chore(versions): bump versions (#7358)

build.gradle

@@ -10,7 +10,7 @@ buildscript {
   ext.graphQLJavaVersion = '19.0'
   ext.testContainersVersion = '1.17.4'
   ext.elasticsearchVersion = '7.10.2'
-  ext.jacksonVersion = '2.13.4'
+  ext.jacksonVersion = '2.13.5'
   ext.jettyVersion = '9.4.46.v20220331'
   ext.playVersion = '2.8.18'
   ext.log4jVersion = '2.19.0'
@@ -109,7 +109,7 @@ project.ext.externalDependency = [
     'jacksonJDK8': "com.fasterxml.jackson.datatype:jackson-datatype-jdk8:$jacksonVersion",
     'jacksonDataPropertyFormat': "com.fasterxml.jackson.dataformat:jackson-dataformat-properties:$jacksonVersion",
     'jacksonCore': "com.fasterxml.jackson.core:jackson-core:$jacksonVersion",
-    'jacksonDataBind': "com.fasterxml.jackson.core:jackson-databind:$jacksonVersion.2",
+    'jacksonDataBind': "com.fasterxml.jackson.core:jackson-databind:$jacksonVersion",
     'jacksonDataFormatYaml': "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:$jacksonVersion",
     'woodstoxCore': 'com.fasterxml.woodstox:woodstox-core:6.4.0',
     'javatuples': 'org.javatuples:javatuples:1.2',
@@ -250,7 +250,7 @@ subprojects {
         implementation('org.apache.commons:commons-compress:1.21')
         implementation('org.apache.velocity:velocity-engine-core:2.3')
         implementation('org.hibernate:hibernate-validator:6.0.20.Final')
-        implementation("com.fasterxml.jackson.core:jackson-databind:$jacksonVersion.2")
+        implementation("com.fasterxml.jackson.core:jackson-databind:$jacksonVersion")
         implementation("com.fasterxml.jackson.core:jackson-dataformat-cbor:$jacksonVersion")
       }
     }

buildSrc/build.gradle

@@ -10,7 +10,7 @@ dependencies {
     exclude group: 'com.google.guava', module: 'guava'
   }
   compile 'com.google.guava:guava:27.0.1-jre'
-  compile 'com.fasterxml.jackson.core:jackson-databind:2.13.4.2'
+  compile 'com.fasterxml.jackson.core:jackson-databind:2.13.5'
-  compile 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.4'
+  compile 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.5'
   compile 'commons-io:commons-io:2.11.0'
 }

datahub-upgrade/build.gradle

@@ -27,6 +27,15 @@ dependencies {
     implementation(externalDependency.hadoopCommon3) {
       because("previous versions are vulnerable to CVE-2021-37404")
     }
+    implementation(externalDependency.snakeYaml) {
+      because("previous versions are vulnerable to CVE-2022-25857")
+    }
+    implementation(externalDependency.woodstoxCore) {
+      because("previous versions are vulnerable to CVE-2022-40151-2")
+    }
+    implementation(externalDependency.jettison) {
+      because("previous versions are vulnerable")
+    }
   }
 
   implementation externalDependency.slf4jApi

docker/kafka-setup/Dockerfile

@@ -1,17 +1,23 @@
 # Using as a base image because to get the needed jars for confluent utils
-FROM confluentinc/cp-base-new:6.1.4 as confluent_base
+FROM confluentinc/cp-base-new@sha256:ac4e0f9bcaecdab728740529f37452231fa40760fcf561759fc3b219f46d2cc9 as confluent_base
+
+ARG MAVEN_REPO="https://repo1.maven.org/maven2"
+ARG SNAKEYAML_VERSION="1.33"
+
+RUN rm /usr/share/java/cp-base-new/snakeyaml-*.jar \
+    && wget -P /usr/share/java/cp-base-new $MAVEN_REPO/org/yaml/snakeyaml/$SNAKEYAML_VERSION/snakeyaml-$SNAKEYAML_VERSION.jar
 
