diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml new file mode 100644 index 0000000000..1829c157ad --- /dev/null +++ b/.github/workflows/dependency-check.yml @@ -0,0 +1,70 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +name: dependency-check + +on: + schedule: + - cron: "0 3 * * *" + push: + paths: + - '**/pom.xml' + pull_request: + paths: + - '**/pom.xml' + +env: + DEFAULT_MAVEN_OPTS: >- + -Dorg.slf4j.simpleLogger.defaultLogLevel=WARN + -Daether.connector.http.retryHandler.count=5 + -Daether.connector.http.connectionMaxTtl=30 + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + build: + timeout-minutes: 30 + runs-on: ubuntu-latest + name: Dependency Check + steps: + - name: Checkout Code + uses: actions/checkout@v4 + - name: Set up Java Zulu 21 + uses: actions/setup-java@v3 + with: + distribution: 'zulu' + java-version: 21 + cache: 'maven' + - name: Run Dependency Check + env: + MAVEN_OPTS: >- + ${{ env.DEFAULT_MAVEN_OPTS }} + run: > + ./mvnw + --no-transfer-progress + --activate-profiles dependency-check + validate + - name: Upload Report + uses: actions/upload-artifact@v3 + with: + name: dependency-check-report + path: | + target/dependency-check-report.html + retention-days: 7 diff --git a/README.md b/README.md index 7dd6d29605..99a82f0449 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ [![system-tests](https://github.com/apache/nifi/workflows/system-tests/badge.svg)](https://github.com/apache/nifi/actions/workflows/system-tests.yml) [![integration-tests](https://github.com/apache/nifi/actions/workflows/integration-tests.yml/badge.svg)](https://github.com/apache/nifi/actions/workflows/integration-tests.yml) [![docker-tests](https://github.com/apache/nifi/actions/workflows/docker-tests.yml/badge.svg)](https://github.com/apache/nifi/actions/workflows/docker-tests.yml) +[![dependency-check](https://github.com/apache/nifi/workflows/dependency-check/badge.svg)](https://github.com/apache/nifi/actions/workflows/dependency-check.yml) [![Docker pulls](https://img.shields.io/docker/pulls/apache/nifi.svg)](https://hub.docker.com/r/apache/nifi/) [![Version](https://img.shields.io/maven-central/v/org.apache.nifi/nifi-utils.svg)](https://nifi.apache.org/download.html) [![Slack](https://img.shields.io/badge/chat-on%20Slack-brightgreen.svg)](https://s.apache.org/nifi-community-slack) diff --git a/minifi/minifi-c2/minifi-c2-assembly/pom.xml b/minifi/minifi-c2/minifi-c2-assembly/pom.xml index 2e47aeeb87..b4da037915 100644 --- a/minifi/minifi-c2/minifi-c2-assembly/pom.xml +++ b/minifi/minifi-c2/minifi-c2-assembly/pom.xml @@ -155,6 +155,13 @@ limitations under the License. org.glassfish.jersey.containers jersey-container-jetty-http + + + + org.eclipse.jetty + jetty-continuation + + org.glassfish.jersey.containers diff --git a/minifi/pom.xml b/minifi/pom.xml index ad9ff08f71..e927eae4d2 100644 --- a/minifi/pom.xml +++ b/minifi/pom.xml @@ -451,6 +451,18 @@ limitations under the License. guava 32.1.2-jre + + + + org.codehaus.janino + commons-compiler + 3.1.10 + + + org.codehaus.janino + janino + 3.1.10 + diff --git a/nifi-commons/nifi-calcite-utils/pom.xml b/nifi-commons/nifi-calcite-utils/pom.xml