mirror of
https://github.com/datahub-project/datahub.git
synced 2025-06-27 05:03:31 +00:00
chore(security): version adjustments for security vulns (#9243)
This commit is contained in:
david-leifker
GitHub
parent
486e394cb8
commit
f70d8a45b5
27
build.gradle
27
build.gradle
@ -19,7 +19,7 @@ buildscript {
|
||||
ext.logbackClassic = '1.2.12'
|
||||
ext.hadoop3Version = '3.3.5'
|
||||
ext.kafkaVersion = '2.3.0'
|
||||
ext.hazelcastVersion = '5.3.1'
|
||||
ext.hazelcastVersion = '5.3.6'
|
||||
ext.ebeanVersion = '12.16.1'
|
||||
|
||||
ext.docker_registry = 'linkedin'
|
||||
@ -53,7 +53,7 @@ project.ext.spec = [
|
||||
'pegasus' : [
|
||||
'd2' : 'com.linkedin.pegasus:d2:' + pegasusVersion,
|
||||
'data' : 'com.linkedin.pegasus:data:' + pegasusVersion,
|
||||
'dataAvro1_6' : 'com.linkedin.pegasus:data-avro-1_6:' + pegasusVersion,
|
||||
'dataAvro': 'com.linkedin.pegasus:data-avro:' + pegasusVersion,
|
||||
'generator': 'com.linkedin.pegasus:generator:' + pegasusVersion,
|
||||
'restliCommon' : 'com.linkedin.pegasus:restli-common:' + pegasusVersion,
|
||||
'restliClient' : 'com.linkedin.pegasus:restli-client:' + pegasusVersion,
|
||||
@ -71,22 +71,21 @@ project.ext.externalDependency = [
|
||||
'assertJ': 'org.assertj:assertj-core:3.11.1',
|
||||
'avro': 'org.apache.avro:avro:1.11.3',
|
||||
'avroCompiler': 'org.apache.avro:avro-compiler:1.11.3',
|
||||
'awsGlueSchemaRegistrySerde': 'software.amazon.glue:schema-registry-serde:1.1.10',
|
||||
'awsMskIamAuth': 'software.amazon.msk:aws-msk-iam-auth:1.1.1',
|
||||
'awsSecretsManagerJdbc': 'com.amazonaws.secretsmanager:aws-secretsmanager-jdbc:1.0.8',
|
||||
'awsPostgresIamAuth': 'software.amazon.jdbc:aws-advanced-jdbc-wrapper:1.0.0',
|
||||
'awsGlueSchemaRegistrySerde': 'software.amazon.glue:schema-registry-serde:1.1.17',
|
||||
'awsMskIamAuth': 'software.amazon.msk:aws-msk-iam-auth:1.1.9',
|
||||
'awsSecretsManagerJdbc': 'com.amazonaws.secretsmanager:aws-secretsmanager-jdbc:1.0.13',
|
||||
'awsPostgresIamAuth': 'software.amazon.jdbc:aws-advanced-jdbc-wrapper:1.0.2',
|
||||
'awsRds':'software.amazon.awssdk:rds:2.18.24',
|
||||
'cacheApi' : 'javax.cache:cache-api:1.1.0',
|
||||
'cacheApi': 'javax.cache:cache-api:1.1.0',
|
||||
'commonsCli': 'commons-cli:commons-cli:1.5.0',
|
||||
'commonsIo': 'commons-io:commons-io:2.4',
|
||||
'commonsLang': 'commons-lang:commons-lang:2.6',
|
||||
'commonsText': 'org.apache.commons:commons-text:1.10.0',
|
||||
'commonsCollections': 'commons-collections:commons-collections:3.2.2',
|
||||
'data' : 'com.linkedin.pegasus:data:' + pegasusVersion,
|
||||
'datastaxOssNativeProtocol': 'com.datastax.oss:native-protocol:1.5.1',
|
||||
'datastaxOssCore': 'com.datastax.oss:java-driver-core:4.14.1',
|
||||
'datastaxOssQueryBuilder': 'com.datastax.oss:java-driver-query-builder:4.14.1',
|
||||
'dgraph4j' : 'io.dgraph:dgraph4j:21.03.1',
|
||||
'dgraph4j' : 'io.dgraph:dgraph4j:21.12.0',
|
||||
'dropwizardMetricsCore': 'io.dropwizard.metrics:metrics-core:4.2.3',
|
||||
'dropwizardMetricsJmx': 'io.dropwizard.metrics:metrics-jmx:4.2.3',
|
||||
'ebean': 'io.ebean:ebean:' + ebeanVersion,
|
||||
@ -131,7 +130,7 @@ project.ext.externalDependency = [
|
||||
'jsonPatch': 'com.github.java-json-tools:json-patch:1.13',
|
||||
'jsonSimple': 'com.googlecode.json-simple:json-simple:1.1.1',
|
||||
'jsonSmart': 'net.minidev:json-smart:2.4.9',
|
||||
'json': 'org.json:json:20230227',
