mirror of
				https://github.com/datahub-project/datahub.git
				synced 2025-10-26 00:14:53 +00:00 
			
		
		
		
	chore(security): version adjustments for security vulns (#9243)
This commit is contained in:
		
							parent
							
								
									486e394cb8
								
							
						
					
					
						commit
						f70d8a45b5
					
				
							
								
								
									
										27
									
								
								build.gradle
									
									
									
									
									
								
							
							
						
						
									
										27
									
								
								build.gradle
									
									
									
									
									
								
							| @ -19,7 +19,7 @@ buildscript { | |||||||
|   ext.logbackClassic = '1.2.12' |   ext.logbackClassic = '1.2.12' | ||||||
|   ext.hadoop3Version = '3.3.5' |   ext.hadoop3Version = '3.3.5' | ||||||
|   ext.kafkaVersion = '2.3.0' |   ext.kafkaVersion = '2.3.0' | ||||||
|   ext.hazelcastVersion = '5.3.1' |   ext.hazelcastVersion = '5.3.6' | ||||||
|   ext.ebeanVersion = '12.16.1' |   ext.ebeanVersion = '12.16.1' | ||||||
| 
 | 
 | ||||||
|   ext.docker_registry = 'linkedin' |   ext.docker_registry = 'linkedin' | ||||||
| @ -53,7 +53,7 @@ project.ext.spec = [ | |||||||
|         'pegasus' : [ |         'pegasus' : [ | ||||||
|             'd2' : 'com.linkedin.pegasus:d2:' + pegasusVersion, |             'd2' : 'com.linkedin.pegasus:d2:' + pegasusVersion, | ||||||
|             'data' : 'com.linkedin.pegasus:data:' + pegasusVersion, |             'data' : 'com.linkedin.pegasus:data:' + pegasusVersion, | ||||||
|             'dataAvro1_6' : 'com.linkedin.pegasus:data-avro-1_6:' + pegasusVersion, |             'dataAvro': 'com.linkedin.pegasus:data-avro:' + pegasusVersion, | ||||||
|             'generator': 'com.linkedin.pegasus:generator:' + pegasusVersion, |             'generator': 'com.linkedin.pegasus:generator:' + pegasusVersion, | ||||||
|             'restliCommon' : 'com.linkedin.pegasus:restli-common:' + pegasusVersion, |             'restliCommon' : 'com.linkedin.pegasus:restli-common:' + pegasusVersion, | ||||||
|             'restliClient' : 'com.linkedin.pegasus:restli-client:' + pegasusVersion, |             'restliClient' : 'com.linkedin.pegasus:restli-client:' + pegasusVersion, | ||||||
| @ -71,22 +71,21 @@ project.ext.externalDependency = [ | |||||||
|     'assertJ': 'org.assertj:assertj-core:3.11.1', |     'assertJ': 'org.assertj:assertj-core:3.11.1', | ||||||
|     'avro': 'org.apache.avro:avro:1.11.3', |     'avro': 'org.apache.avro:avro:1.11.3', | ||||||
|     'avroCompiler': 'org.apache.avro:avro-compiler:1.11.3', |     'avroCompiler': 'org.apache.avro:avro-compiler:1.11.3', | ||||||
|     'awsGlueSchemaRegistrySerde': 'software.amazon.glue:schema-registry-serde:1.1.10', |     'awsGlueSchemaRegistrySerde': 'software.amazon.glue:schema-registry-serde:1.1.17', | ||||||
|     'awsMskIamAuth': 'software.amazon.msk:aws-msk-iam-auth:1.1.1', |     'awsMskIamAuth': 'software.amazon.msk:aws-msk-iam-auth:1.1.9', | ||||||
|     'awsSecretsManagerJdbc': 'com.amazonaws.secretsmanager:aws-secretsmanager-jdbc:1.0.8', |     'awsSecretsManagerJdbc': 'com.amazonaws.secretsmanager:aws-secretsmanager-jdbc:1.0.13', | ||||||
|     'awsPostgresIamAuth': 'software.amazon.jdbc:aws-advanced-jdbc-wrapper:1.0.0', |     'awsPostgresIamAuth': 'software.amazon.jdbc:aws-advanced-jdbc-wrapper:1.0.2', | ||||||
|     'awsRds':'software.amazon.awssdk:rds:2.18.24', |     'awsRds':'software.amazon.awssdk:rds:2.18.24', | ||||||
