mirror of https://github.com/apache/nifi.git
NIFI-12276 Addressed Dependency Check Findings
- Added dependency-check GitHub workflow - Upgraded Janino Commons Compiler from 3.1.9 to 3.1.10 - Upgraded Azure SDK BOM from 1.2.16 to 1.2.17 - Upgraded GCP SDK BOM from 26.17.0 to 26.25.0 - Upgraded AWS SDK from 1.12.550 to 1.12.573 - Upgraded Hazelcast from 5.3.2 to 5.3.5 - Upgraded Jersey from 2.40 to 2.41 - Upgraded Camel Salesforce from 3.14.5 to 3.14.9 - Unified ZooKeeper versioning on 3.9.1 - Applied Groovy 2.4.21 to Hive 3 and Iceberg components - Applied gRPC version 1.59.0 to Asana components - Applied Jettison 1.5.4 to Atlas and Hive 3 components - Managed JUnit 4 version to 4.13.2 for MockWebServer - Excluded HBase libraries from Hive 3 following Iceberg approach - Excluded Htrace from HBase components - Upgraded OWASP Dependency Check from 8.4.0 to 8.4.2 - Removed non-applicable dependency check suppressions - Added dependency check suppressions for non-applicable findings Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com> This closes #7948.
This commit is contained in:
exceptionfactory
Pierre Villard
parent
2366132e92
commit
0e1ae2bd6f
|
|
@ -0,0 +1,70 @@
|
|||
# Licensed to the Apache Software Foundation (ASF) under one
|
||||
# or more contributor license agreements. See the NOTICE file
|
||||
# distributed with this work for additional information
|
||||
# regarding copyright ownership. The ASF licenses this file
|
||||
# to you under the Apache License, Version 2.0 (the
|
||||
# "License"); you may not use this file except in compliance
|
||||
# with the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
name: dependency-check
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: "0 3 * * *"
|
||||
push:
|
||||
paths:
|
||||
- '**/pom.xml'
|
||||
pull_request:
|
||||
paths:
|
||||
- '**/pom.xml'
|
||||
|
||||
env:
|
||||
DEFAULT_MAVEN_OPTS: >-
|
||||
-Dorg.slf4j.simpleLogger.defaultLogLevel=WARN
|
||||
-Daether.connector.http.retryHandler.count=5
|
||||
-Daether.connector.http.connectionMaxTtl=30
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.ref }}
|
||||
cancel-in-progress: true
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
timeout-minutes: 30
|
||||
runs-on: ubuntu-latest
|
||||
name: Dependency Check
|
||||
steps:
|
||||
- name: Checkout Code
|
||||
uses: actions/checkout@v4
|
||||
- name: Set up Java Zulu 21
|
||||
uses: actions/setup-java@v3
|
||||
with:
|
||||
distribution: 'zulu'
|
||||
java-version: 21
|
||||
cache: 'maven'
|
||||
- name: Run Dependency Check
|
||||
env:
|
||||
MAVEN_OPTS: >-
|
||||
${{ env.DEFAULT_MAVEN_OPTS }}
|
||||
run: >
|
||||
./mvnw
|
||||
--no-transfer-progress
|
||||
--activate-profiles dependency-check
|
||||
validate
|
||||
- name: Upload Report
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: dependency-check-report
|
||||
path: |
|
||||
target/dependency-check-report.html
|
||||
retention-days: 7
|
||||
|
|
@ -18,6 +18,7 @@
|
|||
[](https://github.com/apache/nifi/actions/workflows/system-tests.yml)
|
||||
[](https://github.com/apache/nifi/actions/workflows/integration-tests.yml)
|
||||
[](https://github.com/apache/nifi/actions/workflows/docker-tests.yml)
|
||||
[](https://github.com/apache/nifi/actions/workflows/dependency-check.yml)
|
||||
[](https://hub.docker.com/r/apache/nifi/)
|
||||
[](https://nifi.apache.org/download.html)
|
||||
[](https://s.apache.org/nifi-community-slack)
|
||||
|
|
|
|||
|
|
@ -155,6 +155,13 @@ limitations under the License.
|
|||
<dependency>
|
||||
<groupId>org.glassfish.jersey.containers</groupId>
|
||||
<artifactId>jersey-container-jetty-http</artifactId>
|
||||
<exclusions>
|
||||
<!-- jetty-continuation is not included in Jetty 10 -->
|
||||
<exclusion>
|
||||
<groupId>org.eclipse.jetty</groupId>
|
||||
<artifactId>jetty-continuation</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.glassfish.jersey.containers</groupId>
|
||||
|
|
|
|||
|
|
@ -451,6 +451,18 @@ limitations under the License.
