chore(versions): bump versions (#7358)

2025-11-06 22:04:16 +00:00 · 2023-02-20 00:02:05 -06:00 · 2023-02-20 00:02:05 -06:00 · 1df806d177
commit 1df806d177
parent bfc0fe1c4b
7 changed files with 37 additions and 14 deletions
--- a/build.gradle
+++ b/build.gradle
@ -10,7 +10,7 @@ buildscript {
  ext.graphQLJavaVersion = '19.0'
  ext.testContainersVersion = '1.17.4'
  ext.elasticsearchVersion = '7.10.2'
-  ext.jacksonVersion = '2.13.4'
+  ext.jacksonVersion = '2.13.5'
  ext.jettyVersion = '9.4.46.v20220331'
  ext.playVersion = '2.8.18'
  ext.log4jVersion = '2.19.0'
@ -109,7 +109,7 @@ project.ext.externalDependency = [
    'jacksonJDK8': "com.fasterxml.jackson.datatype:jackson-datatype-jdk8:$jacksonVersion",
    'jacksonDataPropertyFormat': "com.fasterxml.jackson.dataformat:jackson-dataformat-properties:$jacksonVersion",
    'jacksonCore': "com.fasterxml.jackson.core:jackson-core:$jacksonVersion",
-    'jacksonDataBind': "com.fasterxml.jackson.core:jackson-databind:$jacksonVersion.2",
+    'jacksonDataBind': "com.fasterxml.jackson.core:jackson-databind:$jacksonVersion",
    'jacksonDataFormatYaml': "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:$jacksonVersion",
    'woodstoxCore': 'com.fasterxml.woodstox:woodstox-core:6.4.0',
    'javatuples': 'org.javatuples:javatuples:1.2',
@ -250,7 +250,7 @@ subprojects {
        implementation('org.apache.commons:commons-compress:1.21')
        implementation('org.apache.velocity:velocity-engine-core:2.3')
        implementation('org.hibernate:hibernate-validator:6.0.20.Final')
-        implementation("com.fasterxml.jackson.core:jackson-databind:$jacksonVersion.2")
+        implementation("com.fasterxml.jackson.core:jackson-databind:$jacksonVersion")
        implementation("com.fasterxml.jackson.core:jackson-dataformat-cbor:$jacksonVersion")
      }
    }
--- a/buildSrc/build.gradle
+++ b/buildSrc/build.gradle
@ -10,7 +10,7 @@ dependencies {
    exclude group: 'com.google.guava', module: 'guava'
  }
  compile 'com.google.guava:guava:27.0.1-jre'
-  compile 'com.fasterxml.jackson.core:jackson-databind:2.13.4.2'
-  compile 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.4'
+  compile 'com.fasterxml.jackson.core:jackson-databind:2.13.5'
+  compile 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.5'
  compile 'commons-io:commons-io:2.11.0'
 }
--- a/datahub-upgrade/build.gradle
+++ b/datahub-upgrade/build.gradle
@ -27,6 +27,15 @@ dependencies {
    implementation(externalDependency.hadoopCommon3) {
      because("previous versions are vulnerable to CVE-2021-37404")
    }
+    implementation(externalDependency.snakeYaml) {
+      because("previous versions are vulnerable to CVE-2022-25857")
+    }
+    implementation(externalDependency.woodstoxCore) {
+      because("previous versions are vulnerable to CVE-2022-40151-2")
+    }
+    implementation(externalDependency.jettison) {
+      because("previous versions are vulnerable")
+    }
  }

  implementation externalDependency.slf4jApi
--- a/docker/kafka-setup/Dockerfile
+++ b/docker/kafka-setup/Dockerfile
@ -1,17 +1,23 @@
 # Using as a base image because to get the needed jars for confluent utils
-FROM confluentinc/cp-base-new:6.1.4 as confluent_base
+FROM confluentinc/cp-base-new@sha256:ac4e0f9bcaecdab728740529f37452231fa40760fcf561759fc3b219f46d2cc9 as confluent_base
+
+ARG MAVEN_REPO="https://repo1.maven.org/maven2"
+ARG SNAKEYAML_VERSION="1.33"
+
+RUN rm /usr/share/java/cp-base-new/snakeyaml-*.jar \
+    && wget -P /usr/share/java/cp-base-new $MAVEN_REPO/org/yaml/snakeyaml/$SNAKEYAML_VERSION/snakeyaml-$SNAKEYAML_VERSION.jar

