From 0cf31232defac2a0cd423222d9a11b9c88fb79e4 Mon Sep 17 00:00:00 2001 From: Chris Ho Date: Sat, 9 Jul 2022 15:19:46 +0800 Subject: [PATCH] [Feature][dependencies] Bump spring-core from 5.3.12 to 5.3.19 (#10857) --- dolphinscheduler-dist/release-docs/LICENSE | 20 +++---- dolphinscheduler-dist/release-docs/NOTICE | 4 +- .../licenses/LICENSE-spring-beans.txt | 60 +++++++++++-------- .../licenses/LICENSE-spring-boot.txt | 4 +- .../licenses/LICENSE-spring-context.txt | 60 +++++++++++-------- .../licenses/LICENSE-spring-core.txt | 60 +++++++++++-------- .../licenses/LICENSE-spring-jdbc.txt | 60 +++++++++++-------- .../licenses/LICENSE-spring-tx.txt | 60 +++++++++++-------- pom.xml | 2 +- tools/dependencies/check-LICENSE.sh | 9 ++- tools/dependencies/known-dependencies.txt | 10 ++-- 11 files changed, 201 insertions(+), 148 deletions(-) diff --git a/dolphinscheduler-dist/release-docs/LICENSE b/dolphinscheduler-dist/release-docs/LICENSE index 3a221f1537..67a90d91a1 100644 --- a/dolphinscheduler-dist/release-docs/LICENSE +++ b/dolphinscheduler-dist/release-docs/LICENSE @@ -342,9 +342,9 @@ The text of each license is also included at licenses/LICENSE-[project].txt. snakeyaml 1.28: https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.28, Apache 2.0 snappy 0.2: https://mvnrepository.com/artifact/org.iq80.snappy/snappy/0.2, Apache 2.0 snappy-java 1.0.4.1: https://github.com/xerial/snappy-java, Apache 2.0 - SparseBitSet 1.2: https://mvnrepository.com/artifact/com.zaxxer/SparseBitSet, Apache 2.0 + SparseBitSet 1.2: https://mvnrepository.com/artifact/com.zaxxer/SparseBitSet/1.2, Apache 2.0 spring-aop 5.3.12: https://mvnrepository.com/artifact/org.springframework/spring-aop/5.3.12, Apache 2.0 - spring-beans 5.3.12: https://mvnrepository.com/artifact/org.springframework/spring-beans/5.3.12, Apache 2.0 + spring-beans 5.3.19: https://mvnrepository.com/artifact/org.springframework/spring-beans/5.3.19, Apache 2.0 spring-boot 2.5.6: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot/2.5.6, Apache 2.0 spring-boot-actuator 2.5.6: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-actuator/2.5.6, Apache 2.0 spring-boot-actuator-autoconfigure 2.5.6: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-actuator-autoconfigure/2.5.6, Apache 2.0 @@ -360,22 +360,22 @@ The text of each license is also included at licenses/LICENSE-[project].txt. spring-boot-starter-quartz 2.5.6: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-quartz/2.5.6, Apache 2.0 spring-boot-starter-web 2.5.6: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-web/2.5.6, Apache 2.0 spring-boot-starter-cache 2.5.6: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-cache/2.5.6, Apache 2.0 - spring-context 5.3.12: https://mvnrepository.com/artifact/org.springframework/spring-context/5.3.12, Apache 2.0 + spring-context 5.3.19: https://mvnrepository.com/artifact/org.springframework/spring-context/5.3.19, Apache 2.0 spring-context-support 5.3.12: https://mvnrepository.com/artifact/org.springframework/spring-context-support/5.3.12, Apache 2.0 - spring-core 5.3.12: https://mvnrepository.com/artifact/org.springframework/spring-core, Apache 2.0 - spring-expression 5.3.12: https://mvnrepository.com/artifact/org.springframework/spring-expression, Apache 2.0 - springfox-core 2.9.2: https://mvnrepository.com/artifact/io.springfox/springfox-core, Apache 2.0 - springfox-schema 2.9.2: https://mvnrepository.com/artifact/io.springfox/springfox-schema, Apache 2.0 - springfox-spi 2.9.2: https://mvnrepository.com/artifact/io.springfox/springfox-spi, Apache 2.0 + spring-core 5.3.19: https://mvnrepository.com/artifact/org.springframework/spring-core/5.3.19, Apache 2.0 + spring-expression 5.3.12: https://mvnrepository.com/artifact/org.springframework/spring-expression/5.3.12, Apache 2.0 + springfox-core 2.9.2: https://mvnrepository.com/artifact/io.springfox/springfox-core/2.9.2, Apache 2.0 + springfox-schema 2.9.2: https://mvnrepository.com/artifact/io.springfox/springfox-schema/2.9.2, Apache 2.0 + springfox-spi 2.9.2: https://mvnrepository.com/artifact/io.springfox/springfox-spi/2.9.2, Apache 2.0 springfox-spring-web 2.9.2: https://mvnrepository.com/artifact/io.springfox/springfox-spring-web/2.9.2, Apache 2.0 springfox-swagger2 2.9.2: https://mvnrepository.com/artifact/io.springfox/springfox-swagger2/2.9.2, Apache 2.0 springfox-swagger-common 2.9.2: https://mvnrepository.com/artifact/io.springfox/springfox-swagger-common/2.9.2, Apache 2.0 springfox-swagger-ui 2.9.2: https://mvnrepository.com/artifact/io.springfox/springfox-swagger-ui/2.9.2, Apache 2.0 spring-jcl 5.3.12: https://mvnrepository.com/artifact/org.springframework/spring-jcl/5.3.12, Apache 2.0 - spring-jdbc 5.3.12: https://mvnrepository.com/artifact/org.springframework/spring-jdbc/5.3.12, Apache 2.0 + spring-jdbc 5.3.19: https://mvnrepository.com/artifact/org.springframework/spring-jdbc/5.3.19, Apache 2.0 spring-plugin-core 1.2.0.RELEASE: https://mvnrepository.com/artifact/org.springframework.plugin/spring-plugin-core/1.2.0.RELEASE, Apache 2.0 spring-plugin-metadata 1.2.0.RELEASE: https://mvnrepository.com/artifact/org.springframework.plugin/spring-plugin-metadata/1.2.0.RELEASE, Apache 2.0 - spring-tx 5.3.12: https://mvnrepository.com/artifact/org.springframework/spring-tx/5.3.12, Apache 2.0 + spring-tx 5.3.19: https://mvnrepository.com/artifact/org.springframework/spring-tx/5.3.19, Apache 2.0 spring-web 5.3.12: https://mvnrepository.com/artifact/org.springframework/spring-web/5.3.12, Apache 2.0 spring-webmvc 5.3.12: https://mvnrepository.com/artifact/org.springframework/spring-webmvc/5.3.12, Apache 2.0 swagger-annotations 1.5.20: https://mvnrepository.com/artifact/io.swagger/swagger-annotations/1.5.20, Apache 2.0 diff --git a/dolphinscheduler-dist/release-docs/NOTICE b/dolphinscheduler-dist/release-docs/NOTICE index 340141a6b9..1411e7a78c 100644 --- a/dolphinscheduler-dist/release-docs/NOTICE +++ b/dolphinscheduler-dist/release-docs/NOTICE @@ -362,8 +362,8 @@ This product contains the Maven wrapper scripts from 'Maven Wrapper', that provi Spring Framework NOTICE ======================================================================== -Spring Framework 5.1.18.RELEASE -Copyright (c) 2002-2020 Pivotal, Inc. +Spring Framework 5.3.19 +Copyright (c) 2002-2022 Pivotal, Inc. This product is licensed to you under the Apache License, Version 2.0 (the "License"). You may not use this product except in compliance with diff --git a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-beans.txt b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-beans.txt index 3f22c9c3a8..0eb8edb063 100644 --- a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-beans.txt +++ b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-beans.txt @@ -1,6 +1,6 @@ - Apache License + Apache License Version 2.0, January 2004 - http://www.apache.org/licenses/ + https://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION @@ -192,7 +192,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, @@ -212,7 +212,7 @@ code for these subcomponents is subject to the terms and conditions of the following licenses. ->>> ASM 4.0 (org.ow2.asm:asm:4.0, org.ow2.asm:asm-commons:4.0): +>>> ASM 9.1 (org.ow2.asm:asm:9.1, org.ow2.asm:asm-commons:9.1): Copyright (c) 2000-2011 INRIA, France Telecom All rights reserved. @@ -244,36 +244,46 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -Copyright (c) 1999-2009, OW2 Consortium +Copyright (c) 1999-2009, OW2 Consortium ->>> CGLIB 3.0 (cglib:cglib:3.0): +>>> CGLIB 3.3 (cglib:cglib:3.3): Per the LICENSE file in the CGLIB JAR distribution downloaded from -http://sourceforge.net/projects/cglib/files/cglib3/3.0/cglib-3.0.jar/download, -CGLIB 3.0 is licensed under the Apache License, version 2.0, the text of which +https://github.com/cglib/cglib/releases/download/RELEASE_3_3_0/cglib-3.3.0.jar, +CGLIB 3.3 is licensed under the Apache License, version 2.0, the text of which is included above. -======================================================================= +>>> Objenesis 3.2 (org.objenesis:objenesis:3.2): -To the extent any open source subcomponents are licensed under the EPL and/or -other similar licenses that require the source code and/or modifications to -source code to be made available (as would be noted above), you may obtain a -copy of the source code corresponding to the binaries for such open source -components and modifications thereto, if any, (the "Source Files"), by -downloading the Source Files from http://www.springsource.org/download, or by -sending a request, with your name and address to: +Per the LICENSE file in the Objenesis ZIP distribution downloaded from +http://objenesis.org/download.html, Objenesis 3.2 is licensed under the +Apache License, version 2.0, the text of which is included above. - Pivotal, Inc., 