|     'cacheApi' : 'javax.cache:cache-api:1.1.0', |     'cacheApi': 'javax.cache:cache-api:1.1.0', | ||||||
|     'commonsCli': 'commons-cli:commons-cli:1.5.0', |     'commonsCli': 'commons-cli:commons-cli:1.5.0', | ||||||
|     'commonsIo': 'commons-io:commons-io:2.4', |     'commonsIo': 'commons-io:commons-io:2.4', | ||||||
|     'commonsLang': 'commons-lang:commons-lang:2.6', |     'commonsLang': 'commons-lang:commons-lang:2.6', | ||||||
|     'commonsText': 'org.apache.commons:commons-text:1.10.0', |     'commonsText': 'org.apache.commons:commons-text:1.10.0', | ||||||
|     'commonsCollections': 'commons-collections:commons-collections:3.2.2', |     'commonsCollections': 'commons-collections:commons-collections:3.2.2', | ||||||
|     'data' : 'com.linkedin.pegasus:data:' + pegasusVersion, |  | ||||||
|     'datastaxOssNativeProtocol': 'com.datastax.oss:native-protocol:1.5.1', |     'datastaxOssNativeProtocol': 'com.datastax.oss:native-protocol:1.5.1', | ||||||
|     'datastaxOssCore': 'com.datastax.oss:java-driver-core:4.14.1', |     'datastaxOssCore': 'com.datastax.oss:java-driver-core:4.14.1', | ||||||
|     'datastaxOssQueryBuilder': 'com.datastax.oss:java-driver-query-builder:4.14.1', |     'datastaxOssQueryBuilder': 'com.datastax.oss:java-driver-query-builder:4.14.1', | ||||||
|     'dgraph4j' : 'io.dgraph:dgraph4j:21.03.1', |     'dgraph4j' : 'io.dgraph:dgraph4j:21.12.0', | ||||||
|     'dropwizardMetricsCore': 'io.dropwizard.metrics:metrics-core:4.2.3', |     'dropwizardMetricsCore': 'io.dropwizard.metrics:metrics-core:4.2.3', | ||||||
|     'dropwizardMetricsJmx': 'io.dropwizard.metrics:metrics-jmx:4.2.3', |     'dropwizardMetricsJmx': 'io.dropwizard.metrics:metrics-jmx:4.2.3', | ||||||
|     'ebean': 'io.ebean:ebean:' + ebeanVersion, |     'ebean': 'io.ebean:ebean:' + ebeanVersion, | ||||||
| @ -131,7 +130,7 @@ project.ext.externalDependency = [ | |||||||
|     'jsonPatch': 'com.github.java-json-tools:json-patch:1.13', |     'jsonPatch': 'com.github.java-json-tools:json-patch:1.13', | ||||||
|     'jsonSimple': 'com.googlecode.json-simple:json-simple:1.1.1', |     'jsonSimple': 'com.googlecode.json-simple:json-simple:1.1.1', | ||||||
|     'jsonSmart': 'net.minidev:json-smart:2.4.9', |     'jsonSmart': 'net.minidev:json-smart:2.4.9', | ||||||
|     'json': 'org.json:json:20230227', |     'json': 'org.json:json:20231013', | ||||||
|     'junit': 'junit:junit:4.13.2', |     'junit': 'junit:junit:4.13.2', | ||||||
|     'junitJupiterApi': "org.junit.jupiter:junit-jupiter-api:$junitJupiterVersion", |     'junitJupiterApi': "org.junit.jupiter:junit-jupiter-api:$junitJupiterVersion", | ||||||
|     'junitJupiterParams': "org.junit.jupiter:junit-jupiter-params:$junitJupiterVersion", |     'junitJupiterParams': "org.junit.jupiter:junit-jupiter-params:$junitJupiterVersion", | ||||||
| @ -140,7 +139,7 @@ project.ext.externalDependency = [ | |||||||
|     'kafkaAvroSerde': 'io.confluent:kafka-streams-avro-serde:5.5.1', |     'kafkaAvroSerde': 'io.confluent:kafka-streams-avro-serde:5.5.1', | ||||||
|     'kafkaAvroSerializer': 'io.confluent:kafka-avro-serializer:5.1.4', |     'kafkaAvroSerializer': 'io.confluent:kafka-avro-serializer:5.1.4', | ||||||
|     'kafkaClients': "org.apache.kafka:kafka-clients:$kafkaVersion", |     'kafkaClients': "org.apache.kafka:kafka-clients:$kafkaVersion", | ||||||
|     'snappy': 'org.xerial.snappy:snappy-java:1.1.10.3', |     'snappy': 'org.xerial.snappy:snappy-java:1.1.10.4', | ||||||