|
|||
<artifactId>guava</artifactId>
|
||||
<version>32.1.2-jre</version>
|
||||
</dependency>
|
||||
|
||||
<!-- Override Commons Compiler 3.1.9 from calcite-core -->
|
||||
<dependency>
|
||||
<groupId>org.codehaus.janino</groupId>
|
||||
<artifactId>commons-compiler</artifactId>
|
||||
<version>3.1.10</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.codehaus.janino</groupId>
|
||||
<artifactId>janino</artifactId>
|
||||
<version>3.1.10</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -25,6 +25,22 @@
|
|||
<artifactId>nifi-calcite-utils</artifactId>
|
||||
<name>nifi-calcite-utils</name>
|
||||
|
||||
<dependencyManagement>
|
||||
<dependencies>
|
||||
<!-- Override Commons Compiler 3.1.9 from calcite-core -->
|
||||
<dependency>
|
||||
<groupId>org.codehaus.janino</groupId>
|
||||
<artifactId>commons-compiler</artifactId>
|
||||
<version>3.1.10</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.codehaus.janino</groupId>
|
||||
<artifactId>janino</artifactId>
|
||||
<version>3.1.10</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.apache.nifi</groupId>
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@
|
|||
<dependency>
|
||||
<groupId>com.azure</groupId>
|
||||
<artifactId>azure-sdk-bom</artifactId>
|
||||
<version>1.2.16</version>
|
||||
<version>1.2.17</version>
|
||||
<scope>import</scope>
|
||||
<type>pom</type>
|
||||
</dependency>
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@
|
|||
</parent>
|
||||
<artifactId>nifi-property-protection-gcp</artifactId>
|
||||
<properties>
|
||||
<gcp.sdk.version>26.17.0</gcp.sdk.version>
|
||||
<gcp.sdk.version>26.25.0</gcp.sdk.version>
|
||||
<guava.version>32.1.2-jre</guava.version>
|
||||
</properties>
|
||||
<dependencyManagement>
|
||||
|
|
|
|||
|
|
@ -34,36 +34,6 @@
|
|||
<packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$</packageUrl>
|
||||
<vulnerabilityName>CVE-2020-5408</vulnerabilityName>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>Apache Hive vulnerabilities do not apply to Flume Hive Sink</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.flume\.flume\-ng\-sinks/flume\-hive\-sink@.*$</packageUrl>
|
||||
<cpe>cpe:/a:apache:hive</cpe>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>Apache Kafka vulnerabilities do not apply to Flume Kafka Sink</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.flume\.flume\-ng\-sinks/flume\-ng\-kafka\-sink@.*$</packageUrl>
|
||||
<cpe>cpe:/a:apache:kafka</cpe>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>Apache Kafka vulnerabilities do not apply to Flume Kafka Source</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.flume\.flume\-ng\-sources/flume\-kafka\-source@.*$</packageUrl>
|
||||
<cpe>cpe:/a:apache:kafka</cpe>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>Apache Kafka vulnerabilities do not apply to Flume Shared Kafka</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.flume\.flume\-shared/flume\-shared\-kafka@.*$</packageUrl>
|
||||
<cpe>cpe:/a:apache:kafka</cpe>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>Apache HBase vulnerabilities do not apply to Flume HBase Sink</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.flume\.flume\-ng\-sinks/flume\-ng\-hbase\-sink@.*$</packageUrl>
|
||||
<cpe>cpe:/a:apache:hbase</cpe>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>Apache Solr vulnerabilities do not apply to Flume Solr Sink</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.flume\.flume\-ng\-sinks/flume\-ng\-morphline\-solr\-sink@.*$</packageUrl>
|
||||
<cpe>cpe:/a:apache:solr</cpe>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2017-10355 does not apply to Xerces 2.12.2</notes>
|
||||
<packageUrl regex="true">^pkg:maven/xerces/xercesImpl@.*$</packageUrl>
|
||||
|
|
@ -74,26 +44,11 @@
|
|||
<packageUrl regex="true">^pkg:maven/org\.apache\.calcite\/calcite-druid@.*$</packageUrl>
|
||||
<cve>CVE-2020-13955</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2018-8025 applies to HBase Server not HBase Client</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.hbase/hbase\-client@.*$</packageUrl>
|
||||
<cve>CVE-2018-8025</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2019-0212 applies to HBase Server not HBase Client</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.hbase/hbase\-client@.*$</packageUrl>
|
||||
<cve>CVE-2019-0212</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2007-6465 applies to Ganglia Server not Ganglia client libraries</notes>
|
||||
<packageUrl regex="true">^pkg:maven/com\.yammer\.metrics/metrics\-ganglia@.*$</packageUrl>
|
||||
<cve>CVE-2007-6465</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2021-43045 applies to the Apache Avro .NET SDK and not to the Java SDK</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.avro/avro@.*$</packageUrl>
|
||||
<cve>CVE-2021-43045</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2022-31159 applies to AWS S3 library not the SWF libraries</notes>
|
||||
<packageUrl regex="true">^pkg:maven/com\.amazonaws/aws\-java\-sdk\-swf\-libraries@.*$</packageUrl>
|
||||
|
|