 # Based on https://github.com/blacktop's alpine kafka build
 FROM python:3-alpine

-ENV KAFKA_VERSION 2.8.2
+ENV KAFKA_VERSION 3.4.0
 ENV SCALA_VERSION 2.13

 # Set the classpath for JARs required by `cub`
 ENV CUB_CLASSPATH='"/usr/share/java/cp-base-new/*"'

 # Confluent Docker Utils Version (Namely the tag or branch to grab from git to install)
-ARG PYTHON_CONFLUENT_DOCKER_UTILS_VERSION="v0.0.49"
+ARG PYTHON_CONFLUENT_DOCKER_UTILS_VERSION="v0.0.58"

 # This can be overriden for an offline/air-gapped builds
 ARG PYTHON_CONFLUENT_DOCKER_UTILS_INSTALL_SPEC="git+https://github.com/confluentinc/confluent-docker-utils@${PYTHON_CONFLUENT_DOCKER_UTILS_VERSION}"
@ -32,8 +38,6 @@ RUN mkdir -p /opt \
  && echo "===> Installing python packages ..."  \
  && pip install --no-cache-dir jinja2 requests \
  && pip install --prefer-binary --prefix=/usr/local --upgrade "${PYTHON_CONFLUENT_DOCKER_UTILS_INSTALL_SPEC}" \
-  && echo "===> Applying log4j log4shell fix based on https://www.slf4j.org/log4shell.html ..." \
-  && zip -d /opt/kafka/libs/log4j-1.2.17.jar org/apache/log4j/net/JMSAppender.class \
  && rm -rf /tmp/* \
  && apk del --purge .build-deps

@ -43,9 +47,10 @@ WORKDIR /opt/kafka

 RUN ls -la
 COPY --from=confluent_base /usr/share/java/cp-base-new/ /usr/share/java/cp-base-new/
+COPY --from=confluent_base /etc/cp-base-new/log4j.properties /etc/cp-base-new/log4j.properties

-ADD --chown=kafka:kafka https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.5/aws-msk-iam-auth-1.1.5-all.jar /usr/share/java/cp-base-new
-ADD --chown=kafka:kafka https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.5/aws-msk-iam-auth-1.1.5-all.jar /opt/kafka/libs
+ADD --chown=kafka:kafka https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.6/aws-msk-iam-auth-1.1.6-all.jar /usr/share/java/cp-base-new
+ADD --chown=kafka:kafka https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.6/aws-msk-iam-auth-1.1.6-all.jar /opt/kafka/libs

 ENV METADATA_AUDIT_EVENT_NAME="MetadataAuditEvent_v4"
 ENV METADATA_CHANGE_EVENT_NAME="MetadataChangeEvent_v4"
--- a/entity-registry/custom-test-model/build.gradle
+++ b/entity-registry/custom-test-model/build.gradle
@ -5,7 +5,7 @@ buildscript {
        mavenCentral()
    }
    dependencies {
-        classpath("org.yaml:snakeyaml:1.17")
+        classpath("org.yaml:snakeyaml:1.33")
    }
 }

--- a/metadata-io/build.gradle
+++ b/metadata-io/build.gradle
@ -72,6 +72,15 @@ dependencies {
    implementation(externalDependency.commonsText) {
      because("previous versions are vulnerable to CVE-2022-42889")
    }
+    implementation(externalDependency.snakeYaml) {
+      because("previous versions are vulnerable to CVE-2022-25857")
+    }
+    implementation(externalDependency.woodstoxCore) {
+      because("previous versions are vulnerable to CVE-2022-40151-2")
+    }
+    implementation(externalDependency.jettison) {
+      because("previous versions are vulnerable")
+    }
  }
 }

--- a/metadata-models-custom/build.gradle
+++ b/metadata-models-custom/build.gradle
@ -5,7 +5,7 @@ buildscript {
        mavenCentral()
    }
    dependencies {
-        classpath("org.yaml:snakeyaml:1.17")
+        classpath("org.yaml:snakeyaml:1.33")
    }
 }