|     'logbackClassic': "ch.qos.logback:logback-classic:$logbackClassic", |     'logbackClassic': "ch.qos.logback:logback-classic:$logbackClassic", | ||||||
|     'slf4jApi': "org.slf4j:slf4j-api:$slf4jVersion", |     'slf4jApi': "org.slf4j:slf4j-api:$slf4jVersion", | ||||||
|     'log4jCore': "org.apache.logging.log4j:log4j-core:$log4jVersion", |     'log4jCore': "org.apache.logging.log4j:log4j-core:$log4jVersion", | ||||||
| @ -164,6 +163,7 @@ project.ext.externalDependency = [ | |||||||
|     'opentelemetryAnnotations': 'io.opentelemetry:opentelemetry-extension-annotations:' + openTelemetryVersion, |     'opentelemetryAnnotations': 'io.opentelemetry:opentelemetry-extension-annotations:' + openTelemetryVersion, | ||||||
|     'opentracingJdbc':'io.opentracing.contrib:opentracing-jdbc:0.2.15', |     'opentracingJdbc':'io.opentracing.contrib:opentracing-jdbc:0.2.15', | ||||||
|     'parquet': 'org.apache.parquet:parquet-avro:1.12.3', |     'parquet': 'org.apache.parquet:parquet-avro:1.12.3', | ||||||
|  |     'parquetHadoop': 'org.apache.parquet:parquet-hadoop:1.13.1', | ||||||
|     'picocli': 'info.picocli:picocli:4.5.0', |     'picocli': 'info.picocli:picocli:4.5.0', | ||||||
|     'playCache': "com.typesafe.play:play-cache_2.12:$playVersion", |     'playCache': "com.typesafe.play:play-cache_2.12:$playVersion", | ||||||
|     'playWs': 'com.typesafe.play:play-ahc-ws-standalone_2.12:2.1.10', |     'playWs': 'com.typesafe.play:play-ahc-ws-standalone_2.12:2.1.10', | ||||||
| @ -178,6 +178,7 @@ project.ext.externalDependency = [ | |||||||
|     'playPac4j': 'org.pac4j:play-pac4j_2.12:9.0.2', |     'playPac4j': 'org.pac4j:play-pac4j_2.12:9.0.2', | ||||||
|     'postgresql': 'org.postgresql:postgresql:42.3.8', |     'postgresql': 'org.postgresql:postgresql:42.3.8', | ||||||
|     'protobuf': 'com.google.protobuf:protobuf-java:3.19.6', |     'protobuf': 'com.google.protobuf:protobuf-java:3.19.6', | ||||||
|  |     'grpcProtobuf': 'io.grpc:grpc-protobuf:1.53.0', | ||||||
|     'rangerCommons': 'org.apache.ranger:ranger-plugins-common:2.3.0', |     'rangerCommons': 'org.apache.ranger:ranger-plugins-common:2.3.0', | ||||||
|     'reflections': 'org.reflections:reflections:0.9.9', |     'reflections': 'org.reflections:reflections:0.9.9', | ||||||
|     'resilience4j': 'io.github.resilience4j:resilience4j-retry:1.7.1', |     'resilience4j': 'io.github.resilience4j:resilience4j-retry:1.7.1', | ||||||
| @ -201,7 +202,7 @@ project.ext.externalDependency = [ | |||||||
|     'springBootStarterJetty': "org.springframework.boot:spring-boot-starter-jetty:$springBootVersion", |     'springBootStarterJetty': "org.springframework.boot:spring-boot-starter-jetty:$springBootVersion", | ||||||
|     'springBootStarterCache': "org.springframework.boot:spring-boot-starter-cache:$springBootVersion", |     'springBootStarterCache': "org.springframework.boot:spring-boot-starter-cache:$springBootVersion", | ||||||
|     'springBootStarterValidation': "org.springframework.boot:spring-boot-starter-validation:$springBootVersion", |     'springBootStarterValidation': "org.springframework.boot:spring-boot-starter-validation:$springBootVersion", | ||||||
|     'springKafka': 'org.springframework.kafka:spring-kafka:2.8.11', |     'springKafka': 'org.springframework.kafka:spring-kafka:2.9.13', | ||||||
|     'springActuator': "org.springframework.boot:spring-boot-starter-actuator:$springBootVersion", |     'springActuator': "org.springframework.boot:spring-boot-starter-actuator:$springBootVersion", | ||||||
