yujunjun/datahub
2
0
Fork 0
mirror of https://github.com/datahub-project/datahub.git synced 2025-12-24 16:38:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(deps): fix CVE-2025-48924 (commons-lang:commons-lang) (#14480)

Browse Source
This commit is contained in:
rahul MALAWADKAR 2025-08-23 20:18:29 +05:30 committed by GitHub
parent 984e875fd9
commit 88064ba163
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
26 changed files with 24 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
build.gradle
View File

@ -35,7 +35,7 @@ buildscript {
ext.junitJupiterVersion = '5.6.1'
// Releases: https://github.com/linkedin/rest.li/blob/master/CHANGELOG.md
ext.pegasusVersion = '29.65.7'
ext.pegasusVersion = '29.74.2'
ext.mavenVersion = '3.6.3'
ext.versionGradle = '8.14.3'
ext.springVersion = '6.2.10'
@ -134,7 +134,6 @@ project.ext.externalDependency = [
'cacheApi': 'javax.cache:cache-api:1.1.0',
'commonsCli': 'commons-cli:commons-cli:1.5.0',
'commonsIo': 'commons-io:commons-io:2.17.0',
'commonsLang': 'commons-lang:commons-lang:2.6',
'commonsText': 'org.apache.commons:commons-text:1.14.0',
'caffeine': 'com.github.ben-manes.caffeine:caffeine:3.1.8',
'datastaxOssNativeProtocol': 'com.datastax.oss:native-protocol:1.5.1',
@ -399,6 +398,7 @@ configure(subprojects.findAll {! it.name.startsWith('spark-lineage')}) {
exclude group: 'com.typesafe.play', module: 'shaded-oauth'
exclude group: 'commons-httpclient', module: 'commons-httpclient'
exclude group: 'commons-collections', module: 'commons-collections'
exclude group: 'commons-lang', module: 'commons-lang'
// Tomcat excluded for jetty
exclude group: 'org.apache.tomcat.embed', module: 'tomcat-embed-el'
@ -410,6 +410,7 @@ configure(subprojects.findAll {! it.name.startsWith('spark-lineage')}) {
resolutionStrategy.force 'org.mozilla:rhino:1.7.12'
resolutionStrategy.force 'commons-beanutils:commons-beanutils:1.11.0'
resolutionStrategy.force 'org.apache.commons:commons-collections4:4.5.0'
resolutionStrategy.force 'org.apache.commons:commons-lang3:3.18.0'
resolutionStrategy {
force "org.eclipse.jetty:jetty-security:${jettyVersion}"
force "org.eclipse.jetty:jetty-server:${jettyVersion}"

2
datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/entity/versioning/LinkAssetVersionResolver.java
View File

@ -25,7 +25,7 @@ import java.util.List;
import java.util.concurrent.CompletableFuture;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.StringUtils;
/**
* Currently only supports linking the latest version, but may be modified later to support inserts

1
li-utils/build.gradle
View File

@ -9,7 +9,6 @@ apply from: "../gradle/coverage/java-coverage.gradle"
dependencies {
api spec.product.pegasus.data
implementation externalDependency.commonsLang
implementation(externalDependency.reflections) {
exclude group: 'com.google.guava', module: 'guava'
}

2
li-utils/src/main/java/com/datahub/util/RecordUtils.java
View File

@ -31,7 +31,7 @@ import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.StringUtils;
public class RecordUtils {

2
metadata-integration/java/acryl-spark-lineage/build.gradle
View File

@ -39,7 +39,6 @@ dependencies {
implementation 'org.slf4j:slf4j-log4j12:2.0.7'
implementation externalDependency.httpClient
implementation externalDependency.typesafeConfig
implementation externalDependency.commonsLang
implementation externalDependency.slf4jApi
compileOnly externalDependency.lombok
annotationProcessor externalDependency.lombok
@ -140,7 +139,6 @@ scalaVersions.each { sv ->
scalaConfig.dependencies.add(project.dependencies.create('org.slf4j:slf4j-log4j12:2.0.7'))
scalaConfig.dependencies.add(project.dependencies.create(externalDependency.httpClient))
scalaConfig.dependencies.add(project.dependencies.create(externalDependency.typesafeConfig))
scalaConfig.dependencies.add(project.dependencies.create(externalDependency.commonsLang))
scalaConfig.dependencies.add(project.dependencies.create(externalDependency.slf4jApi))
scalaConfig.dependencies.add(project.dependencies.create(externalDependency.json))

2
metadata-integration/java/acryl-spark-lineage/src/main/java/datahub/spark/converter/SparkStreamingEventToDatahub.java
View File

@ -26,7 +26,7 @@ import java.util.Optional;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.spark.sql.streaming.StreamingQueryProgress;
@Slf4j

1
metadata-integration/java/openlineage-converter/build.gradle
View File

@ -18,7 +18,6 @@ dependencies {
compileOnly "io.openlineage:openlineage-java:$openLineageVersion"
implementation externalDependency.slf4jApi
implementation externalDependency.commonsLang
compileOnly externalDependency.lombok
annotationProcessor externalDependency.lombok

2
metadata-integration/java/openlineage-converter/src/main/java/io/datahubproject/openlineage/dataset/HdfsPathDataset.java
View File

@ -8,7 +8,7 @@ import java.util.Collections;
import java.util.List;
import lombok.ToString;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.StringUtils;
@ToString
@Slf4j

2
metadata-io/src/main/java/com/linkedin/metadata/dataHubUsage/DataHubUsageServiceImpl.java
View File

@ -22,7 +22,7 @@ import java.util.Map;
import javax.annotation.Nonnull;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.StringUtils;
import org.opensearch.action.search.SearchRequest;
import org.opensearch.action.search.SearchResponse;
import org.opensearch.client.RequestOptions;

