yujunjun/datahub
2
0
Fork 0
mirror of https://github.com/datahub-project/datahub.git synced 2025-12-27 18:07:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): security version updates (#6602)

Browse Source
This commit is contained in:
david-leifker 2022-12-01 16:43:15 -06:00 committed by GitHub
parent d6dd8ccc51
commit 83b21b021c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 53 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
build.gradle
View File

@ -8,6 +8,8 @@ buildscript {
ext.neo4jVersion = '4.4.9'
ext.graphQLJavaVersion = '19.0'
ext.testContainersVersion = '1.17.4'
ext.jacksonVersion = '2.13.4'
ext.jettyVersion = '9.4.46.v20220331'
apply from: './repositories.gradle'
buildscript.repositories.addAll(project.repositories)
dependencies {
@ -57,6 +59,7 @@ project.ext.externalDependency = [
'commonsCli': 'commons-cli:commons-cli:1.5.0',
'commonsIo': 'commons-io:commons-io:2.4',
'commonsLang': 'commons-lang:commons-lang:2.6',
'commonsText': 'org.apache.commons:commons-text:1.10.0',
'commonsCollections': 'commons-collections:commons-collections:3.2.2',
'data' : 'com.linkedin.pegasus:data:' + pegasusVersion,
'datastaxOssNativeProtocol': 'com.datastax.oss:native-protocol:1.5.1',
@ -75,7 +78,7 @@ project.ext.externalDependency = [
'gson': 'com.google.code.gson:gson:2.8.9',
'guice': 'com.google.inject:guice:4.2.2',
'guava': 'com.google.guava:guava:27.0.1-jre',
'h2': 'com.h2database:h2:2.1.210',
'h2': 'com.h2database:h2:2.1.214',
'hadoopClient': 'org.apache.hadoop:hadoop-client:3.2.1',
'hadoopCommon':'org.apache.hadoop:hadoop-common:2.7.2',
'hadoopMapreduceClient':'org.apache.hadoop:hadoop-mapreduce-client-core:2.7.2',
@ -84,15 +87,18 @@ project.ext.externalDependency = [
'httpClient': 'org.apache.httpcomponents:httpclient:4.5.9',
'httpAsyncClient': 'org.apache.httpcomponents:httpasyncclient:4.1.5',
'iStackCommons': 'com.sun.istack:istack-commons-runtime:4.0.1',
'jacksonCore': 'com.fasterxml.jackson.core:jackson-core:2.13.2',
'jacksonDataBind': 'com.fasterxml.jackson.core:jackson-databind:2.13.2.2',
'jacksonDataFormatYaml': 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.2',
'jacksonCore': "com.fasterxml.jackson.core:jackson-core:$jacksonVersion",
'jacksonDataBind': "com.fasterxml.jackson.core:jackson-databind:$jacksonVersion.2",
'jacksonDataFormatYaml': "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:$jacksonVersion",
'woodstoxCore': 'com.fasterxml.woodstox:woodstox-core:6.4.0',
'javatuples': 'org.javatuples:javatuples:1.2',
'javaxInject' : 'javax.inject:javax.inject:1',
'javaxValidation' : 'javax.validation:validation-api:2.0.1.Final',
'jerseyCore': 'org.glassfish.jersey.core:jersey-client:2.25.1',
'jerseyGuava': 'org.glassfish.jersey.bundles.repackaged:jersey-guava:2.25.1',
'jettyJaas': 'org.eclipse.jetty:jetty-jaas:9.4.46.v20220331',
'jettyJaas': "org.eclipse.jetty:jetty-jaas:$jettyVersion",
'jettyClient': "org.eclipse.jetty:jetty-client:$jettyVersion",
'jettison': 'org.codehaus.jettison:jettison:1.5.2',
'jgrapht': 'org.jgrapht:jgrapht-core:1.5.1',
'jna': 'net.java.dev.jna:jna:5.12.1',
'jsonPatch': 'com.github.java-json-tools:json-patch:1.13',
@ -136,14 +142,15 @@ project.ext.externalDependency = [
'playTest': 'com.typesafe.play:play-test_2.12:2.7.6',
'pac4j': 'org.pac4j:pac4j-oidc:3.6.0',
'playPac4j': 'org.pac4j:play-pac4j_2.12:8.0.2',
'postgresql': 'org.postgresql:postgresql:42.3.3',
'protobuf': 'com.google.protobuf:protobuf-java:3.19.3',
'postgresql': 'org.postgresql:postgresql:42.3.8',
'protobuf': 'com.google.protobuf:protobuf-java:3.19.6',
'rangerCommons': 'org.apache.ranger:ranger-plugins-common:2.3.0',
'reflections': 'org.reflections:reflections:0.9.9',
'resilience4j': 'io.github.resilience4j:resilience4j-retry:1.7.1',
'rythmEngine': 'org.rythmengine:rythm-engine:1.3.0',
'servletApi': 'javax.servlet:javax.servlet-api:3.1.0',
'shiroCore': 'org.apache.shiro:shiro-core:1.8.0',
'shiroCore': 'org.apache.shiro:shiro-core:1.10.0',
'snakeYaml': 'org.yaml:snakeyaml:1.33',
'sparkSql' : 'org.apache.spark:spark-sql_2.11:2.4.8',
'sparkHive' : 'org.apache.spark:spark-hive_2.11:2.4.8',
'springBeans': "org.springframework:spring-beans:$springVersion",
@ -184,6 +191,7 @@ configure(subprojects.findAll {! it.name.startsWith('spark-lineage') }) {
configurations.all {
exclude group: "io.netty", module: "netty"
exclude group: "log4j", module: "log4j"
exclude group: "org.springframework.boot", module: "spring-boot-starter-logging"
exclude group: "ch.qos.logback", module: "logback-classic"
exclude group: "org.apache.logging.log4j", module: "log4j-to-slf4j"
@ -219,8 +227,8 @@ subprojects {
implementation('org.apache.commons:commons-compress:1.21')
implementation('org.apache.velocity:velocity-engine-core:2.3')
implementation('org.hibernate:hibernate-validator:6.0.20.Final')
implementation('com.fasterxml.jackson.core:jackson-databind:2.13.2.2')
implementation('com.fasterxml.jackson.core:jackson-dataformat-cbor:2.13.2')
implementation("com.fasterxml.jackson.core:jackson-databind:$jacksonVersion.2")
implementation("com.fasterxml.jackson.core:jackson-dataformat-cbor:$jacksonVersion")
}
}

