flink-tutorial

flink-tutorial copied to clipboard

Bumps [elasticsearch](https://github.com/elastic/elasticsearch) from 7.9.1 to 7.14.0. Release notes Sourced from elasticsearch's releases. Elasticsearch 7.14.0 Downloads: https://elastic.co/downloads/elasticsearch Release notes: https://www.elastic.co/guide/en/elasticsearch/reference/7.14/release-notes-7.14.0.html Elasticsearch 7.13.4 Downloads: https://elastic.co/downloads/elasticsearch Release notes: https://www.elastic.co/guide/en/elasticsearch/reference/7.13/release-notes-7.13.4.html Elasticsearch 7.13.3 Downloads: https://elastic.co/downloads/elasticsearch...

dependabot[bot]

Bumps [elasticsearch](https://github.com/elastic/elasticsearch) from 7.9.1 to 7.14.0. Release notes Sourced from elasticsearch's releases. Elasticsearch 7.14.0 Downloads: https://elastic.co/downloads/elasticsearch Release notes: https://www.elastic.co/guide/en/elasticsearch/reference/7.14/release-notes-7.14.0.html Elasticsearch 7.13.4 Downloads: https://elastic.co/downloads/elasticsearch Release notes: https://www.elastic.co/guide/en/elasticsearch/reference/7.13/release-notes-7.13.4.html Elasticsearch 7.13.3 Downloads: https://elastic.co/downloads/elasticsearch...

dependabot[bot]

Bumps [elasticsearch](https://github.com/elastic/elasticsearch) from 7.9.1 to 7.14.0. Release notes Sourced from elasticsearch's releases. Elasticsearch 7.14.0 Downloads: https://elastic.co/downloads/elasticsearch Release notes: https://www.elastic.co/guide/en/elasticsearch/reference/7.14/release-notes-7.14.0.html Elasticsearch 7.13.4 Downloads: https://elastic.co/downloads/elasticsearch Release notes: https://www.elastic.co/guide/en/elasticsearch/reference/7.13/release-notes-7.13.4.html Elasticsearch 7.13.3 Downloads: https://elastic.co/downloads/elasticsearch...

dependabot[bot]

Bumps hadoop-common from 3.2.0 to 3.2.4. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...

dependabot[bot]

Bumps hadoop-common from 3.2.1 to 3.2.4. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...

dependabot[bot]

Bumps [mysql-connector-java](https://github.com/mysql/mysql-connector-j) from 8.0.21 to 8.0.28. Changelog Sourced from mysql-connector-java's changelog. Changelog https://dev.mysql.com/doc/relnotes/connector-j/8.0/en/ Version 8.0.29 Fix for Bug#21978230, COMMENT PARSING NOT PROPER IN PREPSTMT.EXECUTEBATCH(). Fix for Bug#81468 (23312764), MySQL server...

dependabot[bot]

Bumps [mysql-connector-java](https://github.com/mysql/mysql-connector-j) from 8.0.21 to 8.0.28. Changelog Sourced from mysql-connector-java's changelog. Changelog https://dev.mysql.com/doc/relnotes/connector-j/8.0/en/ Version 8.0.29 Fix for Bug#21978230, COMMENT PARSING NOT PROPER IN PREPSTMT.EXECUTEBATCH(). Fix for Bug#81468 (23312764), MySQL server...

dependabot[bot]

Bumps [mysql-connector-java](https://github.com/mysql/mysql-connector-j) from 8.0.21 to 8.0.28. Changelog Sourced from mysql-connector-java's changelog. Changelog https://dev.mysql.com/doc/relnotes/connector-j/8.0/en/ Version 8.0.29 Fix for Bug#21978230, COMMENT PARSING NOT PROPER IN PREPSTMT.EXECUTEBATCH(). Fix for Bug#81468 (23312764), MySQL server...

dependabot[bot]

项目引用了com.fasterxml.jackson.core:jackson-databind等276个开源组件，存在77个漏洞，建议升级

1

大佬，你好，我是@abbykimi，我IDE运行您这个项目的时候，提示有几个漏洞，项目调用了com.fasterxml.jackson.core:jackson-databind等276个开源组件，存在77个安全漏洞，建议你升级下。 ``` 漏洞标题：FasterXML jackson-databind 代码问题漏洞 漏洞编号：CVE-2020-8840 漏洞描述： FasterXML Jackson是美国FasterXML公司的一款适用于Java的数据处理工具。jackson-databind是其中的一个具有数据绑定功能的组件。FasterXML jackson-databind 2.0.0版本至2.9.10.2版本中存在代码问题漏洞，该漏洞源于程序缺少xbean-reflect/JNDI黑名单类。攻击者可利用该漏洞执行代码。 国家漏洞库信息：https://www.cnvd.org.cn/flaw/show/CNVD-2020-13183 影响范围：[2.9.0, 2.9.10.3) 最小修复版本：2.9.10.3 引入路径： com.atguigu:[email protected]>org.apache.kafka:[email protected]>com.fasterxml.jackson.core:[email protected] ``` 另外76个漏洞 ，信息有点多我就不贴了，你自己看下完整报告：https://www.mfsec.cn/jr?p=ib236e 如果你对这个issues有任何疑问可以回复我哈( @abbykimi )，我会及时回复你的。

ghost

Bumps log4j-core from 2.12.1 to 2.16.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...

dependabot[bot]