index d0a50f5758..833090ec58 100644 --- a/nifi-commons/nifi-calcite-utils/pom.xml +++ b/nifi-commons/nifi-calcite-utils/pom.xml @@ -25,6 +25,22 @@ nifi-calcite-utils nifi-calcite-utils + + + + + org.codehaus.janino + commons-compiler + 3.1.10 + + + org.codehaus.janino + janino + 3.1.10 + + + + org.apache.nifi diff --git a/nifi-commons/nifi-property-protection-azure/pom.xml b/nifi-commons/nifi-property-protection-azure/pom.xml index 253526fbf1..6647442064 100644 --- a/nifi-commons/nifi-property-protection-azure/pom.xml +++ b/nifi-commons/nifi-property-protection-azure/pom.xml @@ -26,7 +26,7 @@ com.azure azure-sdk-bom - 1.2.16 + 1.2.17 import pom diff --git a/nifi-commons/nifi-property-protection-gcp/pom.xml b/nifi-commons/nifi-property-protection-gcp/pom.xml index 55c422712f..cde1db53d7 100644 --- a/nifi-commons/nifi-property-protection-gcp/pom.xml +++ b/nifi-commons/nifi-property-protection-gcp/pom.xml @@ -22,7 +22,7 @@ nifi-property-protection-gcp - 26.17.0 + 26.25.0 32.1.2-jre diff --git a/nifi-dependency-check-maven/suppressions.xml b/nifi-dependency-check-maven/suppressions.xml index e4e0cdac1d..4aabb50d94 100644 --- a/nifi-dependency-check-maven/suppressions.xml +++ b/nifi-dependency-check-maven/suppressions.xml @@ -34,36 +34,6 @@ ^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$ CVE-2020-5408 - - Apache Hive vulnerabilities do not apply to Flume Hive Sink - ^pkg:maven/org\.apache\.flume\.flume\-ng\-sinks/flume\-hive\-sink@.*$ - cpe:/a:apache:hive - - - Apache Kafka vulnerabilities do not apply to Flume Kafka Sink - ^pkg:maven/org\.apache\.flume\.flume\-ng\-sinks/flume\-ng\-kafka\-sink@.*$ - cpe:/a:apache:kafka - - - Apache Kafka vulnerabilities do not apply to Flume Kafka Source - ^pkg:maven/org\.apache\.flume\.flume\-ng\-sources/flume\-kafka\-source@.*$ - cpe:/a:apache:kafka - - - Apache Kafka vulnerabilities do not apply to Flume Shared Kafka - ^pkg:maven/org\.apache\.flume\.flume\-shared/flume\-shared\-kafka@.*$ - cpe:/a:apache:kafka - - - Apache HBase vulnerabilities do not apply to Flume HBase Sink - ^pkg:maven/org\.apache\.flume\.flume\-ng\-sinks/flume\-ng\-hbase\-sink@.*$ - cpe:/a:apache:hbase - - - Apache Solr vulnerabilities do not apply to Flume Solr Sink - ^pkg:maven/org\.apache\.flume\.flume\-ng\-sinks/flume\-ng\-morphline\-solr\-sink@.*$ - cpe:/a:apache:solr - CVE-2017-10355 does not apply to Xerces 2.12.2 ^pkg:maven/xerces/xercesImpl@.*$ @@ -74,26 +44,11 @@ ^pkg:maven/org\.apache\.calcite\/calcite-druid@.*$ CVE-2020-13955 - - CVE-2018-8025 applies to HBase Server not HBase Client - ^pkg:maven/org\.apache\.hbase/hbase\-client@.*$ - CVE-2018-8025 - - - CVE-2019-0212 applies to HBase Server not HBase Client - ^pkg:maven/org\.apache\.hbase/hbase\-client@.*$ - CVE-2019-0212 - CVE-2007-6465 applies to Ganglia Server not Ganglia client libraries ^pkg:maven/com\.yammer\.metrics/metrics\-ganglia@.*$ CVE-2007-6465 - - CVE-2021-43045 applies to the Apache Avro .NET SDK and not to the Java SDK - ^pkg:maven/org\.apache\.avro/avro@.*$ - CVE-2021-43045 - CVE-2022-31159 applies to AWS S3 library not the SWF libraries ^pkg:maven/com\.amazonaws/aws\-java\-sdk\-swf\-libraries@.