@ -114,16 +69,6 @@
|
|||
<packageUrl regex="true">^pkg:maven/org\.elasticsearch/elasticsearch@7.*$</packageUrl>
|
||||
<cpe regex="true">^cpe:/a:elastic.*$</cpe>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>Elasticsearch Server CVE-2020-7009 does not apply to elasticsearch client libraries</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.elasticsearch/elasticsearch.*$</packageUrl>
|
||||
<cve>CVE-2020-7009</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>Elasticsearch Server CVE-2020-7014 does not apply to elasticsearch client libraries</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.elasticsearch/elasticsearch.*$</packageUrl>
|
||||
<cve>CVE-2020-7014</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2021-22145 applies to Elasticsearch Server not client libraries</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.elasticsearch/elasticsearch@.*$</packageUrl>
|
||||
|
|
@ -154,11 +99,6 @@
|
|||
<packageUrl regex="true">^pkg:maven/org\.apache\.calcite/calcite\-druid@.*$</packageUrl>
|
||||
<cve>CVE-2022-39135</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2018-1000873 applies to Jackson Java 8 Time modules not Jackson Annotations</notes>
|
||||
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-annotations@.*$</packageUrl>
|
||||
<cve>CVE-2018-1000873</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2010-1151 applies to mod_auth_shadow in Apache HTTP Server not the FTP server library</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.ftpserver/.*$</packageUrl>
|
||||
|
|
@ -204,31 +144,11 @@
|
|||
<packageUrl regex="true">^pkg:maven/org\.apache\.hive/hive\-storage\-api@.*$</packageUrl>
|
||||
<cve>CVE-2021-34538</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2018-8025 applies to HBase server not the shaded libraries</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.hbase\.thirdparty/hbase\-shaded\-.*$</packageUrl>
|
||||
<cve>CVE-2018-8025</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2018-8025 applies to HBase Server not HBase libraries</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.hbase/hbase\-.*$</packageUrl>
|
||||
<cve>CVE-2018-8025</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2019-0212 applies to HBase Server not HBase libraries</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.hbase/hbase\-.*$</packageUrl>
|
||||
<cve>CVE-2019-0212</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>Hadoop vulnerabilities do not apply to HBase Hadoop2 compatibility library</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.hbase/hbase\-hadoop2\-compat@.*$</packageUrl>
|
||||
<cpe>cpe:/a:apache:hadoop</cpe>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2022-45688 applies to hutools-json not org.json</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.json/json@.*$</packageUrl>
|
||||
<cve>CVE-2022-45688</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>The Jackson maintainers dispute the applicability of CVE-2023-35116 based on cyclic nature of reported concern</notes>
|
||||
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
|
||||
|
|
@ -259,4 +179,269 @@
|
|||
<packageUrl regex="true">^pkg:maven/io\.netty/netty.*?@.*$</packageUrl>
|
||||
<cve>CVE-2022-41915</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2023-34462 applies to Netty servers using SniHandler not Netty 4.1 shaded for Couchbase and HBase 2</notes>
|
||||
<packageUrl regex="true">^pkg:maven/io\.netty/netty.*$</packageUrl>
|
||||
<cve>CVE-2023-34462</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>The Square Wire framework is not the same as the Wire secure communication application</notes>
|
||||
<packageUrl regex="true">^pkg:maven/com\.squareup\.wire/.*$</packageUrl>
|
||||
<cpe>cpe:/a:wire:wire</cpe>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2023-44487 applies to Solr Server not Solr client libraries</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.solr/solr\-solrj@.*$</packageUrl>
|
||||
<cve>CVE-2023-44487</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>Quartz maintainers dispute CVE-2023-39017 because it requires code injection from external users</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.quartz\-scheduler/quartz@.*$</packageUrl>
|
||||
<cve>CVE-2023-39017</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>Avro project vulnerabilities do not apply to Parquet Avro</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.parquet/parquet\-avro@.*$</packageUrl>
|
||||
<cpe>cpe:/a:avro_project:avro</cpe>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2023-4759 is resolved in 6.7.0 which is already upgraded in nifi-registry</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.eclipse\.jgit/.*$</packageUrl>
|
||||
<cve>CVE-2023-4759</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2023-4586 is resolved in Netty 4.1.100 which is already upgraded</notes>
|
||||
<packageUrl regex="true">^pkg:maven/io\.netty/netty.*$</packageUrl>
|
||||
<cve>CVE-2023-4586</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2023-35887 applies to MINA SSHD not MINA core libraries</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.mina/mina\-core@.*$</packageUrl>