875 Howard St, - San Francisco, CA 94103 - United States of America +Per the NOTICE file in the Objenesis ZIP distribution downloaded from +http://objenesis.org/download.html and corresponding to section 4d of the +Apache License, Version 2.0, in this case for Objenesis: -or email info@pivotal.io. All such requests should clearly specify: +Objenesis +Copyright 2006-2019 Joe Walnes, Henri Tremblay, Leonardo Mesquita - OPEN SOURCE FILES REQUEST - Attention General Counsel -Pivotal shall mail a copy of the Source Files to you on a CD or equivalent -physical medium. This offer to obtain a copy of the Source Files is valid for -three years from the date you acquired this Software product. \ No newline at end of file +=============================================================================== + +To the extent any open source components are licensed under the EPL and/or +other similar licenses that require the source code and/or modifications to +source code to be made available (as would be noted above), you may obtain a +copy of the source code corresponding to the binaries for such open source +components and modifications thereto, if any, (the "Source Files"), by +downloading the Source Files from https://spring.io/projects, Pivotal's website +at https://network.pivotal.io/open-source, or by sending a request, with your +name and address to: Pivotal Software, Inc., 875 Howard Street, 5th floor, San +Francisco, CA 94103, Attention: General Counsel. All such requests should +clearly specify: OPEN SOURCE FILES REQUEST, Attention General Counsel. Pivotal +can mail a copy of the Source Files to you on a CD or equivalent physical +medium. + +This offer to obtain a copy of the Source Files is valid for three years from +the date you acquired this Software product. Alternatively, the Source Files +may accompany the Software. diff --git a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-boot.txt b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-boot.txt index 82714d7648..823c1c8e98 100644 --- a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-boot.txt +++ b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-boot.txt @@ -1,7 +1,7 @@ Apache License Version 2.0, January 2004 - http://www.apache.org/licenses/ + https://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION @@ -193,7 +193,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-context.txt b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-context.txt index 3f22c9c3a8..0eb8edb063 100644 --- a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-context.txt +++ b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-context.txt @@ -1,6 +1,6 @@ - Apache License + Apache License Version 2.0, January 2004 - http://www.apache.org/licenses/ + https://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION @@ -192,7 +192,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, @@ -212,7 +212,7 @@ code for these subcomponents is subject to the terms and conditions of the following licenses. ->>> ASM 4.0 (org.ow2.asm:asm:4.0, org.ow2.asm:asm-commons:4.0): +>>> ASM 9.1 (org.ow2.asm:asm:9.1, org.ow2.asm:asm-commons:9.1): Copyright (c) 2000-2011 INRIA, France Telecom All rights reserved. @@ -244,36 +244,46 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -Copyright (c) 1999-2009, OW2 Consortium +Copyright (c) 1999-2009, OW2 Consortium ->>> CGLIB 3.0 (cglib:cglib:3.0): +>>> CGLIB 3.3 (cglib:cglib:3.3): Per the LICENSE file in the CGLIB JAR distribution downloaded from -http://sourceforge.net/projects/cglib/files/cglib3/3.0/cglib-3.0.jar/download, -CGLIB 3.0 is licensed under the Apache License, version 2.0, the text of which +https://github.com/cglib/cglib/releases/download/RELEASE_3_3_0/cglib-3.3.0.jar, +CGLIB 3.3 is licensed under the Apache License, version 2.0, the text of which is included above. -======================================================================= +>>> Objenesis 3.2 (org.objenesis:objenesis:3.2): -To the extent any open source subcomponents are licensed under the EPL and/or -other similar licenses that require the source code and/or modifications to -source code to be made available (as would be noted above), you may obtain a -copy of the source code corresponding to the binaries for such open source -components and modifications thereto, if any, (the "Source Files"), by -downloading the Source Files from http://www.springsource.org/download, or