yujunjun/datahub
2
0
Fork 0
mirror of https://github.com/datahub-project/datahub.git synced 2025-10-06 22:46:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(snappy): fix snappy version constraint (#8629)

Browse Source
This commit is contained in:
david-leifker 2023-08-17 00:26:28 -05:00 committed by GitHub
parent 6748aecdc0
commit 749c3e85cb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
build.gradle
View File

@ -137,6 +137,7 @@ project.ext.externalDependency = [
'kafkaAvroSerde': 'io.confluent:kafka-streams-avro-serde:5.5.1', 'kafkaAvroSerde': 'io.confluent:kafka-streams-avro-serde:5.5.1',
'kafkaAvroSerializer': 'io.confluent:kafka-avro-serializer:5.1.4', 'kafkaAvroSerializer': 'io.confluent:kafka-avro-serializer:5.1.4',
'kafkaClients': "org.apache.kafka:kafka-clients:$kafkaVersion", 'kafkaClients': "org.apache.kafka:kafka-clients:$kafkaVersion",
'snappy': 'org.xerial.snappy:snappy-java:1.1.10.3',
'logbackClassic': "ch.qos.logback:logback-classic:$logbackClassic", 'logbackClassic': "ch.qos.logback:logback-classic:$logbackClassic",
'slf4jApi': "org.slf4j:slf4j-api:$slf4jVersion", 'slf4jApi': "org.slf4j:slf4j-api:$slf4jVersion",
'log4jCore': "org.apache.logging.log4j:log4j-core:$log4jVersion", 'log4jCore': "org.apache.logging.log4j:log4j-core:$log4jVersion",

3
datahub-frontend/play.gradle
View File

@ -28,6 +28,9 @@ dependencies {
implementation(externalDependency.commonsText) { implementation(externalDependency.commonsText) {
because("previous versions are vulnerable to CVE-2022-42889") because("previous versions are vulnerable to CVE-2022-42889")
} }
implementation(externalDependency.snappy) {
because("previous versions are vulnerable to CVE-2023-34453 through CVE-2023-34455")
}
} }
compile project(":metadata-service:restli-client") compile project(":metadata-service:restli-client")

3
metadata-dao-impl/kafka-producer/build.gradle
View File

@ -23,5 +23,8 @@ dependencies {
implementation(externalDependency.log4jApi) { implementation(externalDependency.log4jApi) {
because("previous versions are vulnerable to CVE-2021-45105") because("previous versions are vulnerable to CVE-2021-45105")
} }
implementation(externalDependency.snappy) {
because("previous versions are vulnerable to CVE-2023-34453 through CVE-2023-34455")
}
} }
} }

3
metadata-io/build.gradle
View File

@ -88,6 +88,9 @@ dependencies {
implementation(externalDependency.jettison) { implementation(externalDependency.jettison) {
because("previous versions are vulnerable") because("previous versions are vulnerable")
} }
implementation(externalDependency.snappy) {
because("previous versions are vulnerable to CVE-2023-34453 through CVE-2023-34455")
}
} }
} }

6
metadata-service/factories/build.gradle
View File

@ -49,6 +49,12 @@ dependencies {
testCompile externalDependency.hazelcastTest testCompile externalDependency.hazelcastTest
implementation externalDependency.jline implementation externalDependency.jline
implementation externalDependency.common implementation externalDependency.common
constraints {
implementation(externalDependency.snappy) {
because("previous versions are vulnerable to CVE-2023-34453 through CVE-2023-34455")
}
}
} }
configurations.all{ configurations.all{