4
buildSrc/build.gradle
View File

@ -10,7 +10,7 @@ dependencies {
exclude group: 'com.google.guava', module: 'guava'
}
compile 'com.google.guava:guava:27.0.1-jre'
compile 'com.fasterxml.jackson.core:jackson-databind:2.9.10.7'
compile 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.8.11'
compile 'com.fasterxml.jackson.core:jackson-databind:2.13.4.2'
compile 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.4'
compile 'commons-io:commons-io:2.11.0'
}

2
datahub-frontend/play.gradle
View File

@ -17,7 +17,7 @@ dependencies {
constraints {
play('org.springframework:spring-core:5.2.3.RELEASE')
play('com.fasterxml.jackson.core:jackson-databind:2.9.10.4')
play(externalDependency.jacksonDataBind)
play('com.nimbusds:nimbus-jose-jwt:7.9')
play('com.typesafe.akka:akka-actor_2.12:2.5.16')
play('net.minidev:json-smart:2.4.1')

12
datahub-ranger-plugin/build.gradle
View File

@ -30,6 +30,18 @@ dependencies {
implementation externalDependency.hadoopCommon3
implementation externalDependency.log4jApi
constraints {
implementation(externalDependency.woodstoxCore) {
because("previous versions are vulnerable to CVE-2022-40151 CVE-2022-40152")
}
implementation(externalDependency.jettyClient) {
because("previous versions are vulnerable to CVE-2021-28165")
}
implementation(externalDependency.jettison) {
because("previous versions are vulnerable to CVE-2022-40149 CVE-2022-40150")
}
}
testCompile externalDependency.testng
}

5
entity-registry/build.gradle
View File

@ -10,6 +10,11 @@ dependencies {
compile externalDependency.jacksonDataFormatYaml
compile externalDependency.reflections
compile externalDependency.jsonPatch
constraints {
implementation(externalDependency.snakeYaml) {
because("previous versions are vulnerable to CVE-2022-25857")
}
}
dataModel project(':li-utils')
annotationProcessor externalDependency.lombok

3
metadata-io/build.gradle
View File

@ -66,6 +66,9 @@ dependencies {
implementation(externalDependency.log4jApi) {
because("previous versions are vulnerable to CVE-2021-45105")
}
implementation(externalDependency.commonsText) {
because("previous versions are vulnerable to CVE-2022-42889")
}
}
}

12
metadata-service/auth-ranger-impl/build.gradle
View File

@ -13,6 +13,18 @@ dependencies {
}
implementation externalDependency.hadoopCommon3
constraints {
implementation(externalDependency.woodstoxCore) {
because("previous versions are vulnerable to CVE-2022-40151 CVE-2022-40152")
}
implementation(externalDependency.jettyClient) {
because("previous versions are vulnerable to CVE-2021-28165")
}
implementation(externalDependency.jettison) {
because("previous versions are vulnerable to CVE-2022-40149 CVE-2022-40150")
}
}
implementation 'org.apache.logging.log4j:log4j-1.2-api:2.17.1'
implementation 'rome:rome:1.0'
runtimeOnly externalDependency.jna