 # Based on https://github.com/blacktop's alpine kafka build
 FROM python:3-alpine
 
-ENV KAFKA_VERSION 2.8.2
+ENV KAFKA_VERSION 3.4.0
 ENV SCALA_VERSION 2.13
 
 # Set the classpath for JARs required by `cub`
 ENV CUB_CLASSPATH='"/usr/share/java/cp-base-new/*"'
 
 # Confluent Docker Utils Version (Namely the tag or branch to grab from git to install)
-ARG PYTHON_CONFLUENT_DOCKER_UTILS_VERSION="v0.0.49"
+ARG PYTHON_CONFLUENT_DOCKER_UTILS_VERSION="v0.0.58"
 
 # This can be overriden for an offline/air-gapped builds
 ARG PYTHON_CONFLUENT_DOCKER_UTILS_INSTALL_SPEC="git+https://github.com/confluentinc/confluent-docker-utils@${PYTHON_CONFLUENT_DOCKER_UTILS_VERSION}"
@@ -32,8 +38,6 @@ RUN mkdir -p /opt \
   && echo "===> Installing python packages ..."  \
   && pip install --no-cache-dir jinja2 requests \
   && pip install --prefer-binary --prefix=/usr/local --upgrade "${PYTHON_CONFLUENT_DOCKER_UTILS_INSTALL_SPEC}" \
-  && echo "===> Applying log4j log4shell fix based on https://www.slf4j.org/log4shell.html ..." \
-  && zip -d /opt/kafka/libs/log4j-1.2.17.jar org/apache/log4j/net/JMSAppender.class \
   && rm -rf /tmp/* \
   && apk del --purge .build-deps
 
@@ -43,9 +47,10 @@ WORKDIR /opt/kafka
 
 RUN ls -la
 COPY --from=confluent_base /usr/share/java/cp-base-new/ /usr/share/java/cp-base-new/
+COPY --from=confluent_base /etc/cp-base-new/log4j.properties /etc/cp-base-new/log4j.properties
 
-ADD --chown=kafka:kafka https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.5/aws-msk-iam-auth-1.1.5-all.jar /usr/share/java/cp-base-new
+ADD --chown=kafka:kafka https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.6/aws-msk-iam-auth-1.1.6-all.jar /usr/share/java/cp-base-new
-ADD --chown=kafka:kafka https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.5/aws-msk-iam-auth-1.1.5-all.jar /opt/kafka/libs
+ADD --chown=kafka:kafka https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.6/aws-msk-iam-auth-1.1.6-all.jar /opt/kafka/libs
 
 ENV METADATA_AUDIT_EVENT_NAME="MetadataAuditEvent_v4"
 ENV METADATA_CHANGE_EVENT_NAME="MetadataChangeEvent_v4"

entity-registry/custom-test-model/build.gradle

@@ -5,7 +5,7 @@ buildscript {
         mavenCentral()
     }
     dependencies {
-        classpath("org.yaml:snakeyaml:1.17")
+        classpath("org.yaml:snakeyaml:1.33")
     }
 }
 

metadata-io/build.gradle

@@ -72,6 +72,15 @@ dependencies {
     implementation(externalDependency.commonsText) {
       because("previous versions are vulnerable to CVE-2022-42889")
     }
+    implementation(externalDependency.snakeYaml) {
+      because("previous versions are vulnerable to CVE-2022-25857")
+    }
+    implementation(externalDependency.woodstoxCore) {
+      because("previous versions are vulnerable to CVE-2022-40151-2")
+    }
+    implementation(externalDependency.jettison) {
+      because("previous versions are vulnerable")
+    }
   }
 }
 

metadata-models-custom/build.gradle

@@ -5,7 +5,7 @@ buildscript {
         mavenCentral()
     }
     dependencies {
-        classpath("org.yaml:snakeyaml:1.17")
+        classpath("org.yaml:snakeyaml:1.33")
     }
 }