feat(vulnerability): Upgrade spring libraries to latest version (#4698)

2026-01-07 23:34:02 +00:00 · 2022-04-19 16:42:41 -07:00 · 2022-04-19 16:42:41 -07:00 · b8cdc7ebed
commit b8cdc7ebed
parent 87c5ad385c
8 changed files with 34 additions and 27 deletions
--- a/build.gradle
+++ b/build.gradle
@ -2,13 +2,15 @@ buildscript {
  ext.junitJupiterVersion = '5.6.1'
  ext.pegasusVersion = '29.22.16'
  ext.mavenVersion = '3.6.3'
+  ext.springVersion = '5.3.18'
+  ext.springBootVersion = '2.5.12'
  apply from: './repositories.gradle'
  buildscript.repositories.addAll(project.repositories)
  dependencies {
    classpath 'com.linkedin.pegasus:gradle-plugins:' + pegasusVersion
    classpath 'com.github.node-gradle:gradle-node-plugin:2.2.4'
    classpath 'com.commercehub.gradle.plugin:gradle-avro-plugin:0.8.1'
-    classpath 'org.springframework.boot:spring-boot-gradle-plugin:2.1.4.RELEASE'
+    classpath 'org.springframework.boot:spring-boot-gradle-plugin:' + springBootVersion
    classpath('com.github.jengelman.gradle.plugins:shadow:5.2.0') {
      exclude group: 'org.apache.logging.log4j', module: 'log4j-core'
    }
@ -119,20 +121,20 @@ project.ext.externalDependency = [
    'shiroCore': 'org.apache.shiro:shiro-core:1.8.0',
    'sparkSql' : 'org.apache.spark:spark-sql_2.11:2.4.8',
    'sparkHive' : 'org.apache.spark:spark-hive_2.11:2.4.8',
-    'springBeans': 'org.springframework:spring-beans:5.2.3.RELEASE',
-    'springContext': 'org.springframework:spring-context:5.2.3.RELEASE',
-    'springCore': 'org.springframework:spring-core:5.2.3.RELEASE',
-    'springDocUI': 'org.springdoc:springdoc-openapi-ui:1.6.6',
-    'springJdbc': 'org.springframework:spring-jdbc:5.2.3.RELEASE',
-    'springWeb': 'org.springframework:spring-web:5.2.3.RELEASE',
-    'springWebMVC': 'org.springframework:spring-webmvc:5.2.3.RELEASE',
-    'springBoot': 'org.springframework.boot:spring-boot:2.1.14.RELEASE',
-    'springBootAutoconfigure': 'org.springframework.boot:spring-boot-autoconfigure:2.1.4.RELEASE',
-    'springBootStarterWeb': 'org.springframework.boot:spring-boot-starter-web:2.1.4.RELEASE',
-    'springBootStarterJetty': 'org.springframework.boot:spring-boot-starter-jetty:2.1.4.RELEASE',
-    'springBootStarterCache': 'org.springframework.boot:spring-boot-starter-cache:2.1.4.RELEASE',
-    'springKafka': 'org.springframework.kafka:spring-kafka:2.2.14.RELEASE',
-    'springActuator': 'org.springframework.boot:spring-boot-starter-actuator:2.1.4.RELEASE',
+    'springBeans': "org.springframework:spring-beans:$springVersion",
+    'springContext': "org.springframework:spring-context:$springVersion",
+    'springCore': "org.springframework:spring-core:$springVersion",
+    'springDocUI': 'org.springdoc:springdoc-openapi-ui:1.6.7',
+    'springJdbc': "org.springframework:spring-jdbc:$springVersion",
+    'springWeb': "org.springframework:spring-web:$springVersion",
+    'springWebMVC': "org.springframework:spring-webmvc:$springVersion",
+    'springBoot': "org.springframework.boot:spring-boot:$springBootVersion",
+    'springBootAutoconfigure': "org.springframework.boot:spring-boot-autoconfigure:$springBootVersion",
+    'springBootStarterWeb': "org.springframework.boot:spring-boot-starter-web:$springBootVersion",
+    'springBootStarterJetty': "org.springframework.boot:spring-boot-starter-jetty:$springBootVersion",
+    'springBootStarterCache': "org.springframework.boot:spring-boot-starter-cache:$springBootVersion",
+    'springKafka': 'org.springframework.kafka:spring-kafka:2.7.12',
+    'springActuator': "org.springframework.boot:spring-boot-starter-actuator:$springBootVersion",
    'swaggerAnnotations': 'io.swagger.core.v3:swagger-annotations:2.1.12',
    'testng': 'org.testng:testng:7.3.0',
    'testContainers': 'org.testcontainers:testcontainers:1.15.3',
--- a/datahub-upgrade/src/main/java/com/linkedin/datahub/upgrade/UpgradeCliApplication.java
+++ b/datahub-upgrade/src/main/java/com/linkedin/datahub/upgrade/UpgradeCliApplication.java
@ -2,13 +2,13 @@ package com.linkedin.datahub.upgrade;

 import org.springframework.boot.WebApplicationType;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.autoconfigure.elasticsearch.rest.RestClientAutoConfiguration;
+import org.springframework.boot.autoconfigure.elasticsearch.ElasticsearchRestClientAutoConfiguration;
 import org.springframework.boot.builder.SpringApplicationBuilder;