*$ @@ -114,16 +69,6 @@ ^pkg:maven/org\.elasticsearch/elasticsearch@7.*$ ^cpe:/a:elastic.*$ - - Elasticsearch Server CVE-2020-7009 does not apply to elasticsearch client libraries - ^pkg:maven/org\.elasticsearch/elasticsearch.*$ - CVE-2020-7009 - - - Elasticsearch Server CVE-2020-7014 does not apply to elasticsearch client libraries - ^pkg:maven/org\.elasticsearch/elasticsearch.*$ - CVE-2020-7014 - CVE-2021-22145 applies to Elasticsearch Server not client libraries ^pkg:maven/org\.elasticsearch/elasticsearch@.*$ @@ -154,11 +99,6 @@ ^pkg:maven/org\.apache\.calcite/calcite\-druid@.*$ CVE-2022-39135 - - CVE-2018-1000873 applies to Jackson Java 8 Time modules not Jackson Annotations - ^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-annotations@.*$ - CVE-2018-1000873 - CVE-2010-1151 applies to mod_auth_shadow in Apache HTTP Server not the FTP server library ^pkg:maven/org\.apache\.ftpserver/.*$ @@ -204,31 +144,11 @@ ^pkg:maven/org\.apache\.hive/hive\-storage\-api@.*$ CVE-2021-34538 - - CVE-2018-8025 applies to HBase server not the shaded libraries - ^pkg:maven/org\.apache\.hbase\.thirdparty/hbase\-shaded\-.*$ - CVE-2018-8025 - - - CVE-2018-8025 applies to HBase Server not HBase libraries - ^pkg:maven/org\.apache\.hbase/hbase\-.*$ - CVE-2018-8025 - - - CVE-2019-0212 applies to HBase Server not HBase libraries - ^pkg:maven/org\.apache\.hbase/hbase\-.*$ - CVE-2019-0212 - Hadoop vulnerabilities do not apply to HBase Hadoop2 compatibility library ^pkg:maven/org\.apache\.hbase/hbase\-hadoop2\-compat@.*$ cpe:/a:apache:hadoop - - CVE-2022-45688 applies to hutools-json not org.json - ^pkg:maven/org\.json/json@.*$ - CVE-2022-45688 - The Jackson maintainers dispute the applicability of CVE-2023-35116 based on cyclic nature of reported concern ^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$ @@ -259,4 +179,269 @@ ^pkg:maven/io\.netty/netty.*?@.*$ CVE-2022-41915 + + CVE-2023-34462 applies to Netty servers using SniHandler not Netty 4.1 shaded for Couchbase and HBase 2 + ^pkg:maven/io\.netty/netty.*$ + CVE-2023-34462 + + + The Square Wire framework is not the same as the Wire secure communication application + ^pkg:maven/com\.squareup\.wire/.*$ + cpe:/a:wire:wire + + + CVE-2023-44487 applies to Solr Server not Solr client libraries + ^pkg:maven/org\.apache\.solr/solr\-solrj@.*$ + CVE-2023-44487 + + + Quartz maintainers dispute CVE-2023-39017 because it requires code injection from external users + ^pkg:maven/org\.quartz\-scheduler/quartz@.*$ + CVE-2023-39017 + + + Avro project vulnerabilities do not apply to Parquet Avro + ^pkg:maven/org\.apache\.parquet/parquet\-avro@.*$ + cpe:/a:avro_project:avro + + + CVE-2023-4759 is resolved in 6.7.0 which is already upgraded in nifi-registry + ^pkg:maven/org\.eclipse\.jgit/.*$ + CVE-2023-4759 + + + CVE-2023-4586 is resolved in Netty 4.1.100 which is already upgraded + ^pkg:maven/io\.netty/netty.*$ + CVE-2023-4586 + + + CVE-2023-35887 applies to MINA SSHD not MINA core libraries + ^pkg:maven/org\.apache\.mina/mina\-core@.*$ + CVE-2023-35887 + + + CVE-2016-5397 applies to Apache Thrift Go not Java + ^pkg:maven/org\.apache\.thrift/libthrift@.