by -sending a request, with your name and address to: +Per the LICENSE file in the Objenesis ZIP distribution downloaded from +http://objenesis.org/download.html, Objenesis 3.2 is licensed under the +Apache License, version 2.0, the text of which is included above. - Pivotal, Inc., 875 Howard St, - San Francisco, CA 94103 - United States of America +Per the NOTICE file in the Objenesis ZIP distribution downloaded from +http://objenesis.org/download.html and corresponding to section 4d of the +Apache License, Version 2.0, in this case for Objenesis: -or email info@pivotal.io. All such requests should clearly specify: +Objenesis +Copyright 2006-2019 Joe Walnes, Henri Tremblay, Leonardo Mesquita - OPEN SOURCE FILES REQUEST - Attention General Counsel -Pivotal shall mail a copy of the Source Files to you on a CD or equivalent -physical medium. This offer to obtain a copy of the Source Files is valid for -three years from the date you acquired this Software product. \ No newline at end of file +=============================================================================== + +To the extent any open source components are licensed under the EPL and/or +other similar licenses that require the source code and/or modifications to +source code to be made available (as would be noted above), you may obtain a +copy of the source code corresponding to the binaries for such open source +components and modifications thereto, if any, (the "Source Files"), by +downloading the Source Files from https://spring.io/projects, Pivotal's website +at https://network.pivotal.io/open-source, or by sending a request, with your +name and address to: Pivotal Software, Inc., 875 Howard Street, 5th floor, San +Francisco, CA 94103, Attention: General Counsel. All such requests should +clearly specify: OPEN SOURCE FILES REQUEST, Attention General Counsel. Pivotal +can mail a copy of the Source Files to you on a CD or equivalent physical +medium. + +This offer to obtain a copy of the Source Files is valid for three years from +the date you acquired this Software product. Alternatively, the Source Files +may accompany the Software. diff --git a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-core.txt b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-core.txt index 3f22c9c3a8..0eb8edb063 100644 --- a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-core.txt +++ b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-core.txt @@ -1,6 +1,6 @@ - Apache License + Apache License Version 2.0, January 2004 - http://www.apache.org/licenses/ + https://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION @@ -192,7 +192,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, @@ -212,7 +212,7 @@ code for these subcomponents is subject to the terms and conditions of the following licenses. ->>> ASM 4.0 (org.ow2.asm:asm:4.0, org.ow2.asm:asm-commons:4.0): +>>> ASM 9.1 (org.ow2.asm:asm:9.1, org.ow2.asm:asm-commons:9.1): Copyright (c) 2000-2011 INRIA, France Telecom All rights reserved. @@ -244,36 +244,46 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -Copyright (c) 1999-2009, OW2 Consortium +Copyright (c) 1999-2009, OW2 Consortium ->>> CGLIB 3.0 (cglib:cglib:3.0): +>>> CGLIB 3.3 (cglib:cglib:3.3): Per the LICENSE file in the CGLIB JAR distribution downloaded from -http://sourceforge.net/projects/cglib/files/cglib3/3.0/cglib-3.0.jar/download, -CGLIB 3.0 is licensed under the Apache License, version 2.0, the text of which +https://github.com/cglib/cglib/releases/download/RELEASE_3_3_0/cglib-3.3.0.jar, +CGLIB 3.3 is licensed under the Apache License, version 2.0, the text of which is included above. -======================================================================= +>>> Objenesis 3.2 (org.objenesis:objenesis:3.2): -To the extent any open source subcomponents are licensed under the EPL and/or -other similar licenses that require the source code and/or modifications to -source code to be made available (as would be noted above), you may obtain a -copy of the source code corresponding to the binaries for such open source -components and modifications thereto, if any, (the "Source Files"), by -downloading the Source Files from http://www.springsource.org/download, or by -sending a request, with your name and address to: +Per the LICENSE file in the Objenesis ZIP distribution downloaded from +http://objenesis.org/download.html, Objenesis 