2
metadata-io/src/main/java/com/linkedin/metadata/entity/EntityServiceImpl.java
View File

@ -126,7 +126,7 @@ import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import lombok.Getter;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.StringUtils;
/**
* A class specifying create, update, and read operations against metadata entities and aspects by

2
metadata-io/src/main/java/com/linkedin/metadata/entity/versioning/validation/VersionPropertiesValidator.java
View File

@ -45,7 +45,7 @@ import lombok.Getter;
import lombok.Setter;
import lombok.experimental.Accessors;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.StringUtils;
@Setter
@Getter

2
metadata-io/src/main/java/com/linkedin/metadata/graph/neo4j/Neo4jGraphService.java
View File

@ -54,9 +54,9 @@ import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.Getter;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.time.StopWatch;
import org.apache.commons.lang3.ClassUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.time.StopWatch;
import org.neo4j.driver.Driver;
import org.neo4j.driver.Record;
import org.neo4j.driver.Result;

2
metadata-io/src/main/java/com/linkedin/metadata/search/elasticsearch/query/ESBrowseDAO.java
View File

@ -48,7 +48,7 @@ import lombok.RequiredArgsConstructor;
import lombok.Value;
import lombok.experimental.Accessors;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.StringUtils;
import org.opensearch.action.search.SearchRequest;
import org.opensearch.action.search.SearchResponse;
import org.opensearch.client.RequestOptions;

2
metadata-io/src/main/java/com/linkedin/metadata/search/elasticsearch/query/request/AggregationQueryBuilder.java
View File

@ -40,7 +40,7 @@ import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.StringUtils;
import org.opensearch.action.search.SearchResponse;
import org.opensearch.search.aggregations.Aggregation;
import org.opensearch.search.aggregations.AggregationBuilder;

2
metadata-io/src/main/java/com/linkedin/metadata/search/utils/ESUtils.java
View File

@ -43,7 +43,7 @@ import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.StringUtils;
import org.opensearch.action.search.CreatePitRequest;
import org.opensearch.action.search.CreatePitResponse;
import org.opensearch.client.Request;

2
metadata-io/src/main/java/com/linkedin/metadata/service/BusinessAttributeUpdateHookService.java
View File

@ -27,8 +27,8 @@ import java.util.concurrent.*;
import java.util.stream.Collectors;
import lombok.Data;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.time.StopWatch;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.time.StopWatch;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.lang.NonNull;
import org.springframework.lang.Nullable;

2
metadata-io/src/main/java/com/linkedin/metadata/timeline/eventgenerator/SchemaMetadataChangeEventGenerator.java
View File

@ -34,7 +34,7 @@ import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.StringUtils;
@Slf4j
public class SchemaMetadataChangeEventGenerator extends EntityChangeEventGenerator<SchemaMetadata> {

2
metadata-jobs/common/src/main/java/com/linkedin/metadata/kafka/listener/AbstractKafkaListenerRegistrar.java
View File

@ -11,7 +11,7 @@ import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.kafka.clients.consumer.ConsumerRecord;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.kafka.config.KafkaListenerContainerFactory;

2
metadata-jobs/mce-consumer/src/main/java/com/linkedin/metadata/kafka/MetadataChangeEventsProcessor.java
View File

@ -21,7 +21,7 @@ import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.apache.avro.generic.GenericRecord;
import org.apache.avro.generic.IndexedRecord;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.apache.kafka.clients.consumer.ConsumerRecord;
import org.apache.kafka.clients.producer.Producer;
import org.apache.kafka.clients.producer.ProducerRecord;

2
metadata-service/auth-impl/src/main/java/com/datahub/authentication/token/StatefulTokenService.java
View File

@ -24,7 +24,7 @@ import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang3.ArrayUtils;
/**
* Service responsible for generating JWT tokens & managing the associated metadata entities in GMS

2
metadata-service/factories/src/main/java/com/linkedin/gms/factory/plugins/SpringStandardPluginConfiguration.java
View File

@ -43,7 +43,7 @@ import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;

2
metadata-service/factories/src/main/java/com/linkedin/gms/factory/system_telemetry/usage/DataHubUsageSpanExporter.java
View File

@ -22,7 +22,7 @@ import java.util.Collections;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.kafka.clients.producer.Producer;
import org.apache.kafka.clients.producer.ProducerRecord;

2
metadata-service/factories/src/test/java/com/linkedin/gms/factory/system_telemetry/usage/DataHubUsageSpanExporterTest.java
View File

@ -24,7 +24,7 @@ import io.opentelemetry.sdk.common.CompletableResultCode;
import io.opentelemetry.sdk.trace.data.EventData;
import io.opentelemetry.sdk.trace.data.SpanData;
import java.util.*;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.kafka.clients.producer.Producer;
import org.apache.kafka.clients.producer.ProducerRecord;
import org.mockito.ArgumentCaptor;

2
metadata-service/openapi-servlet/src/main/java/io/datahubproject/openapi/controller/GenericEntitiesController.java
View File

@ -68,7 +68,7 @@ import java.util.*;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.MediaType;

1
metadata-utils/build.gradle
View File

@ -7,7 +7,6 @@ apply from: '../gradle/coverage/java-coverage.gradle'
dependencies {
api externalDependency.avro
implementation externalDependency.commonsLang
api externalDependency.micrometerPrometheus
api externalDependency.micrometerJmx
api externalDependency.micrometerOtelBridge

2
metadata-utils/src/main/java/com/linkedin/metadata/restli/DefaultRestliClientFactory.java
View File

@ -19,7 +19,7 @@ import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.StringUtils;
public class DefaultRestliClientFactory {