@SuppressWarnings("checkstyle:HideUtilityClassConstructor")
-@SpringBootApplication(exclude = {RestClientAutoConfiguration.class}, scanBasePackages = {"com.linkedin.gms.factory",
-    "com.linkedin.datahub.upgrade.config"})
+@SpringBootApplication(exclude = {ElasticsearchRestClientAutoConfiguration.class}, scanBasePackages = {
+    "com.linkedin.gms.factory", "com.linkedin.datahub.upgrade.config"})
 public class UpgradeCliApplication {
  public static void main(String[] args) {
    new SpringApplicationBuilder(UpgradeCliApplication.class, UpgradeCli.class).web(WebApplicationType.NONE).run(args);
--- a/metadata-ingestion-examples/kafka-etl/src/main/java/com/linkedin/metadata/examples/kafka/KafkaEtlApplication.java
+++ b/metadata-ingestion-examples/kafka-etl/src/main/java/com/linkedin/metadata/examples/kafka/KafkaEtlApplication.java
@ -2,12 +2,12 @@ package com.linkedin.metadata.examples.kafka;

 import org.springframework.boot.WebApplicationType;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.autoconfigure.elasticsearch.rest.RestClientAutoConfiguration;
+import org.springframework.boot.autoconfigure.elasticsearch.ElasticsearchRestClientAutoConfiguration;
 import org.springframework.boot.builder.SpringApplicationBuilder;


@SuppressWarnings("checkstyle:HideUtilityClassConstructor")
-@SpringBootApplication(exclude = {RestClientAutoConfiguration.class}, scanBasePackages = {
+@SpringBootApplication(exclude = {ElasticsearchRestClientAutoConfiguration.class}, scanBasePackages = {
    "com.linkedin.metadata.examples.configs", "com.linkedin.metadata.examples.kafka"})
 public class KafkaEtlApplication {
  public static void main(String[] args) {
--- a/metadata-ingestion-examples/mce-cli/src/main/java/com/linkedin/metadata/examples/cli/MceCliApplication.java
+++ b/metadata-ingestion-examples/mce-cli/src/main/java/com/linkedin/metadata/examples/cli/MceCliApplication.java
@ -2,12 +2,12 @@ package com.linkedin.metadata.examples.cli;

 import org.springframework.boot.WebApplicationType;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.autoconfigure.elasticsearch.rest.RestClientAutoConfiguration;
+import org.springframework.boot.autoconfigure.elasticsearch.ElasticsearchRestClientAutoConfiguration;
 import org.springframework.boot.builder.SpringApplicationBuilder;


@SuppressWarnings("checkstyle:HideUtilityClassConstructor")
-@SpringBootApplication(exclude = {RestClientAutoConfiguration.class}, scanBasePackages = {
+@SpringBootApplication(exclude = {ElasticsearchRestClientAutoConfiguration.class}, scanBasePackages = {
    "com.linkedin.metadata.examples.configs", "com.linkedin.metadata.examples.cli"})
 public class MceCliApplication {
  public static void main(String[] args) {
--- a/metadata-jobs/mae-consumer-job/src/main/java/com/linkedin/metadata/kafka/MaeConsumerApplication.java
+++ b/metadata-jobs/mae-consumer-job/src/main/java/com/linkedin/metadata/kafka/MaeConsumerApplication.java
@ -2,10 +2,10 @@ package com.linkedin.metadata.kafka;

 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.autoconfigure.elasticsearch.rest.RestClientAutoConfiguration;
+import org.springframework.boot.autoconfigure.elasticsearch.ElasticsearchRestClientAutoConfiguration;

@SuppressWarnings("checkstyle:HideUtilityClassConstructor")
-@SpringBootApplication(exclude = {RestClientAutoConfiguration.class})
+@SpringBootApplication(exclude = {ElasticsearchRestClientAutoConfiguration.class})
 public class MaeConsumerApplication {

  public static void main(String[] args) {
--- a/metadata-jobs/mae-consumer-job/src/main/resources/application.properties
+++ b/metadata-jobs/mae-consumer-job/src/main/resources/application.properties
@ -1,3 +1,6 @@
 server.port=9091
 management.endpoints.web.exposure.include=metrics, health, info
 spring.mvc.servlet.path=/
+management.health.elasticsearch.enabled=false
+management.health.neo4j.enabled=false
+
--- a/metadata-jobs/mce-consumer-job/src/main/java/com/linkedin/metadata/kafka/MceConsumerApplication.java
+++ b/metadata-jobs/mce-consumer-job/src/main/java/com/linkedin/metadata/kafka/MceConsumerApplication.java
@ -2,11 +2,11 @@ package com.linkedin.metadata.kafka;

 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.autoconfigure.elasticsearch.rest.RestClientAutoConfiguration;
+import org.springframework.boot.autoconfigure.elasticsearch.ElasticsearchRestClientAutoConfiguration;


@SuppressWarnings("checkstyle:HideUtilityClassConstructor")
-@SpringBootApplication(exclude = {RestClientAutoConfiguration.class})
+@SpringBootApplication(exclude = {ElasticsearchRestClientAutoConfiguration.class})
 public class MceConsumerApplication {

  public static void main(String[] args) {
--- a/metadata-jobs/mce-consumer-job/src/main/resources/application.properties
+++ b/metadata-jobs/mce-consumer-job/src/main/resources/application.properties
@ -1,3 +1,5 @@
 server.port=9090
 management.endpoints.web.exposure.include=metrics, health, info
-spring.mvc.servlet.path=/
+spring.mvc.servlet.path=/
+management.health.elasticsearch.enabled=false
+management.health.neo4j.enabled=false