|
||||
'json': 'org.json:json:20231013',
|
||||
'junit': 'junit:junit:4.13.2',
|
||||
'junitJupiterApi': "org.junit.jupiter:junit-jupiter-api:$junitJupiterVersion",
|
||||
'junitJupiterParams': "org.junit.jupiter:junit-jupiter-params:$junitJupiterVersion",
|
||||
@ -140,7 +139,7 @@ project.ext.externalDependency = [
|
||||
'kafkaAvroSerde': 'io.confluent:kafka-streams-avro-serde:5.5.1',
|
||||
'kafkaAvroSerializer': 'io.confluent:kafka-avro-serializer:5.1.4',
|
||||
'kafkaClients': "org.apache.kafka:kafka-clients:$kafkaVersion",
|
||||
'snappy': 'org.xerial.snappy:snappy-java:1.1.10.3',
|
||||
'snappy': 'org.xerial.snappy:snappy-java:1.1.10.4',
|
||||
'logbackClassic': "ch.qos.logback:logback-classic:$logbackClassic",
|
||||
'slf4jApi': "org.slf4j:slf4j-api:$slf4jVersion",
|
||||
'log4jCore': "org.apache.logging.log4j:log4j-core:$log4jVersion",
|
||||
@ -164,6 +163,7 @@ project.ext.externalDependency = [
|
||||
'opentelemetryAnnotations': 'io.opentelemetry:opentelemetry-extension-annotations:' + openTelemetryVersion,
|
||||
'opentracingJdbc':'io.opentracing.contrib:opentracing-jdbc:0.2.15',
|
||||
'parquet': 'org.apache.parquet:parquet-avro:1.12.3',
|
||||
'parquetHadoop': 'org.apache.parquet:parquet-hadoop:1.13.1',
|
||||
'picocli': 'info.picocli:picocli:4.5.0',
|
||||
'playCache': "com.typesafe.play:play-cache_2.12:$playVersion",
|
||||
'playWs': 'com.typesafe.play:play-ahc-ws-standalone_2.12:2.1.10',
|
||||
@ -178,6 +178,7 @@ project.ext.externalDependency = [
|
||||
'playPac4j': 'org.pac4j:play-pac4j_2.12:9.0.2',
|
||||
'postgresql': 'org.postgresql:postgresql:42.3.8',
|
||||
'protobuf': 'com.google.protobuf:protobuf-java:3.19.6',
|
||||
'grpcProtobuf': 'io.grpc:grpc-protobuf:1.53.0',
|
||||
'rangerCommons': 'org.apache.ranger:ranger-plugins-common:2.3.0',
|
||||
'reflections': 'org.reflections:reflections:0.9.9',
|
||||
'resilience4j': 'io.github.resilience4j:resilience4j-retry:1.7.1',
|
||||
@ -201,7 +202,7 @@ project.ext.externalDependency = [
|
||||
'springBootStarterJetty': "org.springframework.boot:spring-boot-starter-jetty:$springBootVersion",
|
||||
'springBootStarterCache': "org.springframework.boot:spring-boot-starter-cache:$springBootVersion",
|
||||
'springBootStarterValidation': "org.springframework.boot:spring-boot-starter-validation:$springBootVersion",
|
||||
'springKafka': 'org.springframework.kafka:spring-kafka:2.8.11',
|
||||
'springKafka': 'org.springframework.kafka:spring-kafka:2.9.13',
|
||||
'springActuator': "org.springframework.boot:spring-boot-starter-actuator:$springBootVersion",
|
||||
'swaggerAnnotations': 'io.swagger.core.v3:swagger-annotations:2.2.15',
|
||||
'swaggerCli': 'io.swagger.codegen.v3:swagger-codegen-cli:3.0.46',
|
||||
@ -263,7 +264,7 @@ subprojects {
|
||||
plugins.withType(JavaPlugin) {
|
||||
dependencies {
|
||||
constraints {
|
||||
implementation('io.netty:netty-all:4.1.86.Final')
|
||||
implementation('io.netty:netty-all:4.1.100.Final')
|
||||
implementation('org.apache.commons:commons-compress:1.21')
|
||||
implementation('org.apache.velocity:velocity-engine-core:2.3')
|
||||
implementation('org.hibernate:hibernate-validator:6.0.20.Final')
|
||||
|
||||
@ -66,7 +66,9 @@ dependencies {
|
||||
runtimeOnly externalDependency.mysqlConnector
|
||||
runtimeOnly externalDependency.postgresql
|
||||
|
||||
implementation externalDependency.awsMskIamAuth
|
||||
