yujunjun/datahub
2
0
Fork 0
mirror of https://github.com/datahub-project/datahub.git synced 2025-11-04 04:39:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): Update dependencies to address multiple CVEs (#15045)

Browse Source
This commit is contained in:
Esteban Gutierrez 2025-10-18 14:02:26 -05:00 committed by GitHub
parent 6fc68b6c6b
commit d54dd9642d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
build.gradle
View File

@ -36,12 +36,12 @@ buildscript {
ext.junitJupiterVersion = '5.6.1' ext.junitJupiterVersion = '5.6.1'
// Releases: https://github.com/linkedin/rest.li/blob/master/CHANGELOG.md // Releases: https://github.com/linkedin/rest.li/blob/master/CHANGELOG.md
ext.pegasusVersion = '29.74.2' ext.pegasusVersion = '29.74.2'
ext.mavenVersion = '3.6.3' ext.mavenVersion = '3.8.1'
ext.versionGradle = '8.14.3' ext.versionGradle = '8.14.3'
ext.springVersion = '6.2.11' ext.springVersion = '6.2.11'
ext.springBootVersion = '3.4.5' ext.springBootVersion = '3.4.5'
ext.springKafkaVersion = '3.3.8' ext.springKafkaVersion = '3.3.8'
ext.openTelemetryVersion = '1.49.0' ext.openTelemetryVersion = '1.54.1'
ext.neo4jVersion = '5.20.0' ext.neo4jVersion = '5.20.0'
ext.neo4jApocVersion = '5.20.0' ext.neo4jApocVersion = '5.20.0'
ext.testContainersVersion = '1.21.1' ext.testContainersVersion = '1.21.1'
@ -55,7 +55,7 @@ buildscript {
ext.akkaVersion = '2.6.21' // 2.7.0+ has incompatible license ext.akkaVersion = '2.6.21' // 2.7.0+ has incompatible license
ext.log4jVersion = '2.23.1' ext.log4jVersion = '2.23.1'
ext.slf4jVersion = '1.7.36' ext.slf4jVersion = '1.7.36'
ext.logbackClassic = '1.5.18' ext.logbackClassic = '1.5.19'
ext.hadoop3Version = '3.3.6' ext.hadoop3Version = '3.3.6'
ext.kafkaVersion = '8.0.0' ext.kafkaVersion = '8.0.0'
ext.hazelcastVersion = '5.3.6' ext.hazelcastVersion = '5.3.6'
@ -126,15 +126,15 @@ project.ext.externalDependency = [
'awaitility': 'org.awaitility:awaitility:4.2.0', 'awaitility': 'org.awaitility:awaitility:4.2.0',
'avro': 'org.apache.avro:avro:1.11.4', 'avro': 'org.apache.avro:avro:1.11.4',
'avroCompiler': 'org.apache.avro:avro-compiler:1.11.4', 'avroCompiler': 'org.apache.avro:avro-compiler:1.11.4',
'awsGlueSchemaRegistrySerde': 'software.amazon.glue:schema-registry-serde:1.1.23', 'awsGlueSchemaRegistrySerde': 'software.amazon.glue:schema-registry-serde:1.1.25',
'awsMskIamAuth': 'software.amazon.msk:aws-msk-iam-auth:2.3.2', 'awsMskIamAuth': 'software.amazon.msk:aws-msk-iam-auth:2.3.2',
'awsSdk2Bom': 'software.amazon.awssdk:bom:2.23.6', 'awsSdk2Bom': 'software.amazon.awssdk:bom:2.23.6',
'awsS3': "software.amazon.awssdk:s3:$awsSdk2Version", 'awsS3': "software.amazon.awssdk:s3:$awsSdk2Version",
'awsSecretsManagerJdbc': 'com.amazonaws.secretsmanager:aws-secretsmanager-jdbc:1.0.15', 'awsSecretsManagerJdbc': 'com.amazonaws.secretsmanager:aws-secretsmanager-jdbc:1.0.15',
'awsPostgresIamAuth': 'software.amazon.jdbc:aws-advanced-jdbc-wrapper:2.5.4', 'awsPostgresIamAuth': 'software.amazon.jdbc:aws-advanced-jdbc-wrapper:2.5.6',
'awsRds':"software.amazon.awssdk:rds:$awsSdk2Version", 'awsRds':"software.amazon.awssdk:rds:$awsSdk2Version",
'azureIdentityExtensions': 'com.azure:azure-identity-extensions:1.2.2', 'azureIdentityExtensions': 'com.azure:azure-identity-extensions:1.2.5',
'azureIdentity': 'com.azure:azure-identity:1.15.4', 'azureIdentity': 'com.azure:azure-identity:1.18.1',
'cacheApi': 'javax.cache:cache-api:1.1.0', 'cacheApi': 'javax.cache:cache-api:1.1.0',
'commonsCli': 'commons-cli:commons-cli:1.5.0', 'commonsCli': 'commons-cli:commons-cli:1.5.0',
'commonsIo': 'commons-io:commons-io:2.17.0', 'commonsIo': 'commons-io:commons-io:2.17.0',