|
||||
<cve>CVE-2023-35887</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2016-5397 applies to Apache Thrift Go not Java</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.thrift/libthrift@.*$</packageUrl>
|
||||
<cve>CVE-2016-5397</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2019-0210 applies to Apache Thrift Go server not Java</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.thrift/libthrift@.*$</packageUrl>
|
||||
<cve>CVE-2019-0210</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2018-11798 applies Apache Thrift Node.js not Java</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.thrift/libthrift@.*$</packageUrl>
|
||||
<cve>CVE-2018-11798</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2019-11939 applies to Thrift Servers in Go not Java</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.thrift/libfb303@.*$</packageUrl>
|
||||
<cve>CVE-2019-11939</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2019-3552 applies to Thrift Servers in CPP not Java</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.thrift/libfb303@.*$</packageUrl>
|
||||
<cve>CVE-2019-3552</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2019-3553 applies to Thrift Servers in CPP not Java</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.thrift/libfb303@.*$</packageUrl>
|
||||
<cve>CVE-2019-3553</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2019-3558 applies to Thrift Servers in Python not Java</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.thrift/libfb303@.*$</packageUrl>
|
||||
<cve>CVE-2019-3558</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2019-3564 applies to Thrift Servers in Go not Java</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.thrift/libfb303@.*$</packageUrl>
|
||||
<cve>CVE-2019-3564</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2019-3565 applies to Thrift Servers in CPP not Java</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.thrift/libfb303@.*$</packageUrl>
|
||||
<cve>CVE-2019-3565</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2021-24028 applies to Facebook Thrift CPP</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.thrift/libfb303@.*$</packageUrl>
|
||||
<cve>CVE-2021-24028</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2019-11938 applies to Facebook Thrift Servers</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.thrift/libfb303@.*$</packageUrl>
|
||||
<cve>CVE-2019-11938</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2019-3559 applies to Facebook Thrift Servers</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.thrift/libfb303@.*$</packageUrl>
|
||||
<cve>CVE-2019-3559</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2023-36479 was resolved in Jetty 10.0.16</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty/jetty\-servlets@.*$</packageUrl>
|
||||
<vulnerabilityName>CVE-2023-36479</vulnerabilityName>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>The jetty-servlet-api is versioned according to the Java Servlet API version not the Jetty version</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty\.toolchain/jetty\-servlet\-api@.*$</packageUrl>
|
||||
<cpe>cpe:/a:eclipse:jetty</cpe>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2023-31419 applies to Elasticsearch Server not client libraries</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.elasticsearch/elasticsearch@.*$</packageUrl>
|
||||
<vulnerabilityName>CVE-2023-31419</vulnerabilityName>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2023-37475 applies to Hamba Avro in Go not Apache Avro for Java</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.avro/.*$</packageUrl>
|
||||
<cve>CVE-2023-37475</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2023-45860 is resolved in Hazelcast 5.3.5</notes>
|
||||
<packageUrl regex="true">^pkg:maven/com\.hazelcast/hazelcast@.*$</packageUrl>
|
||||
<vulnerabilityName>CVE-2023-45860</vulnerabilityName>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2023-36414 applies to Azure Identity for .NET not Java</notes>
|
||||
<packageUrl regex="true">^pkg:maven/com\.azure/azure\-identity@.*$</packageUrl>
|
||||
<cve>CVE-2023-36414</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2023-36415 applies to Azure Identity for Python not Java</notes>
|
||||
<packageUrl regex="true">^pkg:maven/com\.azure/azure\-identity@.*$</packageUrl>
|
||||
<cve>CVE-2023-36415</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2020-13949 applies to Thrift and not to Hive</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.hive.*$</packageUrl>
|
||||
<cve>CVE-2020-13949</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2023-44487 applies to netty-codec-http2 as a Server</notes>
|
||||
<packageUrl regex="true">^pkg:maven/io\.netty/netty.*$</packageUrl>
|
||||
<cve>CVE-2023-44487</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>Parquet MR vulnerabilities do not apply to other Parquet libraries</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.parquet/parquet\-(?!mr).*$</packageUrl>
