feat(dependencies): update dependencies for security #6400
Conversation
1. Bump commons-io from 2.11.0 to 2.18.0 to fix CVE-2024-47554. 2. Bump jackson-databind from 2.13.4.2 to 2.18.3 to fix CVE-2023-35116, CVE-2025-52999. 3. Bump java-util from 1.8.0 to 3.2.0 to fix CVE-2023-34610. 4. Bump libp2p from 2.2.5 to 2.2.6. 5. Bump jetty from 9.4.53 to 9.4.57 to fix CVE-2024-8184. 6. Bump spring from 5.3.18 to 5.3.39 to fix CVE-2023-20863, CVE-2024-38820, CVE-2022-22968, CVE-2022-22970. 7. Remove spring-tx, spring-web, hamcrest-junit, guice, java-sizeof, vavr.
halibobo1205
force-pushed
the
481/update_dependencies
branch
from
414cbb3 to
44dcce3
Compare
|
|
||
| @Configuration | ||
| @EnableTransactionManagement |
There was a problem hiding this comment.
why remove EnableTransactionManagement
There was a problem hiding this comment.
The @EnableTransactionManagementExpand annotation serves no practical purpose in the Java-Tron project. Since Java-Tron uses LevelDB/RocksDB as its underlying storage engine, and LevelDB/RocksDB does not support traditional database transaction mechanisms, Spring's transaction management capabilities cannot be effectively utilized in this context.
Data consistency in Java-Tron is ensured through alternative mechanisms, primarily the Session mechanism and WriteBatch atomic operations. These mechanisms guarantee data integrity and consistency during block processing without relying on conventional transaction management frameworks.
| @@ -0,0 +1,61 @@ | |||
| /* | |||
There was a problem hiding this comment.
what InvalidMediaTypeException.java is used for?
There was a problem hiding this comment.
For spring-test, some scenarios use this class.
What does this PR do?
Why are these changes required?
Update dependencies for security.
This PR has been tested by:
Follow up
Extra details