chore(security): updates for security vulnerabilities (#10740)

2025-12-24 16:38:19 +00:00 · 2024-06-18 11:28:39 -05:00 · 2024-06-18 11:28:39 -05:00 · bcb40d3d71
commit bcb40d3d71
parent b2ba837987
11 changed files with 19 additions and 16 deletions
--- a/build.gradle
+++ b/build.gradle
@ -32,11 +32,11 @@ buildscript {

  ext.junitJupiterVersion = '5.6.1'
  // Releases: https://github.com/linkedin/rest.li/blob/master/CHANGELOG.md
-  ext.pegasusVersion = '29.51.6'
+  ext.pegasusVersion = '29.57.0'
  ext.mavenVersion = '3.6.3'
-  ext.springVersion = '6.1.4'
-  ext.springBootVersion = '3.2.3'
-  ext.springKafkaVersion = '3.1.2'
+  ext.springVersion = '6.1.5'
+  ext.springBootVersion = '3.2.6'
+  ext.springKafkaVersion = '3.1.6'
  ext.openTelemetryVersion = '1.18.0'
  ext.neo4jVersion = '5.14.0'
  ext.neo4jTestVersion = '5.14.0'
@ -44,9 +44,9 @@ buildscript {
  ext.testContainersVersion = '1.17.4'
  ext.elasticsearchVersion = '2.11.1' // ES 7.10, Opensearch 1.x, 2.x
  ext.jacksonVersion = '2.15.3'
-  ext.jettyVersion = '11.0.19'
-  ext.playVersion = '2.8.21'
-  ext.log4jVersion = '2.19.0'
+  ext.jettyVersion = '11.0.21'
+  ext.playVersion = '2.8.22'
+  ext.log4jVersion = '2.23.1'
  ext.slf4jVersion = '1.7.36'
  ext.logbackClassic = '1.4.14'
  ext.hadoop3Version = '3.3.5'
--- a/datahub-upgrade/build.gradle
+++ b/datahub-upgrade/build.gradle
@ -46,6 +46,9 @@ dependencies {
    implementation(externalDependency.guava) {
      because("CVE-2023-2976")
    }
+    implementation('io.airlift:aircompressor:0.27') {
+      because("CVE-2024-36114")
+    }
  }


--- a/docker/datahub-gms/Dockerfile
+++ b/docker/datahub-gms/Dockerfile
@ -6,8 +6,7 @@ ARG ALPINE_REPO_URL=http://dl-cdn.alpinelinux.org/alpine
 ARG GITHUB_REPO_URL=https://github.com
 ARG MAVEN_CENTRAL_REPO_URL=https://repo1.maven.org/maven2

-FROM golang:1-alpine3.18 AS binary
-FROM golang:1-alpine3.18 AS binary
+FROM golang:1-alpine3.20 AS binary

 # Re-declaring arg from above to make it available in this stage (will inherit default value)
 ARG ALPINE_REPO_URL
--- a/docker/datahub-ingestion-base/Dockerfile
+++ b/docker/datahub-ingestion-base/Dockerfile
@ -7,7 +7,7 @@ ARG GITHUB_REPO_URL=https://github.com
 ARG DEBIAN_REPO_URL=https://deb.debian.org/debian
 ARG PIP_MIRROR_URL=https://pypi.python.org/simple

-FROM golang:1-alpine3.18 AS dockerize-binary
+FROM golang:1-alpine3.20 AS dockerize-binary

 # Re-declaring arg from above to make it available in this stage (will inherit default value)
 ARG ALPINE_REPO_URL
--- a/docker/datahub-mae-consumer/Dockerfile
+++ b/docker/datahub-mae-consumer/Dockerfile
@ -6,7 +6,7 @@ ARG ALPINE_REPO_URL=http://dl-cdn.alpinelinux.org/alpine
 ARG GITHUB_REPO_URL=https://github.com
 ARG MAVEN_CENTRAL_REPO_URL=https://repo1.maven.org/maven2

-FROM golang:1-alpine3.18 AS binary
+FROM golang:1-alpine3.20 AS binary

 # Re-declaring arg from above to make it available in this stage (will inherit default value)
 ARG ALPINE_REPO_URL
--- a/docker/datahub-mce-consumer/Dockerfile
+++ b/docker/datahub-mce-consumer/Dockerfile
@ -6,7 +6,7 @@ ARG ALPINE_REPO_URL=http://dl-cdn.alpinelinux.org/alpine
 ARG GITHUB_REPO_URL=https://github.com
 ARG MAVEN_CENTRAL_REPO_URL=https://repo1.maven.org/maven2

-FROM golang:1-alpine3.18 AS binary
+FROM golang:1-alpine3.20 AS binary

 # Re-declaring arg from above to make it available in this stage (will inherit default value)
 ARG ALPINE_REPO_URL
--- a/docker/datahub-upgrade/Dockerfile
+++ b/docker/datahub-upgrade/Dockerfile
@ -6,7 +6,7 @@ ARG ALPINE_REPO_URL=http://dl-cdn.alpinelinux.org/alpine
 ARG GITHUB_REPO_URL=https://github.com
 ARG MAVEN_CENTRAL_REPO_URL=https://repo1.maven.org/maven2

-FROM golang:1-alpine3.18 AS binary
+FROM golang:1-alpine3.20 AS binary

 # Re-declaring arg from above to make it available in this stage (will inherit default value)
 ARG ALPINE_REPO_URL
--- a/docker/elasticsearch-setup/Dockerfile
+++ b/docker/elasticsearch-setup/Dockerfile
@ -6,7 +6,7 @@ ARG APP_ENV=prod
 # Defining custom repo urls for use in enterprise environments. Re-used between stages below.
 ARG ALPINE_REPO_URL=http://dl-cdn.alpinelinux.org/alpine

-FROM golang:1-alpine3.18 AS binary
+FROM golang:1-alpine3.20 AS binary

 ARG ALPINE_REPO_URL

--- a/docker/mysql-setup/Dockerfile
+++ b/docker/mysql-setup/Dockerfile
@ -1,7 +1,7 @@
 # Defining custom repo urls for use in enterprise environments. Re-used between stages below.
 ARG ALPINE_REPO_URL=http://dl-cdn.alpinelinux.org/alpine

-FROM golang:1-alpine3.18 AS binary
+FROM golang:1-alpine3.20 AS binary

 ARG ALPINE_REPO_URL

--- a/docker/postgres-setup/Dockerfile
+++ b/docker/postgres-setup/Dockerfile
@ -1,7 +1,7 @@
 # Defining custom repo urls for use in enterprise environments. Re-used between stages below.
 ARG ALPINE_REPO_URL=http://dl-cdn.alpinelinux.org/alpine

-FROM golang:1-alpine3.18 AS binary
+FROM golang:1-alpine3.20 AS binary

 ARG ALPINE_REPO_URL

--- a/metadata-integration/java/datahub-client/build.gradle
+++ b/metadata-integration/java/datahub-client/build.gradle
@ -120,6 +120,7 @@ shadowJar {
  relocate 'nonapi.io.github.classgraph', 'datahub.shaded.nonapi.io.github.classgraph'
  relocate 'org.eclipse.parsson', 'datahub.shaded.parsson'
  relocate 'jakarta.json', 'datahub.shaded.json'
+  relocate 'io.netty', 'datahub.shaded.io.netty'

  finalizedBy checkShadowJar
 }