|
||||
<cpe>cpe:/a:apache:parquet-mr</cpe>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>Apache Hadoop vulnerabilities do not apply to Parquet Hadoop Bundle library</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.apache\.parquet/parquet\-hadoop\-bundle@.*$</packageUrl>
|
||||
<cpe>cpe:/a:apache:hadoop</cpe>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2017-7525 applies to Jackson 2 not Jackson 1</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.codehaus\.jackson/jackson\-mapper\-asl@.*$</packageUrl>
|
||||
<vulnerabilityName>CVE-2017-7525</vulnerabilityName>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2019-11358 applies to bundled copies of jQuery not used in the project</notes>
|
||||
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
|
||||
<cve>CVE-2019-11358</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2020-11022 applies to bundled copies of jQuery not used in the project</notes>
|
||||
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
|
||||
<cve>CVE-2020-11022</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2020-11023 applies to bundled copies of jQuery not used in the project</notes>
|
||||
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
|
||||
<cve>CVE-2020-11023</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2020-23064 applies to bundled copies of jQuery not used in the project</notes>
|
||||
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
|
||||
<cve>CVE-2020-23064</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2011-4969 applies to bundled copies of jQUery not used in the project</notes>
|
||||
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
|
||||
<cve>CVE-2011-4969</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2012-6708 applies to bundled copies of jQUery not used in the project</notes>
|
||||
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
|
||||
<cve>CVE-2012-6708</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2015-9251 applies to bundled copies of jQUery not used in the project</notes>
|
||||
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
|
||||
<cve>CVE-2015-9251</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2020-7656 applies to bundled copies of jQUery not used in the project</notes>
|
||||
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
|
||||
<cve>CVE-2020-7656</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>jQuery vulnerability warning for historical versions</notes>
|
||||
<packageUrl regex="true">^pkg:javascript/jquery@.*$</packageUrl>
|
||||
<vulnerabilityName>jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates</vulnerabilityName>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2020-28458 applies to bundled copies of jQuery datatables not used in the project</notes>
|
||||
<packageUrl regex="true">^pkg:javascript/jquery\.datatables@.*$</packageUrl>
|
||||
<cve>CVE-2020-28458</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2021-23445 applies to bundled copies of jQuery datatables not used in the project</notes>
|
||||
<packageUrl regex="true">^pkg:javascript/jquery\.datatables@.*$</packageUrl>
|
||||
<cve>CVE-2021-23445</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2023-44487 references gRPC for Go</notes>
|
||||
<packageUrl regex="true">^pkg:maven/io\.grpc/grpc.*$</packageUrl>
|
||||
<cve>CVE-2023-44487</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>Guava temporary directory file creation is not used</notes>
|
||||
<packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
|
||||
<cve>CVE-2023-2976</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>Guava temporary directory file creation is not used</notes>
|
||||
<packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
|
||||
<cve>CVE-2020-8908</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2021-44521 applies to Apache Cassandra Server</notes>
|
||||
<packageUrl regex="true">^pkg:maven/com\.datastax\.cassandra/cassandra\-driver\-extras@.*$</packageUrl>
|
||||
<cve>CVE-2021-44521</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2020-17516 applies to Apache Cassandra Server</notes>
|
||||
<packageUrl regex="true">^pkg:maven/com\.datastax\.cassandra/cassandra\-driver\-extras@.*$</packageUrl>
|
||||
<cve>CVE-2020-17516</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2019-2684 applies to Apache Cassandra Server</notes>
|
||||
<packageUrl regex="true">^pkg:maven/com\.datastax\.cassandra/cassandra\-driver\-extras@.*$</packageUrl>
|
||||
<cve>CVE-2019-2684</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2020-13946 applies to Apache Cassandra Server</notes>
|
||||
<packageUrl regex="true">^pkg:maven/com\.datastax\.cassandra/cassandra\-driver\-extras@.*$</packageUrl>
|
||||
<cve>CVE-2020-13946</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>CVE-2019-10172 applies to Jackson 1 XmlMapper not JSON mapper used in Ranger plugins</notes>
|
||||
<packageUrl regex="true">^pkg:maven/org\.codehaus\.jackson/jackson\-mapper\-asl@.*$</packageUrl>
