fix(security): commons-text in frontend, hadoop-commons in datahub-upgrade (#6723)

2025-12-11 10:05:08 +00:00 · 2022-12-09 14:11:12 -06:00 · 2022-12-09 14:11:12 -06:00 · 1e5d434501
commit 1e5d434501
parent b7735d5b21
2 changed files with 10 additions and 0 deletions
--- a/datahub-frontend/play.gradle
+++ b/datahub-frontend/play.gradle
@ -26,6 +26,9 @@ dependencies {
    play('com.typesafe.akka:akka-actor_2.12:2.6.20')
    play('net.minidev:json-smart:2.4.8')
    play('io.netty:netty-all:4.1.85.Final')
+    implementation(externalDependency.commonsText) {
+      because("previous versions are vulnerable to CVE-2022-42889")
+    }
  }

  compile project(":metadata-service:restli-client")
--- a/datahub-upgrade/build.gradle
+++ b/datahub-upgrade/build.gradle
@ -14,6 +14,13 @@ dependencies {
    exclude group: 'com.nimbusds', module: 'nimbus-jose-jwt'
    exclude group: "org.apache.htrace", module: "htrace-core4"
  }
+
+  constraints {
+    implementation(externalDependency.hadoopCommon3) {
+      because("previous versions are vulnerable to CVE-2021-37404")
+    }
+  }
+
  implementation externalDependency.slf4jApi
  compileOnly externalDependency.lombok
  compile externalDependency.picocli