chore(snappy): fix snappy version constraint (#8629)

2025-10-05 14:06:40 +00:00 · 2023-08-17 00:26:28 -05:00 · 2023-08-17 00:26:28 -05:00 · 749c3e85cb
commit 749c3e85cb
parent 6748aecdc0
5 changed files with 16 additions and 0 deletions
--- a/build.gradle
+++ b/build.gradle
@ -137,6 +137,7 @@ project.ext.externalDependency = [
    'kafkaAvroSerde': 'io.confluent:kafka-streams-avro-serde:5.5.1',
    'kafkaAvroSerializer': 'io.confluent:kafka-avro-serializer:5.1.4',
    'kafkaClients': "org.apache.kafka:kafka-clients:$kafkaVersion",
+    'snappy': 'org.xerial.snappy:snappy-java:1.1.10.3',
    'logbackClassic': "ch.qos.logback:logback-classic:$logbackClassic",
    'slf4jApi': "org.slf4j:slf4j-api:$slf4jVersion",
    'log4jCore': "org.apache.logging.log4j:log4j-core:$log4jVersion",
--- a/datahub-frontend/play.gradle
+++ b/datahub-frontend/play.gradle
@ -28,6 +28,9 @@ dependencies {
    implementation(externalDependency.commonsText) {
      because("previous versions are vulnerable to CVE-2022-42889")
    }
+    implementation(externalDependency.snappy) {
+      because("previous versions are vulnerable to CVE-2023-34453 through CVE-2023-34455")
+    }
  }

  compile project(":metadata-service:restli-client")
--- a/metadata-dao-impl/kafka-producer/build.gradle
+++ b/metadata-dao-impl/kafka-producer/build.gradle
@ -23,5 +23,8 @@ dependencies {
    implementation(externalDependency.log4jApi) {
        because("previous versions are vulnerable to CVE-2021-45105")
    }
+    implementation(externalDependency.snappy) {
+      because("previous versions are vulnerable to CVE-2023-34453 through CVE-2023-34455")
+    }
  }
 }
--- a/metadata-io/build.gradle
+++ b/metadata-io/build.gradle
@ -88,6 +88,9 @@ dependencies {
    implementation(externalDependency.jettison) {
      because("previous versions are vulnerable")
    }
+    implementation(externalDependency.snappy) {
+      because("previous versions are vulnerable to CVE-2023-34453 through CVE-2023-34455")
+    }
  }
 }

--- a/metadata-service/factories/build.gradle
+++ b/metadata-service/factories/build.gradle
@ -49,6 +49,12 @@ dependencies {
  testCompile externalDependency.hazelcastTest
  implementation externalDependency.jline
  implementation externalDependency.common
+
+  constraints {
+    implementation(externalDependency.snappy) {
+      because("previous versions are vulnerable to CVE-2023-34453 through CVE-2023-34455")
+    }
+  }
 }

 configurations.all{