Fix: Update Maven dependencies (#8383)

* Update Maven dependencies * Update Jetty dependency
2025-08-14 12:06:54 +00:00 · 2022-10-27 16:21:30 +02:00 · 2022-10-27 16:21:30 +02:00 · 1732d85dd6
commit 1732d85dd6
parent e277392124
4 changed files with 34 additions and 3 deletions
--- a/common/pom.xml
+++ b/common/pom.xml
@ -64,6 +64,10 @@
          <groupId>com.google.code.gson</groupId>
          <artifactId>gson</artifactId>
        </exclusion>
+        <exclusion>
+          <groupId>org.yaml</groupId>
+          <artifactId>snakeyaml</artifactId>
+        </exclusion>
      </exclusions>
    </dependency>

--- a/openmetadata-clients/openmetadata-java-client/pom.xml
+++ b/openmetadata-clients/openmetadata-java-client/pom.xml
@ -48,6 +48,12 @@
            <groupId>org.apache.oltu.oauth2</groupId>
            <artifactId>org.apache.oltu.oauth2.client</artifactId>
            <version>1.0.2</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.dataformat</groupId>
+                    <artifactId>jackson-dataformat-cbor</artifactId>
+                </exclusion>
+            </exclusions>
        </dependency>
        <!-- FEIGN DEPENDENCY-->
        <!-- Required dependency -->
@ -98,6 +104,20 @@
            <artifactId>junit</artifactId>
            <version>4.13.2</version>
        </dependency>
+
+        <!-- Avoid security issue https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369 -->
+        <dependency>
+            <groupId>org.json</groupId>
+            <artifactId>json</artifactId>
+            <version>20220924</version>
+        </dependency>
+
+        <!-- avoid security issue https://security.snyk.io/vuln/SNYK-JAVA-ORGMOZILLA-1314295 -->
+        <dependency>
+            <groupId>org.mozilla</groupId>
+            <artifactId>rhino</artifactId>
+            <version>1.7.14</version>
+        </dependency>
    </dependencies>

    <build>
--- a/openmetadata-service/pom.xml
+++ b/openmetadata-service/pom.xml
@ -367,7 +367,7 @@
    <dependency>
      <groupId>org.eclipse.jetty.websocket</groupId>
      <artifactId>websocket-server</artifactId>
-      <version>9.4.46.v20220331</version>
+      <version>9.4.49.v20220914</version>
    </dependency>
    <dependency>
      <groupId>org.springframework</groupId>
--- a/pom.xml
+++ b/pom.xml
@ -77,8 +77,8 @@
    <slf4j.version>1.7.36</slf4j.version>
    <jackson.version>2.13.4</jackson.version>
    <jackson-databind.version>2.13.4.1</jackson-databind.version>
-    <dropwizard.version>2.0.28</dropwizard.version>
-    <dropwizard-jdbi3.version>2.0.28</dropwizard-jdbi3.version>
+    <dropwizard.version>2.0.34</dropwizard.version>
+    <dropwizard-jdbi3.version>2.0.34</dropwizard-jdbi3.version>
    <jersey-bom.version>2.35</jersey-bom.version>
    <javax.ws.rs-api.version>2.1.1</javax.ws.rs-api.version>
    <!-- update from here -->
@ -505,6 +505,13 @@
        <artifactId>jackson-dataformat-cbor</artifactId>
        <version>2.13.3</version>
      </dependency>
+
+      <!-- avoid security issue https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360 -->
+      <dependency>
+        <groupId>org.yaml</groupId>
+        <artifactId>snakeyaml</artifactId>
+        <version>1.31</version>
+      </dependency>
    </dependencies>
  </dependencyManagement>