysql.com/doc/connector-j/en/connector-j-installing-maven.html
You can link the Connector/J library to your project by adding the following dependency in your pom.xml file:
<dependency>
<groupId>com.mysql</groupId>
<artifactId>mysql-connector-j</artifactId>
<version>x.y.z</version>
</dependency>
Note For Connector/J 8.0.29 and earlier, use the following Maven coordinates:
groupId: mysql
artifactId: mysql-connector-java
now we using Connector/J 8.4.0
Brief change log
Verify this pull request
This pull request is code cleanup without any test coverage.
(or)
This pull request is already covered by existing tests, such as (please describe tests).
(or)
This change added tests and can be verified as follows:
(or)
If your pull request contain incompatible change, you should also add it to docs/docs/en/guide/upgrede/incompatible.md
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 39.79%. Comparing base (
ebcdaeb) to head (8130f2e).
:exclamation: Current head 8130f2e differs from pull request most recent head 2ad967a. Consider uploading reports for the commit 2ad967a to get more accurate results
Additional details and impacted files
@@ Coverage Diff @@
## dev #14736 +/- ##
=========================================
Coverage 39.79% 39.79%
Complexity 5044 5044
=========================================
Files 1353 1353
Lines 45619 45619
Branches 4891 4891
=========================================
Hits 18156 18156
Misses 25553 25553
Partials 1910 1910
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Dependency license check failed, and dependency +mysql-connector-java-8.0.30.jar appears, it's weird.
Kudos, SonarCloud Quality Gate passed! 
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
0.0% Duplication
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}
Kudos, SonarCloud Quality Gate passed!
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
0.0% Duplication
Quality Gate passed
Issues
1 New issue
Measures
1 Security Hotspot
0.0% Coverage on New Code
0.0% Duplication on New Code
See analysis details on SonarCloud
The link https://dev.mysql.com/doc/connector-j/8.1/en/connector-j-installing-maven.html is 404 and it seems this pr might bring incompatible problem.
The link https://dev.mysql.com/doc/connector-j/8.1/en/connector-j-installing-maven.html is 404 and it seems this pr might bring incompatible problem.
@ruanwenjun
The current 8.0.33 version also has a cve vulnerability, updated to the latest 8.4.0 version. ref link update to https://dev.mysql.com/doc/connector-j/en/connector-j-installing-maven.html
Please retry analysis of this Pull-Request directly on SonarCloud
The current version of mysql's CVE is not higher than 7 points, we do not need to upgrade it.
