chore(deps): Migrate EOL vulnerability of javax.mail to jakarta.mail (#12282)

2025-12-12 10:35:51 +00:00 · 2025-01-10 00:45:09 +05:30 · 2025-01-10 00:45:09 +05:30 · f6c86df1f5
commit f6c86df1f5
parent d3ac112d28
3 changed files with 9 additions and 3 deletions
--- a/build.gradle
+++ b/build.gradle
@ -286,7 +286,8 @@ project.ext.externalDependency = [
    'annotationApi': 'javax.annotation:javax.annotation-api:1.3.2',
    'jakartaAnnotationApi': 'jakarta.annotation:jakarta.annotation-api:3.0.0',
    'classGraph': 'io.github.classgraph:classgraph:4.8.172',
-    'mustache': 'com.github.spullara.mustache.java:compiler:0.9.14'
+    'mustache': 'com.github.spullara.mustache.java:compiler:0.9.14',
+    'javaxMail': 'com.sun.mail:jakarta.mail:1.6.7'
 ]

 allprojects {
@ -374,6 +375,7 @@ configure(subprojects.findAll {! it.name.startsWith('spark-lineage')}) {
    exclude group: "org.slf4j", module: "slf4j-nop"
    exclude group: "org.slf4j", module: "slf4j-ext"
    exclude group: "org.codehaus.jackson", module: "jackson-mapper-asl"
+    exclude group: "javax.mail", module: "mail"

    resolutionStrategy.force externalDependency.antlr4Runtime
    resolutionStrategy.force externalDependency.antlr4
--- a/metadata-service/restli-client/src/main/java/com/linkedin/entity/client/RestliEntityClient.java
+++ b/metadata-service/restli-client/src/main/java/com/linkedin/entity/client/RestliEntityClient.java
@ -103,10 +103,10 @@ import java.util.stream.Collectors;
 import java.util.stream.StreamSupport;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
-import javax.mail.MethodNotSupportedException;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.NotImplementedException;
+import org.apache.http.MethodNotSupportedException;
 import org.opensearch.core.common.util.CollectionUtils;

@Slf4j
@ -1195,7 +1195,7 @@ public class RestliEntityClient extends BaseClient implements EntityClient {
      @Nonnull String aspect,
      @Nonnull Long version)
      throws RemoteInvocationException {
-    throw new MethodNotSupportedException();
+    throw new MethodNotSupportedException("Method not supported");
  }

  @Override
--- a/metadata-utils/build.gradle
+++ b/metadata-utils/build.gradle
@ -26,6 +26,7 @@ dependencies {

  implementation externalDependency.slf4jApi
  compileOnly externalDependency.lombok
+  runtimeOnly externalDependency.javaxMail

  annotationProcessor externalDependency.lombok

@ -40,6 +41,9 @@ dependencies {
      implementation(externalDependency.log4jApi) {
        because("previous versions are vulnerable to CVE-2021-45105")
    }
+    implementation(externalDependency.javaxMail) {
+      because("previous versions are vulnerable")
+    }
  }
  implementation externalDependency.logbackClassic