implementation(externalDependency.awsMskIamAuth) {
|
||||
exclude group: 'software.amazon.awssdk', module: 'third-party-jackson-core'
|
||||
}
|
||||
|
||||
annotationProcessor externalDependency.lombok
|
||||
annotationProcessor externalDependency.picocli
|
||||
@ -75,6 +77,12 @@ dependencies {
|
||||
testImplementation externalDependency.mockito
|
||||
testImplementation externalDependency.testng
|
||||
testRuntimeOnly externalDependency.logbackClassic
|
||||
|
||||
constraints {
|
||||
implementation(implementation externalDependency.parquetHadoop) {
|
||||
because("CVE-2022-42003")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
bootJar {
|
||||
|
||||
@ -7,7 +7,7 @@ configurations {
|
||||
dependencies {
|
||||
implementation project(':metadata-events:mxe-avro')
|
||||
implementation project(':metadata-models')
|
||||
implementation spec.product.pegasus.dataAvro1_6
|
||||
implementation spec.product.pegasus.dataAvro
|
||||
|
||||
testImplementation project(':test-models')
|
||||
testImplementation project(path: ':test-models', configuration: 'testDataTemplate')
|
||||
|
||||
@ -3,7 +3,7 @@ apply plugin: 'java-library'
|
||||
dependencies {
|
||||
api project(':metadata-events:mxe-avro')
|
||||
api project(':metadata-models')
|
||||
api spec.product.pegasus.dataAvro1_6
|
||||
api spec.product.pegasus.dataAvro
|
||||
|
||||
testImplementation externalDependency.testng
|
||||
testImplementation project(':test-models')
|
||||
|
||||
@ -22,13 +22,18 @@ dependencies {
|
||||
implementation externalDependency.guava
|
||||
implementation externalDependency.reflections
|
||||
implementation externalDependency.jsonPatch
|
||||
api externalDependency.dgraph4j exclude group: 'com.google.guava', module: 'guava'
|
||||
api(externalDependency.dgraph4j) {
|
||||
exclude group: 'com.google.guava', module: 'guava'
|
||||
exclude group: 'io.grpc', module: 'grpc-protobuf'
|
||||
}
|
||||
implementation externalDependency.slf4jApi
|
||||
runtimeOnly externalDependency.logbackClassic
|
||||
compileOnly externalDependency.lombok
|
||||
implementation externalDependency.commonsCollections
|
||||
api externalDependency.datastaxOssNativeProtocol
|
||||
api externalDependency.datastaxOssCore
|
||||
api(externalDependency.datastaxOssCore) {
|
||||
exclude group: 'com.fasterxml.jackson.core'
|
||||
}
|
||||
api externalDependency.datastaxOssQueryBuilder
|
||||
api externalDependency.elasticSearchRest
|
||||
api externalDependency.elasticSearchJava
|
||||
@ -101,6 +106,9 @@ dependencies {
|
||||
implementation(externalDependency.snappy) {
|
||||
because("previous versions are vulnerable to CVE-2023-34453 through CVE-2023-34455")
|
||||
}
|
||||
implementation(externalDependency.grpcProtobuf) {
|
||||
because("CVE-2023-1428, CVE-2023-32731")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -63,4 +63,5 @@ dependencies {
|
||||
configurations.all{
|
||||
exclude group: "commons-io", module:"commons-io"
|
||||
exclude group: "jline", module:"jline"
|
||||
exclude group: 'software.amazon.awssdk', module: 'third-party-jackson-core'
|
||||
}
|
||||
|
||||
@ -13,5 +13,8 @@ dependencies {
|
||||
restClientCompile(externalDependency.zookeeper) {
|
||||
because("CVE-2023-44981")
|
||||
}
|
||||
restClientCompile(externalDependency.grpcProtobuf) {
|
||||
because("CVE-2023-1428, CVE-2023-32731")
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user