|     'swaggerAnnotations': 'io.swagger.core.v3:swagger-annotations:2.2.15', |     'swaggerAnnotations': 'io.swagger.core.v3:swagger-annotations:2.2.15', | ||||||
|     'swaggerCli': 'io.swagger.codegen.v3:swagger-codegen-cli:3.0.46', |     'swaggerCli': 'io.swagger.codegen.v3:swagger-codegen-cli:3.0.46', | ||||||
| @ -263,7 +264,7 @@ subprojects { | |||||||
|   plugins.withType(JavaPlugin) { |   plugins.withType(JavaPlugin) { | ||||||
|     dependencies { |     dependencies { | ||||||
|       constraints { |       constraints { | ||||||
|         implementation('io.netty:netty-all:4.1.86.Final') |         implementation('io.netty:netty-all:4.1.100.Final') | ||||||
|         implementation('org.apache.commons:commons-compress:1.21') |         implementation('org.apache.commons:commons-compress:1.21') | ||||||
|         implementation('org.apache.velocity:velocity-engine-core:2.3') |         implementation('org.apache.velocity:velocity-engine-core:2.3') | ||||||
|         implementation('org.hibernate:hibernate-validator:6.0.20.Final') |         implementation('org.hibernate:hibernate-validator:6.0.20.Final') | ||||||
|  | |||||||
| @ -66,7 +66,9 @@ dependencies { | |||||||
|   runtimeOnly externalDependency.mysqlConnector |   runtimeOnly externalDependency.mysqlConnector | ||||||
|   runtimeOnly externalDependency.postgresql |   runtimeOnly externalDependency.postgresql | ||||||
| 
 | 
 | ||||||
|   implementation externalDependency.awsMskIamAuth |   implementation(externalDependency.awsMskIamAuth) { | ||||||
|  |     exclude group: 'software.amazon.awssdk', module: 'third-party-jackson-core' | ||||||
|  |   } | ||||||
| 
 | 
 | ||||||
|   annotationProcessor externalDependency.lombok |   annotationProcessor externalDependency.lombok | ||||||
|   annotationProcessor externalDependency.picocli |   annotationProcessor externalDependency.picocli | ||||||
| @ -75,6 +77,12 @@ dependencies { | |||||||
|   testImplementation externalDependency.mockito |   testImplementation externalDependency.mockito | ||||||
|   testImplementation externalDependency.testng |   testImplementation externalDependency.testng | ||||||
|   testRuntimeOnly externalDependency.logbackClassic |   testRuntimeOnly externalDependency.logbackClassic | ||||||
|  | 
 | ||||||
|  |   constraints { | ||||||
|  |     implementation(implementation externalDependency.parquetHadoop) { | ||||||
|  |       because("CVE-2022-42003") | ||||||
|  |     } | ||||||
|  |   } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| bootJar { | bootJar { | ||||||
|  | |||||||
| @ -7,7 +7,7 @@ configurations { | |||||||
| dependencies { | dependencies { | ||||||
|   implementation project(':metadata-events:mxe-avro') |   implementation project(':metadata-events:mxe-avro') | ||||||
|   implementation project(':metadata-models') |   implementation project(':metadata-models') | ||||||
|   implementation spec.product.pegasus.dataAvro1_6 |   implementation spec.product.pegasus.dataAvro | ||||||
| 
 | 
 | ||||||
|   testImplementation project(':test-models') |   testImplementation project(':test-models') | ||||||
|   testImplementation project(path: ':test-models', configuration: 'testDataTemplate') |   testImplementation project(path: ':test-models', configuration: 'testDataTemplate') | ||||||
|  | |||||||
| @ -3,7 +3,7 @@ apply plugin: 'java-library' | |||||||
| dependencies { | dependencies { | ||||||
|   api project(':metadata-events:mxe-avro') |   api project(':metadata-events:mxe-avro') | ||||||
|   api project(':metadata-models') |   api project(':metadata-models') | ||||||