3.2 is licensed under the +Apache License, version 2.0, the text of which is included above. - Pivotal, Inc., 875 Howard St, - San Francisco, CA 94103 - United States of America +Per the NOTICE file in the Objenesis ZIP distribution downloaded from +http://objenesis.org/download.html and corresponding to section 4d of the +Apache License, Version 2.0, in this case for Objenesis: -or email info@pivotal.io. All such requests should clearly specify: +Objenesis +Copyright 2006-2019 Joe Walnes, Henri Tremblay, Leonardo Mesquita - OPEN SOURCE FILES REQUEST - Attention General Counsel -Pivotal shall mail a copy of the Source Files to you on a CD or equivalent -physical medium. This offer to obtain a copy of the Source Files is valid for -three years from the date you acquired this Software product. \ No newline at end of file +=============================================================================== + +To the extent any open source components are licensed under the EPL and/or +other similar licenses that require the source code and/or modifications to +source code to be made available (as would be noted above), you may obtain a +copy of the source code corresponding to the binaries for such open source +components and modifications thereto, if any, (the "Source Files"), by +downloading the Source Files from https://spring.io/projects, Pivotal's website +at https://network.pivotal.io/open-source, or by sending a request, with your +name and address to: Pivotal Software, Inc., 875 Howard Street, 5th floor, San +Francisco, CA 94103, Attention: General Counsel. All such requests should +clearly specify: OPEN SOURCE FILES REQUEST, Attention General Counsel. Pivotal +can mail a copy of the Source Files to you on a CD or equivalent physical +medium. + +This offer to obtain a copy of the Source Files is valid for three years from +the date you acquired this Software product. Alternatively, the Source Files +may accompany the Software. diff --git a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-jdbc.txt b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-jdbc.txt index 3f22c9c3a8..0eb8edb063 100644 --- a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-jdbc.txt +++ b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-jdbc.txt @@ -1,6 +1,6 @@ - Apache License + Apache License Version 2.0, January 2004 - http://www.apache.org/licenses/ + https://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION @@ -192,7 +192,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, @@ -212,7 +212,7 @@ code for these subcomponents is subject to the terms and conditions of the following licenses. ->>> ASM 4.0 (org.ow2.asm:asm:4.0, org.ow2.asm:asm-commons:4.0): +>>> ASM 9.1 (org.ow2.asm:asm:9.1, org.ow2.asm:asm-commons:9.1): Copyright (c) 2000-2011 INRIA, France Telecom All rights reserved. @@ -244,36 +244,46 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -Copyright (c) 1999-2009, OW2 Consortium +Copyright (c) 1999-2009, OW2 Consortium ->>> CGLIB 3.0 (cglib:cglib:3.0): +>>> CGLIB 3.3 (cglib:cglib:3.3): Per the LICENSE file in the CGLIB JAR distribution downloaded from -http://sourceforge.net/projects/cglib/files/cglib3/3.0/cglib-3.0.jar/download, -CGLIB 3.0 is licensed under the Apache License, version 2.0, the text of which +https://github.com/cglib/cglib/releases/download/RELEASE_3_3_0/cglib-3.3.0.jar, +CGLIB 3.3 is licensed under the Apache License, version 2.0, the text of which is included above. -======================================================================= +>>> Objenesis 3.2 (org.objenesis:objenesis:3.2): -To the extent any open source subcomponents are licensed under the EPL and/or -other similar licenses that require the source code and/or modifications to -source code to be made available (as would be noted above), you may obtain a -copy of the source code corresponding to the binaries for such open source -components and modifications thereto, if any, (the "Source Files"), by -downloading the Source Files from http://www.springsource.org/download, or by -sending a request, with your name and address to: +Per the LICENSE file in the Objenesis ZIP distribution downloaded from +http://objenesis.org/download.html, Objenesis 3.2 is licensed under the +Apache License, version 2.0, the text of which is included above. - Pivotal, Inc., 875 Howard St, - San Francisco, CA 94103 - United States of