*$ + CVE-2016-5397 + + + CVE-2019-0210 applies to Apache Thrift Go server not Java + ^pkg:maven/org\.apache\.thrift/libthrift@.*$ + CVE-2019-0210 + + + CVE-2018-11798 applies Apache Thrift Node.js not Java + ^pkg:maven/org\.apache\.thrift/libthrift@.*$ + CVE-2018-11798 + + + CVE-2019-11939 applies to Thrift Servers in Go not Java + ^pkg:maven/org\.apache\.thrift/libfb303@.*$ + CVE-2019-11939 + + + CVE-2019-3552 applies to Thrift Servers in CPP not Java + ^pkg:maven/org\.apache\.thrift/libfb303@.*$ + CVE-2019-3552 + + + CVE-2019-3553 applies to Thrift Servers in CPP not Java + ^pkg:maven/org\.apache\.thrift/libfb303@.*$ + CVE-2019-3553 + + + CVE-2019-3558 applies to Thrift Servers in Python not Java + ^pkg:maven/org\.apache\.thrift/libfb303@.*$ + CVE-2019-3558 + + + CVE-2019-3564 applies to Thrift Servers in Go not Java + ^pkg:maven/org\.apache\.thrift/libfb303@.*$ + CVE-2019-3564 + + + CVE-2019-3565 applies to Thrift Servers in CPP not Java + ^pkg:maven/org\.apache\.thrift/libfb303@.*$ + CVE-2019-3565 + + + CVE-2021-24028 applies to Facebook Thrift CPP + ^pkg:maven/org\.apache\.thrift/libfb303@.*$ + CVE-2021-24028 + + + CVE-2019-11938 applies to Facebook Thrift Servers + ^pkg:maven/org\.apache\.thrift/libfb303@.*$ + CVE-2019-11938 + + + CVE-2019-3559 applies to Facebook Thrift Servers + ^pkg:maven/org\.apache\.thrift/libfb303@.*$ + CVE-2019-3559 + + + CVE-2023-36479 was resolved in Jetty 10.0.16 + ^pkg:maven/org\.eclipse\.jetty/jetty\-servlets@.*$ + CVE-2023-36479 + + + The jetty-servlet-api is versioned according to the Java Servlet API version not the Jetty version + ^pkg:maven/org\.eclipse\.jetty\.toolchain/jetty\-servlet\-api@.*$ + cpe:/a:eclipse:jetty + + + CVE-2023-31419 applies to Elasticsearch Server not client libraries + ^pkg:maven/org\.elasticsearch/elasticsearch@.*$ + CVE-2023-31419 + + + CVE-2023-37475 applies to Hamba Avro in Go not Apache Avro for Java + ^pkg:maven/org\.apache\.avro/.*$ + CVE-2023-37475 + + + CVE-2023-45860 is resolved in Hazelcast 5.3.5 + ^pkg:maven/com\.hazelcast/hazelcast@.*$ + CVE-2023-45860 + + + CVE-2023-36414 applies to Azure Identity for .NET not Java + ^pkg:maven/com\.azure/azure\-identity@.*$ + CVE-2023-36414 + + + CVE-2023-36415 applies to Azure Identity for Python not Java + ^pkg:maven/com\.azure/azure\-identity@.*$ + CVE-2023-36415 + + + CVE-2020-13949 applies to Thrift and not to Hive + ^pkg:maven/org\.apache\.hive.*$ + CVE-2020-13949 + + + CVE-2023-44487 applies to netty-codec-http2 as a Server + ^pkg:maven/io\.netty/netty.*$ + CVE-2023-44487 + + + Parquet MR vulnerabilities do not apply to other Parquet libraries + ^pkg:maven/org\.apache\.parquet/parquet\-(?!mr).*$ + cpe:/a:apache:parquet-mr + + + Apache Hadoop vulnerabilities do not apply to Parquet Hadoop Bundle library + ^pkg:maven/org\.apache\.parquet/parquet\-hadoop\-bundle@.*$ + cpe:/a:apache:hadoop + + + CVE-2017-7525 applies to Jackson 2 not Jackson 1 + ^pkg:maven/org\.codehaus\.jackson/jackson\-mapper\-asl@.*$ + CVE-2017-7525 + + + CVE-2019-11358 applies to bundled copies of jQuery not used in the project + ^pkg:javascript/jquery@.*$ + CVE-2019-11358 + + + CVE-2020-11022 applies to bundled copies of jQuery not used in the project + ^pkg:javascript/jquery@.