|
||||
<cve>CVE-2019-10172</cve>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>Bundled versions of jQuery DataTables are not used</notes>
|
||||
<packageUrl regex="true">^pkg:javascript/jquery\.datatables@.*$</packageUrl>
|
||||
<vulnerabilityName>prototype pollution</vulnerabilityName>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes>Bundled versions of jQuery DataTables are not used</notes>
|
||||
<packageUrl regex="true">^pkg:javascript/jquery\.datatables@.*$</packageUrl>
|
||||
<vulnerabilityName>possible XSS</vulnerabilityName>
|
||||
</suppress>
|
||||
</suppressions>
|
||||
|
|
|
|||
|
|
@ -59,18 +59,6 @@
|
|||
<artifactId>hadoop-client-runtime</artifactId>
|
||||
<version>${hadoop.version}</version>
|
||||
</dependency>
|
||||
<!-- Override ZooKeeper from accumulo-core -->
|
||||
<dependency>
|
||||
<groupId>org.apache.zookeeper</groupId>
|
||||
<artifactId>zookeeper</artifactId>
|
||||
<version>${zookeeper.version}</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>ch.qos.logback</groupId>
|
||||
<artifactId>logback-classic</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.accumulo</groupId>
|
||||
<artifactId>accumulo-core</artifactId>
|
||||
|
|
|
|||
|
|
@ -67,6 +67,12 @@
|
|||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<!-- Override grpc-context from Asana -->
|
||||
<dependency>
|
||||
<groupId>io.grpc</groupId>
|
||||
<artifactId>grpc-context</artifactId>
|
||||
<version>1.59.0</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -117,6 +117,12 @@
|
|||
<artifactId>guava</artifactId>
|
||||
<version>${guava.version}</version>
|
||||
</dependency>
|
||||
<!-- Override Jettison from Atlas -->
|
||||
<dependency>
|
||||
<groupId>org.codehaus.jettison</groupId>
|
||||
<artifactId>jettison</artifactId>
|
||||
<version>1.5.4</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@
|
|||
<packaging>pom</packaging>
|
||||
|
||||
<properties>
|
||||
<azure.sdk.bom.version>1.2.16</azure.sdk.bom.version>
|
||||
<azure.sdk.bom.version>1.2.17</azure.sdk.bom.version>
|
||||
<msal4j.version>1.13.10</msal4j.version>
|
||||
<qpid.proton.version>0.34.1</qpid.proton.version>
|
||||
</properties>
|
||||
|
|
|
|||
|
|
@ -34,4 +34,15 @@
|
|||
<module>nifi-box-services-api</module>
|
||||
<module>nifi-box-services-nar</module>
|
||||
</modules>
|
||||
|
||||
<dependencyManagement>
|
||||
<dependencies>
|
||||
<!-- Override jose4j 0.9.0 from box-java-sdk -->
|
||||
<dependency>
|
||||
<groupId>org.bitbucket.b_c</groupId>
|
||||
<artifactId>jose4j</artifactId>
|
||||
<version>0.9.3</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -475,11 +475,6 @@
|
|||
<artifactId>metrics-core</artifactId>
|
||||
<version>4.2.19</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.zookeeper</groupId>
|
||||
<artifactId>zookeeper</artifactId>
|
||||
<version>${zookeeper.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.curator</groupId>
|
||||
<artifactId>curator-framework</artifactId>
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@
|
|||
<packaging>pom</packaging>
|
||||
|
||||
<properties>
|
||||
<google.libraries.version>26.22.0</google.libraries.version>
|
||||
<google.libraries.version>26.25.0</google.libraries.version>
|
||||
</properties>
|
||||
|
||||
<dependencyManagement>
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@
|
|||
<gremlin.version>3.7.0</gremlin.version>
|
||||
<janusgraph.version>0.6.3</janusgraph.version>
|
||||
<guava.version>32.1.2-jre</guava.version>
|
||||
<amqp-client.version>5.19.0</amqp-client.version>
|
||||
</properties>
|
||||
<dependencyManagement>
|
||||
<dependencies>
|
||||
|
|
@ -54,6 +55,12 @@
|
|||
<artifactId>guava</artifactId>
|
||||
<version>${guava.version}</version>
|
||||
</dependency>
|
||||
<!-- Override AMQP Client from JanusGraph -->
|
||||
<dependency>
|
||||
<groupId>com.rabbitmq</groupId>
|
||||
<artifactId>amqp-client</artifactId>
|
||||
<version>${amqp-client.version}</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
<dependencies>
|
||||
|
|
|
|||
|
|
@ -26,41 +26,28 @@
|
|||
<packaging>jar</packaging>
|
||||
|
||||
<dependencies>
|
||||
<!-- Internal dependencies -->
|
||||
|
||||
<dependency>
|
||||
<groupId>org.apache.nifi</groupId>
|
||||
<artifactId>nifi-hazelcast-services-api</artifactId>
|
||||
<version>2.0.0-SNAPSHOT</version>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.apache.nifi</groupId>
|
||||
<artifactId>nifi-utils</artifactId>
|
||||
<version>2.0.0-SNAPSHOT</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.apache.nifi</groupId>
|
||||
<artifactId>nifi-distributed-cache-client-service-api</artifactId>
|
||||
</dependency>
|
||||
|
||||
<!-- External dependencies -->
|
||||
|
||||
<dependency>
|
||||
<groupId>com.hazelcast</groupId>
|
||||
<artifactId>hazelcast</artifactId>
|
||||
<version>5.3.2</version>
|
||||
<version>5.3.5</version>
|
||||
</dependency>
|
||||
|
||||
<!-- Test dependencies -->
|
||||
|
||||
<dependency>
|
||||
<groupId>org.apache.nifi</groupId>
|
||||
<artifactId>nifi-mock</artifactId>
|
||||