America +Per the NOTICE file in the Objenesis ZIP distribution downloaded from +http://objenesis.org/download.html and corresponding to section 4d of the +Apache License, Version 2.0, in this case for Objenesis: -or email info@pivotal.io. All such requests should clearly specify: +Objenesis +Copyright 2006-2019 Joe Walnes, Henri Tremblay, Leonardo Mesquita - OPEN SOURCE FILES REQUEST - Attention General Counsel -Pivotal shall mail a copy of the Source Files to you on a CD or equivalent -physical medium. This offer to obtain a copy of the Source Files is valid for -three years from the date you acquired this Software product. \ No newline at end of file +=============================================================================== + +To the extent any open source components are licensed under the EPL and/or +other similar licenses that require the source code and/or modifications to +source code to be made available (as would be noted above), you may obtain a +copy of the source code corresponding to the binaries for such open source +components and modifications thereto, if any, (the "Source Files"), by +downloading the Source Files from https://spring.io/projects, Pivotal's website +at https://network.pivotal.io/open-source, or by sending a request, with your +name and address to: Pivotal Software, Inc., 875 Howard Street, 5th floor, San +Francisco, CA 94103, Attention: General Counsel. All such requests should +clearly specify: OPEN SOURCE FILES REQUEST, Attention General Counsel. Pivotal +can mail a copy of the Source Files to you on a CD or equivalent physical +medium. + +This offer to obtain a copy of the Source Files is valid for three years from +the date you acquired this Software product. Alternatively, the Source Files +may accompany the Software. diff --git a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-tx.txt b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-tx.txt index 3f22c9c3a8..0eb8edb063 100644 --- a/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-tx.txt +++ b/dolphinscheduler-dist/release-docs/licenses/LICENSE-spring-tx.txt @@ -1,6 +1,6 @@ - Apache License + Apache License Version 2.0, January 2004 - http://www.apache.org/licenses/ + https://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION @@ -192,7 +192,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, @@ -212,7 +212,7 @@ code for these subcomponents is subject to the terms and conditions of the following licenses. ->>> ASM 4.0 (org.ow2.asm:asm:4.0, org.ow2.asm:asm-commons:4.0): +>>> ASM 9.1 (org.ow2.asm:asm:9.1, org.ow2.asm:asm-commons:9.1): Copyright (c) 2000-2011 INRIA, France Telecom All rights reserved. @@ -244,36 +244,46 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -Copyright (c) 1999-2009, OW2 Consortium +Copyright (c) 1999-2009, OW2 Consortium ->>> CGLIB 3.0 (cglib:cglib:3.0): +>>> CGLIB 3.3 (cglib:cglib:3.3): Per the LICENSE file in the CGLIB JAR distribution downloaded from -http://sourceforge.net/projects/cglib/files/cglib3/3.0/cglib-3.0.jar/download, -CGLIB 3.0 is licensed under the Apache License, version 2.0, the text of which +https://github.com/cglib/cglib/releases/download/RELEASE_3_3_0/cglib-3.3.0.jar, +CGLIB 3.3 is licensed under the Apache License, version 2.0, the text of which is included above. -======================================================================= +>>> Objenesis 3.2 (org.objenesis:objenesis:3.2): -To the extent any open source subcomponents are licensed under the EPL and/or -other similar licenses that require the source code and/or modifications to -source code to be made available (as would be noted above), you may obtain a -copy of the source code corresponding to the binaries for such open source -components and modifications thereto, if any, (the "Source Files"), by -downloading the Source Files from http://www.springsource.org/download, or by -sending a request, with your name and address to: +Per the LICENSE file in the Objenesis ZIP distribution downloaded from +http://objenesis.org/download.html, Objenesis 3.2 is licensed under the +Apache License, version 2.0, the text of which is included above. - Pivotal, Inc., 875 Howard St, - San Francisco, CA 94103 - United States of America +Per the NOTICE file in the Objenesis ZIP distribution downloaded from +http://objenesis.org/download.html and corresponding to section 4d of the +Apache License, Version 2.0, in