From 9a7c0976f2e44d93c1a566a39340bb0879c09737 Mon Sep 17 00:00:00 2001 From: pankajmahato-visa <154867659+pankajmahato-visa@users.noreply.github.com> Date: Fri, 1 Mar 2024 03:07:21 +0530 Subject: [PATCH] chore(vulnerability): Bumped up versions for vulnerability fix (#9929) --- build.gradle | 29 ++++++++++++++++------------- buildSrc/build.gradle | 2 +- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/build.gradle b/build.gradle index 228a8a9f5ff0a..cbee21fe1d4c1 100644 --- a/build.gradle +++ b/build.gradle @@ -47,7 +47,7 @@ buildscript { ext.log4jVersion = '2.19.0' ext.slf4jVersion = '1.7.36' ext.logbackClassic = '1.4.14' - ext.hadoop3Version = '3.3.5' + ext.hadoop3Version = '3.3.6' ext.kafkaVersion = '2.3.0' ext.hazelcastVersion = '5.3.6' ext.ebeanVersion = '12.16.1' @@ -99,8 +99,8 @@ project.ext.spec = [ project.ext.externalDependency = [ 'akkaHttp': 'com.typesafe.akka:akka-http-core_2.12:10.2.10', - 'antlr4Runtime': 'org.antlr:antlr4-runtime:4.7.2', - 'antlr4': 'org.antlr:antlr4:4.7.2', + 'antlr4Runtime': 'org.antlr:antlr4-runtime:4.9.3', + 'antlr4': 'org.antlr:antlr4:4.9.3', 'assertJ': 'org.assertj:assertj-core:3.11.1', 'avro': 'org.apache.avro:avro:1.11.3', 'avroCompiler': 'org.apache.avro:avro-compiler:1.11.3', @@ -111,7 +111,7 @@ project.ext.externalDependency = [ 'awsRds':'software.amazon.awssdk:rds:2.18.24', 'cacheApi': 'javax.cache:cache-api:1.1.0', 'commonsCli': 'commons-cli:commons-cli:1.5.0', - 'commonsIo': 'commons-io:commons-io:2.4', + 'commonsIo': 'commons-io:commons-io:2.14.0', 'commonsLang': 'commons-lang:commons-lang:2.6', 'commonsText': 'org.apache.commons:commons-text:1.10.0', 'commonsCollections': 'commons-collections:commons-collections:3.2.2', @@ -155,7 +155,7 @@ project.ext.externalDependency = [ 'javatuples': 'org.javatuples:javatuples:1.2', 'javaxInject' : 'javax.inject:javax.inject:1', 'javaxValidation' : 'javax.validation:validation-api:2.0.1.Final', - 'jerseyCore': 'org.glassfish.jersey.core:jersey-client:2.25.1', + 'jerseyCore': 'org.glassfish.jersey.core:jersey-client:2.39.1', 'jerseyGuava': 'org.glassfish.jersey.bundles.repackaged:jersey-guava:2.25.1', 'jettyJaas': "org.eclipse.jetty:jetty-jaas:$jettyVersion", 'jettyClient': "org.eclipse.jetty:jetty-client:$jettyVersion", @@ -171,10 +171,10 @@ project.ext.externalDependency = [ 'junitJupiterParams': "org.junit.jupiter:junit-jupiter-params:$junitJupiterVersion", 'junitJupiterEngine': "org.junit.jupiter:junit-jupiter-engine:$junitJupiterVersion", // avro-serde includes dependencies for `kafka-avro-serializer` `kafka-schema-registry-client` and `avro` - 'kafkaAvroSerde': 'io.confluent:kafka-streams-avro-serde:5.5.1', - 'kafkaAvroSerializer': 'io.confluent:kafka-avro-serializer:5.1.4', + 'kafkaAvroSerde': 'io.confluent:kafka-streams-avro-serde:5.5.14', + 'kafkaAvroSerializer': 'io.confluent:kafka-avro-serializer:5.5.14', 'kafkaClients': "org.apache.kafka:kafka-clients:$kafkaVersion", - 'snappy': 'org.xerial.snappy:snappy-java:1.1.10.4', + 