<version>2.0.0-SNAPSHOT</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -99,6 +99,12 @@
|
|||
<artifactId>guava</artifactId>
|
||||
<version>32.1.2-jre</version>
|
||||
</dependency>
|
||||
<!-- Override Jettison from Hive -->
|
||||
<dependency>
|
||||
<groupId>org.codehaus.jettison</groupId>
|
||||
<artifactId>jettison</artifactId>
|
||||
<version>1.5.4</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
<dependencies>
|
||||
|
|
|
|||
|
|
@ -144,6 +144,27 @@
|
|||
<groupId>org.eclipse.jetty.websocket</groupId>
|
||||
<artifactId>websocket-client</artifactId>
|
||||
</exclusion>
|
||||
<!-- Exclude HBase -->
|
||||
<exclusion>
|
||||
<groupId>org.apache.hbase</groupId>
|
||||
<artifactId>hbase-common</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>org.apache.hbase</groupId>
|
||||
<artifactId>hbase-client</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>org.apache.hbase</groupId>
|
||||
<artifactId>hbase-mapreduce</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>org.apache.hbase</groupId>
|
||||
<artifactId>hbase-hadoop2-compat</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>org.apache.hbase</groupId>
|
||||
<artifactId>hbase-hadoop-compat</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
|
|
|||
|
|
@ -58,6 +58,17 @@
|
|||
<artifactId>calcite-core</artifactId>
|
||||
<version>${calcite.version}</version>
|
||||
</dependency>
|
||||
<!-- Override Commons Compiler 3.1.9 from calcite-core -->
|
||||
<dependency>
|
||||
<groupId>org.codehaus.janino</groupId>
|
||||
<artifactId>commons-compiler</artifactId>
|
||||
<version>3.1.10</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.codehaus.janino</groupId>
|
||||
<artifactId>janino</artifactId>
|
||||
<version>3.1.10</version>
|
||||
</dependency>
|
||||
<!-- Override Apache Calcite Avatica subproject version for Hive 3 -->
|
||||
<dependency>
|
||||
<groupId>org.apache.calcite.avatica</groupId>
|
||||
|
|
@ -76,18 +87,6 @@
|
|||
<artifactId>derby</artifactId>
|
||||
<version>${derby.version}</version>
|
||||
</dependency>
|
||||
<!-- Override zookeeper -->
|
||||
<dependency>
|
||||
<groupId>org.apache.zookeeper</groupId>
|
||||
<artifactId>zookeeper</artifactId>
|
||||
<version>${zookeeper.version}</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>ch.qos.logback</groupId>
|
||||
<artifactId>logback-classic</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<!-- Override ant -->
|
||||
<dependency>
|
||||
<groupId>org.apache.ant</groupId>
|
||||
|
|
@ -105,6 +104,12 @@
|
|||
<artifactId>nimbus-jose-jwt</artifactId>
|
||||
<version>9.33</version>
|
||||
</dependency>
|
||||
<!-- Override Groovy from hive-exec -->
|
||||
<dependency>
|
||||
<groupId>org.codehaus.groovy</groupId>
|
||||
<artifactId>groovy-all</artifactId>
|
||||
<version>2.4.21</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
|
||||
|
|
|
|||
|
|
@ -186,6 +186,14 @@
|
|||
<groupId>org.apache.hbase</groupId>
|
||||
<artifactId>hbase-client</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>org.apache.hbase</groupId>
|
||||
<artifactId>hbase-mapreduce</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>org.apache.hbase</groupId>
|
||||
<artifactId>hbase-hadoop2-compat</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>co.cask.tephra</groupId>
|
||||
<artifactId>tephra-api</artifactId>
|
||||
|
|
|
|||
|
|
@ -64,18 +64,6 @@
|
|||
<artifactId>derby</artifactId>
|
||||
<version>${derby.version}</version>
|
||||
</dependency>
|
||||
<!-- Override zookeeper -->
|
||||
<dependency>
|
||||
<groupId>org.apache.zookeeper</groupId>
|
||||
<artifactId>zookeeper</artifactId>
|
||||
<version>${zookeeper.version}</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>ch.qos.logback</groupId>
|
||||
<artifactId>logback-classic</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<!-- Override ant -->
|
||||
<dependency>
|
||||
<groupId>org.apache.ant</groupId>
|
||||
|
|
@ -116,6 +104,12 @@
|
|||
<artifactId>guava</artifactId>
|
||||
<version>32.1.2-jre</version>
|
||||
</dependency>
|
||||
<!-- Override Groovy from hive-exec -->
|
||||
<dependency>
|
||||
<groupId>org.codehaus.groovy</groupId>
|
||||
<artifactId>groovy-all</artifactId>
|
||||
<version>2.4.21</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -37,12 +37,6 @@
|
|||
|
||||
<dependencyManagement>
|
||||
<dependencies>
|
||||
<!-- Override zookeeper -->
|
||||
<dependency>
|
||||
<groupId>org.apache.zookeeper</groupId>
|
||||
<artifactId>zookeeper</artifactId>
|
||||
<version>${zookeeper.version}</version>
|
||||
</dependency>
|
||||
<!-- Override commons-beanutils -->
|
||||
<dependency>
|
||||
<groupId>commons-beanutils</groupId>
|
||||
|
|
@ -96,6 +90,12 @@
|
|||
<artifactId>guava</artifactId>
|
||||
<version>32.1.2-jre</version>
|
||||
</dependency>
|
||||
<!-- Override Jettison from Ranger -->
|
||||
<dependency>
|
||||
<groupId>org.codehaus.jettison</groupId>
|
||||
<artifactId>jettison</artifactId>
|
||||
<version>1.5.4</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@
|
|||
<dependency>
|
||||
<groupId>org.apache.camel</groupId>
|
||||