this case for Objenesis: -or email info@pivotal.io. All such requests should clearly specify: +Objenesis +Copyright 2006-2019 Joe Walnes, Henri Tremblay, Leonardo Mesquita - OPEN SOURCE FILES REQUEST - Attention General Counsel -Pivotal shall mail a copy of the Source Files to you on a CD or equivalent -physical medium. This offer to obtain a copy of the Source Files is valid for -three years from the date you acquired this Software product. \ No newline at end of file +=============================================================================== + +To the extent any open source components are licensed under the EPL and/or +other similar licenses that require the source code and/or modifications to +source code to be made available (as would be noted above), you may obtain a +copy of the source code corresponding to the binaries for such open source +components and modifications thereto, if any, (the "Source Files"), by +downloading the Source Files from https://spring.io/projects, Pivotal's website +at https://network.pivotal.io/open-source, or by sending a request, with your +name and address to: Pivotal Software, Inc., 875 Howard Street, 5th floor, San +Francisco, CA 94103, Attention: General Counsel. All such requests should +clearly specify: OPEN SOURCE FILES REQUEST, Attention General Counsel. Pivotal +can mail a copy of the Source Files to you on a CD or equivalent physical +medium. + +This offer to obtain a copy of the Source Files is valid for three years from +the date you acquired this Software product. Alternatively, the Source Files +may accompany the Software. diff --git a/pom.xml b/pom.xml index 2efa54d5df..e7c4130409 100644 --- a/pom.xml +++ b/pom.xml @@ -53,7 +53,7 @@ UTF-8 4.3.0 3.4.14 - 5.3.12 + 5.3.19 2.5.6 1.8 1.2.11 diff --git a/tools/dependencies/check-LICENSE.sh b/tools/dependencies/check-LICENSE.sh index 81f2169b4d..af1feb168b 100755 --- a/tools/dependencies/check-LICENSE.sh +++ b/tools/dependencies/check-LICENSE.sh @@ -31,9 +31,12 @@ echo '=== Distributed dependencies: ' && find dist -name "*.jar" -exec basename echo '=== Third party dependencies: ' && grep -vf self-modules.txt all-dependencies.txt | sort | uniq | tee third-party-dependencies.txt # 1. Compare the third-party dependencies with known dependencies, expect that all third-party dependencies are KNOWN -# and the exit code of the command is 0, otherwise we should add its license to LICENSE file and add the dependency to -# known-dependencies.txt. 2. Unify the `sort` behaviour: here we'll sort them again in case that the behaviour of `sort` -# command in target OS is different from what we used to sort the file `known-dependencies.txt`, i.e. "sort the two file +# and the exit code of the command is 0, otherwise we should add its license to LICENSE file +# [dolphinscheduler-dist/release-docs/LICENSE] and [dolphinscheduler-dist/release-docs/licenses/] +# and add the dependency to known-dependencies.txt. +# +# 2. Unify the `sort` behaviour: here we'll sort them again in case that the behaviour of `sort` command in +# target OS is different from what we used to sort the file `known-dependencies.txt`, i.e. "sort the two file # using the same command (and default arguments)" diff -w -B -U0 <(sort < tools/dependencies/known-dependencies.txt) <(sort < third-party-dependencies.txt) diff --git a/tools/dependencies/known-dependencies.txt b/tools/dependencies/known-dependencies.txt index 13e6aa50a5..562e55b20b 100755 --- a/tools/dependencies/known-dependencies.txt +++ b/tools/dependencies/known-dependencies.txt @@ -174,7 +174,7 @@ snappy-0.2.jar snappy-java-1.0.4.1.jar SparseBitSet-1.2.jar spring-aop-5.3.12.jar -spring-beans-5.3.12.jar +spring-beans-5.3.19.jar spring-boot-2.5.6.jar spring-boot-actuator-2.5.6.jar spring-boot-actuator-autoconfigure-2.5.6.jar @@ -190,15 +190,15 @@ spring-boot-starter-logging-2.5.6.jar spring-boot-starter-quartz-2.5.6.jar spring-boot-starter-web-2.5.6.jar spring-boot-starter-cache-2.5.6.jar -spring-context-5.3.12.jar +spring-context-5.3.19.jar spring-context-support-5.3.12.jar -spring-core-5.3.12.jar +spring-core-5.3.19.jar spring-expression-5.3.12.jar spring-jcl-5.3.12.jar -spring-jdbc-5.3.12.jar +spring-jdbc-5.3.19.jar spring-plugin-core-1.2.0.RELEASE.jar spring-plugin-metadata-1.2.0.RELEASE.jar -spring-tx-5.3.12.jar +spring-tx-5.3.19.jar spring-web-5.3.12.jar spring-webmvc-5.3.12.jar springfox-core-2.9.2.jar