|   api spec.product.pegasus.dataAvro1_6 |   api spec.product.pegasus.dataAvro | ||||||
| 
 | 
 | ||||||
|   testImplementation externalDependency.testng |   testImplementation externalDependency.testng | ||||||
|   testImplementation project(':test-models') |   testImplementation project(':test-models') | ||||||
|  | |||||||
| @ -22,13 +22,18 @@ dependencies { | |||||||
|   implementation externalDependency.guava |   implementation externalDependency.guava | ||||||
|   implementation externalDependency.reflections |   implementation externalDependency.reflections | ||||||
|   implementation externalDependency.jsonPatch |   implementation externalDependency.jsonPatch | ||||||
|   api externalDependency.dgraph4j exclude group: 'com.google.guava', module: 'guava' |   api(externalDependency.dgraph4j) { | ||||||
|  |     exclude group: 'com.google.guava', module: 'guava' | ||||||
|  |     exclude group: 'io.grpc', module: 'grpc-protobuf' | ||||||
|  |   } | ||||||
|   implementation externalDependency.slf4jApi |   implementation externalDependency.slf4jApi | ||||||
|   runtimeOnly externalDependency.logbackClassic |   runtimeOnly externalDependency.logbackClassic | ||||||
|   compileOnly externalDependency.lombok |   compileOnly externalDependency.lombok | ||||||
|   implementation externalDependency.commonsCollections |   implementation externalDependency.commonsCollections | ||||||
|   api externalDependency.datastaxOssNativeProtocol |   api externalDependency.datastaxOssNativeProtocol | ||||||
|   api externalDependency.datastaxOssCore |   api(externalDependency.datastaxOssCore) { | ||||||
|  |     exclude group: 'com.fasterxml.jackson.core' | ||||||
|  |   } | ||||||
|   api externalDependency.datastaxOssQueryBuilder |   api externalDependency.datastaxOssQueryBuilder | ||||||
|   api externalDependency.elasticSearchRest |   api externalDependency.elasticSearchRest | ||||||
|   api externalDependency.elasticSearchJava |   api externalDependency.elasticSearchJava | ||||||
| @ -101,6 +106,9 @@ dependencies { | |||||||
|     implementation(externalDependency.snappy) { |     implementation(externalDependency.snappy) { | ||||||
|       because("previous versions are vulnerable to CVE-2023-34453 through CVE-2023-34455") |       because("previous versions are vulnerable to CVE-2023-34453 through CVE-2023-34455") | ||||||
|     } |     } | ||||||
|  |     implementation(externalDependency.grpcProtobuf) { | ||||||
|  |       because("CVE-2023-1428, CVE-2023-32731") | ||||||
|  |     } | ||||||
|   } |   } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -63,4 +63,5 @@ dependencies { | |||||||
| configurations.all{ | configurations.all{ | ||||||
|   exclude group: "commons-io", module:"commons-io" |   exclude group: "commons-io", module:"commons-io" | ||||||
|   exclude group: "jline", module:"jline" |   exclude group: "jline", module:"jline" | ||||||
|  |   exclude group: 'software.amazon.awssdk', module: 'third-party-jackson-core' | ||||||
| } | } | ||||||
|  | |||||||
| @ -13,5 +13,8 @@ dependencies { | |||||||
|     restClientCompile(externalDependency.zookeeper) { |     restClientCompile(externalDependency.zookeeper) { | ||||||
|       because("CVE-2023-44981") |       because("CVE-2023-44981") | ||||||
|     } |     } | ||||||
|  |     restClientCompile(externalDependency.grpcProtobuf) { | ||||||
|  |       because("CVE-2023-1428, CVE-2023-32731") | ||||||
|  |     } | ||||||
|   } |   } | ||||||
| } | } | ||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 david-leifker
						david-leifker