@ -238,7 +238,7 @@ project.ext.externalDependency = [
'opentelemetryExporter': 'io.opentelemetry:opentelemetry-exporter-otlp:' + openTelemetryVersion, 'opentelemetryExporter': 'io.opentelemetry:opentelemetry-exporter-otlp:' + openTelemetryVersion,
'openTelemetryExporterLogging': 'io.opentelemetry:opentelemetry-exporter-logging:' + openTelemetryVersion, 'openTelemetryExporterLogging': 'io.opentelemetry:opentelemetry-exporter-logging:' + openTelemetryVersion,
'openTelemetryExporterCommon': 'io.opentelemetry:opentelemetry-exporter-otlp-common:' + openTelemetryVersion, 'openTelemetryExporterCommon': 'io.opentelemetry:opentelemetry-exporter-otlp-common:' + openTelemetryVersion,
'opentelemetryAnnotations': 'io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.15.0', 'opentelemetryAnnotations': 'io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.20.1',
'opentracingJdbc':'io.opentracing.contrib:opentracing-jdbc:0.2.15', 'opentracingJdbc':'io.opentracing.contrib:opentracing-jdbc:0.2.15',
'parquet': 'org.apache.parquet:parquet-avro:1.15.2', 'parquet': 'org.apache.parquet:parquet-avro:1.15.2',
'parquetHadoop': 'org.apache.parquet:parquet-hadoop:1.13.1', 'parquetHadoop': 'org.apache.parquet:parquet-hadoop:1.13.1',
@ -319,7 +319,7 @@ allprojects {
// Apply test-logger plugin for better test output // Apply test-logger plugin for better test output
apply plugin: 'com.adarshr.test-logger' apply plugin: 'com.adarshr.test-logger'
testlogger { testlogger {
theme 'mocha' // Clean, modern output theme 'mocha' // Clean, modern output
showExceptions true showExceptions true
@ -430,7 +430,7 @@ configure(subprojects.findAll {! it.name.startsWith('spark-lineage')}) {
exclude group: 'commons-httpclient', module: 'commons-httpclient' exclude group: 'commons-httpclient', module: 'commons-httpclient'
exclude group: 'commons-collections', module: 'commons-collections' exclude group: 'commons-collections', module: 'commons-collections'
exclude group: 'commons-lang', module: 'commons-lang' exclude group: 'commons-lang', module: 'commons-lang'
// Tomcat excluded for jetty // Tomcat excluded for jetty
exclude group: 'org.apache.tomcat.embed', module: 'tomcat-embed-el' exclude group: 'org.apache.tomcat.embed', module: 'tomcat-embed-el'
exclude group: 'org.springframework.boot', module: 'spring-boot-starter-tomcat' exclude group: 'org.springframework.boot', module: 'spring-boot-starter-tomcat'
@ -513,6 +513,7 @@ subprojects {
implementation('org.hibernate:hibernate-validator:6.0.20.Final') implementation('org.hibernate:hibernate-validator:6.0.20.Final')
implementation("com.fasterxml.jackson.core:jackson-databind:$jacksonVersion") implementation("com.fasterxml.jackson.core:jackson-databind:$jacksonVersion")
implementation("com.fasterxml.jackson.core:jackson-dataformat-cbor:$jacksonVersion") implementation("com.fasterxml.jackson.core:jackson-dataformat-cbor:$jacksonVersion")
implementation('com.squareup.okhttp3:okhttp:4.12.0')
implementation(externalDependency.commonsIo) implementation(externalDependency.commonsIo)
implementation(externalDependency.protobuf) implementation(externalDependency.protobuf)
} }

2
datahub-upgrade/build.gradle
View File

@ -30,7 +30,7 @@ dependencies {
exclude group: "org.eclipse.jetty" exclude group: "org.eclipse.jetty"
exclude group: "org.apache.hadoop.thirdparty", module: "hadoop-shaded-protobuf_3_7" exclude group: "org.apache.hadoop.thirdparty", module: "hadoop-shaded-protobuf_3_7"
exclude group: "com.charleskorn.kaml", module:"kaml" exclude group: "com.charleskorn.kaml", module:"kaml"
exclude group: "org.apache.kerby", module:"kerb-simplekdc"
} }
constraints { constraints {