*$ + CVE-2020-11022 + + + CVE-2020-11023 applies to bundled copies of jQuery not used in the project + ^pkg:javascript/jquery@.*$ + CVE-2020-11023 + + + CVE-2020-23064 applies to bundled copies of jQuery not used in the project + ^pkg:javascript/jquery@.*$ + CVE-2020-23064 + + + CVE-2011-4969 applies to bundled copies of jQUery not used in the project + ^pkg:javascript/jquery@.*$ + CVE-2011-4969 + + + CVE-2012-6708 applies to bundled copies of jQUery not used in the project + ^pkg:javascript/jquery@.*$ + CVE-2012-6708 + + + CVE-2015-9251 applies to bundled copies of jQUery not used in the project + ^pkg:javascript/jquery@.*$ + CVE-2015-9251 + + + CVE-2020-7656 applies to bundled copies of jQUery not used in the project + ^pkg:javascript/jquery@.*$ + CVE-2020-7656 + + + jQuery vulnerability warning for historical versions + ^pkg:javascript/jquery@.*$ + jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates + + + CVE-2020-28458 applies to bundled copies of jQuery datatables not used in the project + ^pkg:javascript/jquery\.datatables@.*$ + CVE-2020-28458 + + + CVE-2021-23445 applies to bundled copies of jQuery datatables not used in the project + ^pkg:javascript/jquery\.datatables@.*$ + CVE-2021-23445 + + + CVE-2023-44487 references gRPC for Go + ^pkg:maven/io\.grpc/grpc.*$ + CVE-2023-44487 + + + Guava temporary directory file creation is not used + ^pkg:maven/com\.google\.guava/guava@.*$ + CVE-2023-2976 + + + Guava temporary directory file creation is not used + ^pkg:maven/com\.google\.guava/guava@.*$ + CVE-2020-8908 + + + CVE-2021-44521 applies to Apache Cassandra Server + ^pkg:maven/com\.datastax\.cassandra/cassandra\-driver\-extras@.*$ + CVE-2021-44521 + + + CVE-2020-17516 applies to Apache Cassandra Server + ^pkg:maven/com\.datastax\.cassandra/cassandra\-driver\-extras@.*$ + CVE-2020-17516 + + + CVE-2019-2684 applies to Apache Cassandra Server + ^pkg:maven/com\.datastax\.cassandra/cassandra\-driver\-extras@.*$ + CVE-2019-2684 + + + CVE-2020-13946 applies to Apache Cassandra Server + ^pkg:maven/com\.datastax\.cassandra/cassandra\-driver\-extras@.*$ + CVE-2020-13946 + + + CVE-2019-10172 applies to Jackson 1 XmlMapper not JSON mapper used in Ranger plugins + ^pkg:maven/org\.codehaus\.jackson/jackson\-mapper\-asl@.*$ + CVE-2019-10172 + + + Bundled versions of jQuery DataTables are not used + ^pkg:javascript/jquery\.datatables@.*$ + prototype pollution + + + Bundled versions of jQuery DataTables are not used + ^pkg:javascript/jquery\.datatables@.*$ + possible XSS + diff --git a/nifi-nar-bundles/nifi-accumulo-bundle/pom.xml b/nifi-nar-bundles/nifi-accumulo-bundle/pom.xml index 2e77646a81..9183e65560 100644 --- a/nifi-nar-bundles/nifi-accumulo-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-accumulo-bundle/pom.xml @@ -59,18 +59,6 @@ hadoop-client-runtime ${hadoop.version} - - - org.apache.zookeeper - zookeeper - ${zookeeper.version} - - - ch.qos.logback - logback-classic - - - org.apache.accumulo accumulo-core diff --git a/nifi-nar-bundles/nifi-asana-bundle/pom.xml b/nifi-nar-bundles/nifi-asana-bundle/pom.xml index 2bb6bf792c..33a62e8d03 100644 --- a/nifi-nar-bundles/nifi-asana-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-asana-bundle/pom.xml @@ -67,6 +67,12 @@ + + + io.grpc + grpc-context + 1.59.0 + diff --git a/nifi-nar-bundles/nifi-atlas-bundle/pom.xml b/nifi-nar-bundles/nifi-atlas-bundle/pom.xml index a85cd1cf83..0fcc26de40 100644 --- a/nifi-nar-bundles/nifi-atlas-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-atlas-bundle/pom.xml @@ -117,6 +117,12 @@ guava ${guava.version} + + + org.codehaus.jettison + jettison + 1.5.4 + diff --git a/nifi-nar-bundles/nifi-azure-bundle/pom.xml b/nifi-nar-bundles/nifi-azure-bundle/pom.xml index 1a4a497285..7edc596db1 100644 --- a/nifi-nar-bundles/nifi-azure-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-azure-bundle/pom.xml @@ -27,7 +27,7 @@ pom - 1.2.16 + 1.2.17 1.13.10 0.34.1 diff --git a/nifi-nar-bundles/nifi-box-bundle/pom.xml b/nifi-nar-bundles/nifi-box-bundle/pom.xml index c4d161b4f1..9a9378082f 100644 --- a/nifi-nar-bundles/nifi-box-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-box-bundle/pom.xml @@ -34,4 +34,15 @@ nifi-box-services-api nifi-box-services-nar + + + + + + org.bitbucket.b_c + jose4j + 0.9.3 + + + diff --git a/nifi-nar-bundles/nifi-framework-bundle/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/pom.xml index 97fbd03c19..6f29f7117b 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-framework-bundle/pom.xml @@ -475,11 +475,6 @@ metrics-core 4.2.19 - - org.apache.zookeeper - zookeeper - ${zookeeper.version} - org.apache.curator curator-framework diff --git a/nifi-nar-bundles/nifi-gcp-bundle/pom.xml b/nifi-nar-bundles/nifi-gcp-bundle/pom.xml index aa6366fe25..5ef800b8ff 100644 --- a/nifi-nar-bundles/nifi-gcp-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-gcp-bundle/pom.xml @@ -27,7 +27,7 @@ pom - 26.22.0 + 26.25.0 diff --git a/nifi-nar-bundles/nifi-graph-bundle/nifi-graph-test-clients/pom.xml b/nifi-nar-bundles/nifi-graph-bundle/nifi-graph-test-clients/pom.xml index 73f9e392a6..b486344678 100644 --- a/nifi-nar-bundles/nifi-graph-bundle/nifi-graph-test-clients/pom.xml +++ b/nifi-nar-bundles/nifi-graph-bundle/nifi-graph-test-clients/pom.xml @@ -28,6 +28,7 @@ 3.7.0 0.6.3 32.1.2-jre + 5.19.0 @@ -54,6 +55,12 @@ guava ${guava.version} + + + com.rabbitmq + amqp-client + ${amqp-client.version} + diff --git a/nifi-nar-bundles/nifi-hazelcast-bundle/nifi-hazelcast-services/pom.xml b/nifi-nar-bundles/nifi-hazelcast-bundle/nifi-hazelcast-services/pom.xml index e44d3e3e02..3aa75f404f 100644 --- a/nifi-nar-bundles/nifi-hazelcast-bundle/nifi-hazelcast-services/pom.xml +++ b/nifi-nar-bundles/nifi-hazelcast-bundle/nifi-hazelcast-services/pom.xml @@ -26,41 +26,28 @@ jar - - org.apache.nifi nifi-hazelcast-services-api 2.0.0-SNAPSHOT provided - org.apache.nifi nifi-utils - 2.0.0-SNAPSHOT - org.apache.nifi nifi-distributed-cache-client-service-api - - - com.hazelcast hazelcast - 5.3.2 + 5.3.5 - - - org.apache.nifi nifi-mock - 2.0.0-SNAPSHOT - test diff --git a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive-test-utils/pom.xml b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive-test-utils/pom.xml index a3d7014abc..677498bc8d 100644 --- a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive-test-utils/pom.xml +++ b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive-test-utils/pom.xml @@ -99,6 +99,12 @@ guava 32.1.2-jre + + + org.codehaus.jettison + jettison + 1.5.4 + diff --git a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml index d142166ff3..e65295356f 100644 --- a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml +++ b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml @@ -144,6 +144,27 @@ org.eclipse.jetty.websocket websocket-client + + + org.apache.hbase + hbase-common + + + org.apache.hbase + hbase-client + + + org.apache.hbase + hbase-mapreduce + + + org.apache.hbase + hbase-hadoop2-compat + + + org.apache.hbase + hbase-hadoop-compat + diff --git a/nifi-nar-bundles/nifi-hive-bundle/pom.xml b/nifi-nar-bundles/nifi-hive-bundle/pom.xml index eec3bc6f31..a365a77157 100644 --- a/nifi-nar-bundles/nifi-hive-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-hive-bundle/pom.xml @@ -58,6 +58,17 @@ calcite-core ${calcite.version} + + + org.codehaus.janino + commons-compiler + 3.1.10 + + + org.codehaus.janino + janino + 3.1.10 + org.apache.calcite.avatica @@ -76,18 +87,6 @@ derby ${derby.version} - - - org.apache.zookeeper - zookeeper - ${zookeeper.version} - - - ch.qos.logback - logback-classic - - - org.apache.ant @@ -105,6 +104,12 @@ nimbus-jose-jwt 9.33 + + + org.codehaus.groovy + groovy-all + 2.4.21 + diff --git a/nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/pom.xml b/nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/pom.xml index 522d9f1b79..26dc70ff81 100644 --- a/nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/pom.xml +++ b/nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/pom.xml @@ -186,6 +186,14 @@ org.apache.hbase hbase-client + + org.apache.hbase + hbase-mapreduce + + + org.apache.hbase + hbase-hadoop2-compat + co.cask.tephra tephra-api diff --git a/nifi-nar-bundles/nifi-iceberg-bundle/pom.xml b/nifi-nar-bundles/nifi-iceberg-bundle/pom.xml index feb62c3e26..39840a4d82 100644 --- a/nifi-nar-bundles/nifi-iceberg-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-iceberg-bundle/pom.xml @@ -64,18 +64,6 @@ derby ${derby.version} - - - org.apache.zookeeper - zookeeper - ${zookeeper.version} - - - ch.qos.logback - logback-classic - - - org.apache.ant @@ -116,6 +104,12 @@ guava 32.1.2-jre + + + org.codehaus.groovy + groovy-all + 2.4.21 + diff --git a/nifi-nar-bundles/nifi-ranger-bundle/pom.xml b/nifi-nar-bundles/nifi-ranger-bundle/pom.xml index 7298a5458d..1cc559785f 100644 --- a/nifi-nar-bundles/nifi-ranger-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-ranger-bundle/pom.xml @@ -37,12 +37,6 @@ - - - org.apache.zookeeper - zookeeper - ${zookeeper.version} - commons-beanutils @@ -96,6 +90,12 @@ guava 32.1.2-jre + + + org.codehaus.jettison + jettison + 1.5.4 + diff --git a/nifi-nar-bundles/nifi-salesforce-bundle/nifi-salesforce-processors/pom.xml b/nifi-nar-bundles/nifi-salesforce-bundle/nifi-salesforce-processors/pom.xml index ac1210211b..d239568355 100644 --- a/nifi-nar-bundles/nifi-salesforce-bundle/nifi-salesforce-processors/pom.xml +++ b/nifi-nar-bundles/nifi-salesforce-bundle/nifi-salesforce-processors/pom.xml @@ -49,7 +49,7 @@ org.apache.camel camel-salesforce - 3.14.5 + 3.14.9 * diff --git a/nifi-nar-bundles/nifi-spark-bundle/pom.xml b/nifi-nar-bundles/nifi-spark-bundle/pom.xml index 324214b04b..1c2cf7089b 100644 --- a/nifi-nar-bundles/nifi-spark-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-spark-bundle/pom.xml @@ -65,18 +65,6 @@ nimbus-jose-jwt 9.33 - - - org.apache.zookeeper - zookeeper - ${zookeeper.version} - - - ch.qos.logback - logback-classic - - - diff --git a/nifi-nar-bundles/nifi-sql-reporting-bundle/pom.xml b/nifi-nar-bundles/nifi-sql-reporting-bundle/pom.xml index 08360e830f..f405f42bc6 100644 --- a/nifi-nar-bundles/nifi-sql-reporting-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-sql-reporting-bundle/pom.xml @@ -41,6 +41,17 @@ guava ${guava.version} + + + org.codehaus.janino + commons-compiler + 3.1.10 + + + org.codehaus.janino + janino + 3.1.10 + diff --git a/nifi-nar-bundles/nifi-standard-bundle/pom.xml b/nifi-nar-bundles/nifi-standard-bundle/pom.xml index 9dcbcf2f64..bc090c6efe 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-standard-bundle/pom.xml @@ -274,6 +274,17 @@ + + + org.codehaus.janino + commons-compiler + 3.1.10 + + + org.codehaus.janino + janino + 3.1.10 + org.apache.sshd sshd-core diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/nifi-hbase_2-client-service/pom.xml b/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/nifi-hbase_2-client-service/pom.xml index 256164380b..ae1dae946a 100644 --- a/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/nifi-hbase_2-client-service/pom.xml +++ b/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/nifi-hbase_2-client-service/pom.xml @@ -113,6 +113,10 @@ jdk.tools jdk.tools + + org.apache.htrace + htrace-core4 + diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/pom.xml b/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/pom.xml index b9fa810df4..3dae76fc5a 100644 --- a/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/pom.xml @@ -62,18 +62,6 @@ commons-beanutils 1.9.4 - - - org.apache.zookeeper - zookeeper - ${zookeeper.version} - - - ch.qos.logback - logback-classic - - - com.nimbusds diff --git a/nifi-registry/nifi-registry-extensions/nifi-registry-ranger/pom.xml b/nifi-registry/nifi-registry-extensions/nifi-registry-ranger/pom.xml index 9f3351e696..8f5b872243 100644 --- a/nifi-registry/nifi-registry-extensions/nifi-registry-ranger/pom.xml +++ b/nifi-registry/nifi-registry-extensions/nifi-registry-ranger/pom.xml @@ -48,12 +48,6 @@ jetty-webapp ${jetty.version} - - - org.apache.zookeeper - zookeeper - ${zookeeper.version} - org.apache.solr diff --git a/pom.xml b/pom.xml index e21dcfb6a9..7f37c85447 100644 --- a/pom.xml +++ b/pom.xml @@ -106,7 +106,7 @@ UTF-8 UTF-8 2014 - 1.12.550 + 1.12.573 2.20.148 2.10.1 6.8.1 @@ -140,7 +140,7 @@ 1.2.1 2.1.5 1.9.20.1 - 2.40 + 2.41 2.20.0 1.3.11 5.5.0 @@ -706,6 +706,22 @@ caffeine ${caffeine.version} + + org.apache.zookeeper + zookeeper + ${zookeeper.version} + + + org.apache.zookeeper + zookeeper-jute + ${zookeeper.version} + + + + junit + junit + 4.13.2 + @@ -1259,7 +1275,7 @@ org.owasp dependency-check-maven - 8.4.0 + 8.4.2 false