Skip to content

Commit

Permalink
[SPARK-28713][BUILD] Bump checkstyle from 8.14 to 8.23
Browse files Browse the repository at this point in the history
## What changes were proposed in this pull request?

Fixes a vulnerability from the GitHub Security Advisory Database:

_Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle_
Checkstyle prior to 8.18 loads external DTDs by default, which can potentially lead to denial of service attacks or the leaking of confidential information.

checkstyle/checkstyle#6474

Affected versions: < 8.18

## How was this patch tested?

Ran checkstyle locally.

Closes #25432 from Fokko/SPARK-28713.

Authored-by: Fokko Driesprong <fokko@apache.org>
Signed-off-by: Dongjoon Hyun <dhyun@apple.com>
  • Loading branch information
Fokko authored and dongjoon-hyun committed Aug 13, 2019
1 parent c81da27 commit d8dd571
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion pom.xml
Expand Up @@ -2777,7 +2777,7 @@
<dependency>
<groupId>com.puppycrawl.tools</groupId>
<artifactId>checkstyle</artifactId>
<version>8.14</version>
<version>8.23</version>
</dependency>
</dependencies>
<executions>
Expand Down
2 changes: 1 addition & 1 deletion project/plugins.sbt
Expand Up @@ -18,7 +18,7 @@
addSbtPlugin("com.etsy" % "sbt-checkstyle-plugin" % "3.1.1")

// sbt-checkstyle-plugin uses an old version of checkstyle. Match it to Maven's.
libraryDependencies += "com.puppycrawl.tools" % "checkstyle" % "8.14"
libraryDependencies += "com.puppycrawl.tools" % "checkstyle" % "8.23"

// checkstyle uses guava 23.0.
libraryDependencies += "com.google.guava" % "guava" % "23.0"
Expand Down

0 comments on commit d8dd571

Please sign in to comment.