From dfcebcae16eeac77306bca95a0d00c3042e60b46 Mon Sep 17 00:00:00 2001 From: Fokko Driesprong Date: Tue, 13 Aug 2019 16:03:23 -0700 Subject: [PATCH] [SPARK-28713][BUILD][2.4] Bump checkstyle from 8.2 to 8.23 ## What changes were proposed in this pull request? Backport to `branch-2.4` of https://github.com/apache/spark/pull/25432 Fixes a vulnerability from the GitHub Security Advisory Database: _Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle_ Checkstyle prior to 8.18 loads external DTDs by default, which can potentially lead to denial of service attacks or the leaking of confidential information. https://github.com/checkstyle/checkstyle/issues/6474 Affected versions: < 8.18 ## How was this patch tested? Ran checkstyle locally. Closes #25437 from Fokko/branch-2.4. Authored-by: Fokko Driesprong Signed-off-by: Dongjoon Hyun --- pom.xml | 13 +++++++++---- project/plugins.sbt | 2 +- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/pom.xml b/pom.xml index 3005b57529ce1..789816eb25e0a 100644 --- a/pom.xml +++ b/pom.xml @@ -2550,12 +2550,17 @@ org.apache.maven.plugins maven-checkstyle-plugin - 2.17 + 3.0.0 false true - ${basedir}/src/main/java,${basedir}/src/main/scala - ${basedir}/src/test/java + + ${basedir}/src/main/java + ${basedir}/src/main/scala + + + ${basedir}/src/test/java + dev/checkstyle.xml ${basedir}/target/checkstyle-output.xml ${project.build.sourceEncoding} @@ -2565,7 +2570,7 @@ com.puppycrawl.tools checkstyle - 8.2 + 8.23 diff --git a/project/plugins.sbt b/project/plugins.sbt index ffbd417b0f145..cda4739954aaf 100644 --- a/project/plugins.sbt +++ b/project/plugins.sbt @@ -1,7 +1,7 @@ addSbtPlugin("com.etsy" % "sbt-checkstyle-plugin" % "3.1.1") // sbt-checkstyle-plugin uses an old version of checkstyle. Match it to Maven's. -libraryDependencies += "com.puppycrawl.tools" % "checkstyle" % "8.2" +libraryDependencies += "com.puppycrawl.tools" % "checkstyle" % "8.23" // checkstyle uses guava 23.0. libraryDependencies += "com.google.guava" % "guava" % "23.0"