'snappy': 'org.xerial.snappy:snappy-java:1.1.10.5', 'logbackClassic': "ch.qos.logback:logback-classic:$logbackClassic", 'slf4jApi': "org.slf4j:slf4j-api:$slf4jVersion", 'log4jCore': "org.apache.logging.log4j:log4j-core:$log4jVersion", @@ -187,8 +187,8 @@ project.ext.externalDependency = [ 'mixpanel': 'com.mixpanel:mixpanel-java:1.4.4', 'mockito': 'org.mockito:mockito-core:4.11.0', 'mockitoInline': 'org.mockito:mockito-inline:4.11.0', - 'mockServer': 'org.mock-server:mockserver-netty:5.11.2', - 'mockServerClient': 'org.mock-server:mockserver-client-java:5.11.2', + 'mockServer': 'org.mock-server:mockserver-netty:5.13.0', + 'mockServerClient': 'org.mock-server:mockserver-client-java:5.13.0', 'mysqlConnector': 'mysql:mysql-connector-java:8.0.20', 'neo4jHarness': 'org.neo4j.test:neo4j-harness:' + neo4jTestVersion, 'neo4jJavaDriver': 'org.neo4j.driver:neo4j-java-driver:' + neo4jVersion, @@ -213,7 +213,7 @@ project.ext.externalDependency = [ 'playFilters': "com.typesafe.play:filters-helpers_2.12:$playVersion", 'pac4j': 'org.pac4j:pac4j-oidc:4.5.7', 'playPac4j': 'org.pac4j:play-pac4j_2.12:9.0.2', - 'postgresql': 'org.postgresql:postgresql:42.3.8', + 'postgresql': 'org.postgresql:postgresql:42.7.2', 'protobuf': 'com.google.protobuf:protobuf-java:3.19.6', 'grpcProtobuf': 'io.grpc:grpc-protobuf:1.53.0', 'rangerCommons': 'org.apache.ranger:ranger-plugins-common:2.3.0', @@ -255,9 +255,9 @@ project.ext.externalDependency = [ 'typesafeConfig':'com.typesafe:config:1.4.1', 'wiremock':'com.github.tomakehurst:wiremock:2.10.0', 'zookeeper': 'org.apache.zookeeper:zookeeper:3.7.2', - 'wire': 'com.squareup.wire:wire-compiler:3.7.1', + 'wire': 'com.squareup.wire:wire-compiler:4.9.1', 'charle': 'com.charleskorn.kaml:kaml:0.53.0', - 'common': 'commons-io:commons-io:2.7', + 'common': 'commons-io:commons-io:2.14.0', 'jline':'jline:jline:1.4.1', 'jetbrains':' org.jetbrains.kotlin:kotlin-stdlib:1.6.0', 'annotationApi': 'javax.annotation:javax.annotation-api:1.3.2', @@ -347,6 +347,9 @@ configure(subprojects.findAll {! it.name.startsWith('spark-lineage')}) { exclude group: "org.slf4j", module: "slf4j-log4j12" exclude group: "org.slf4j", module: "slf4j-nop" exclude group: "org.slf4j", module: "slf4j-ext" + exclude group: "commons-httpclient", module: "commons-httpclient" + exclude group: "org.codehaus.jackson", module: "jackson-mapper-asl" + exclude group: "software.amazon.ion", module: "ion-java" } } diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle index 88900e06d4845..e628a6a173bcc 100644 --- a/buildSrc/build.gradle +++ b/buildSrc/build.gradle @@ -21,7 +21,7 @@ dependencies { implementation 'com.google.guava:guava:32.1.2-jre' implementation 'com.fasterxml.jackson.core:jackson-databind:2.13.5' implementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.5' - implementation 'commons-io:commons-io:2.11.0' + implementation 'commons-io:commons-io:2.14.0' compileOnly 'org.projectlombok:lombok:1.18.30' annotationProcessor 'org.projectlombok:lombok:1.18.30'