<artifactId>camel-salesforce</artifactId>
|
||||
<version>3.14.5</version>
|
||||
<version>3.14.9</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>*</groupId>
|
||||
|
|
|
|||
|
|
@ -65,18 +65,6 @@
|
|||
<artifactId>nimbus-jose-jwt</artifactId>
|
||||
<version>9.33</version>
|
||||
</dependency>
|
||||
<!-- Override zookeeper -->
|
||||
<dependency>
|
||||
<groupId>org.apache.zookeeper</groupId>
|
||||
<artifactId>zookeeper</artifactId>
|
||||
<version>${zookeeper.version}</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>ch.qos.logback</groupId>
|
||||
<artifactId>logback-classic</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
|
||||
|
|
|
|||
|
|
@ -41,6 +41,17 @@
|
|||
<artifactId>guava</artifactId>
|
||||
<version>${guava.version}</version>
|
||||
</dependency>
|
||||
<!-- Override Commons Compiler 3.1.9 from calcite-core -->
|
||||
<dependency>
|
||||
<groupId>org.codehaus.janino</groupId>
|
||||
<artifactId>commons-compiler</artifactId>
|
||||
<version>3.1.10</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.codehaus.janino</groupId>
|
||||
<artifactId>janino</artifactId>
|
||||
<version>3.1.10</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -274,6 +274,17 @@
|
|||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<!-- Override Commons Compiler 3.1.9 from calcite-core -->
|
||||
<dependency>
|
||||
<groupId>org.codehaus.janino</groupId>
|
||||
<artifactId>commons-compiler</artifactId>
|
||||
<version>3.1.10</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.codehaus.janino</groupId>
|
||||
<artifactId>janino</artifactId>
|
||||
<version>3.1.10</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.sshd</groupId>
|
||||
<artifactId>sshd-core</artifactId>
|
||||
|
|
|
|||
|
|
@ -113,6 +113,10 @@
|
|||
<groupId>jdk.tools</groupId>
|
||||
<artifactId>jdk.tools</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>org.apache.htrace</groupId>
|
||||
<artifactId>htrace-core4</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
|
|
|||
|
|
@ -62,18 +62,6 @@
|
|||
<artifactId>commons-beanutils</artifactId>
|
||||
<version>1.9.4</version>
|
||||
</dependency>
|
||||
<!-- Override zookeeper -->
|
||||
<dependency>
|
||||
<groupId>org.apache.zookeeper</groupId>
|
||||
<artifactId>zookeeper</artifactId>
|
||||
<version>${zookeeper.version}</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>ch.qos.logback</groupId>
|
||||
<artifactId>logback-classic</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<!-- Override nimbus-jose-jwt 9.8.1 from hadoop-auth -->
|
||||
<dependency>
|
||||
<groupId>com.nimbusds</groupId>
|
||||
|
|
|
|||
|
|
@ -48,12 +48,6 @@
|
|||
<artifactId>jetty-webapp</artifactId>
|
||||
<version>${jetty.version}</version>
|
||||
</dependency>
|
||||
<!-- Override zookeeper -->
|
||||
<dependency>
|
||||
<groupId>org.apache.zookeeper</groupId>
|
||||
<artifactId>zookeeper</artifactId>
|
||||
<version>${zookeeper.version}</version>
|
||||
</dependency>
|
||||
<!-- Override SolrJ 8.6.3 from Ranger -->
|
||||
<dependency>
|
||||
<groupId>org.apache.solr</groupId>
|
||||
|
|
|
|||
22
pom.xml
22
pom.xml
|
|
@ -106,7 +106,7 @@
|
|||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
||||
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
|
||||
<inceptionYear>2014</inceptionYear>
|
||||
<com.amazonaws.version>1.12.550</com.amazonaws.version>
|
||||
<com.amazonaws.version>1.12.573</com.amazonaws.version>
|
||||
<software.amazon.awssdk.version>2.20.148</software.amazon.awssdk.version>
|
||||
<gson.version>2.10.1</gson.version>
|
||||
<io.fabric8.kubernetes.client.version>6.8.1</io.fabric8.kubernetes.client.version>
|
||||
|
|
@ -140,7 +140,7 @@
|
|||
<ozone.version>1.2.1</ozone.version>
|
||||
<gcs.version>2.1.5</gcs.version>
|
||||
<aspectj.version>1.9.20.1</aspectj.version>
|
||||
<jersey.bom.version>2.40</jersey.bom.version>
|
||||
<jersey.bom.version>2.41</jersey.bom.version>
|
||||
<log4j2.version>2.20.0</log4j2.version>
|
||||
<logback.version>1.3.11</logback.version>
|
||||
<mockito.version>5.5.0</mockito.version>
|
||||
|
|
@ -706,6 +706,22 @@
|
|||
<artifactId>caffeine</artifactId>
|
||||
<version>${caffeine.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.zookeeper</groupId>
|
||||
<artifactId>zookeeper</artifactId>
|
||||
<version>${zookeeper.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.zookeeper</groupId>
|
||||
<artifactId>zookeeper-jute</artifactId>
|
||||
<version>${zookeeper.version}</version>
|
||||
</dependency>
|
||||
<!-- Managed JUnit 4 version for transitive dependencies such as OkHttp MockWebServer -->
|
||||
<dependency>
|
||||
<groupId>junit</groupId>
|
||||
<artifactId>junit</artifactId>
|
||||
<version>4.13.2</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
|
||||
|
|
@ -1259,7 +1275,7 @@
|
|||
<plugin>
|
||||
<groupId>org.owasp</groupId>
|
||||
<artifactId>dependency-check-maven</artifactId>
|
||||
<version>8.4.0</version>
|
||||
<version>8.4.2</version>
|
||||
<executions>
|
||||
<execution>
|
||||
<inherited>false</inherited>
|
||||
|
|
|
|||
Loading…
Reference in New Issue