Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,726 Commits 146 Branches 201 Tags 404 MiB
Commit Graph

33 Commits

Author SHA1 Message Date
exceptionfactory 68a885d390
NIFI-13148 Excluded unused xmlunit dependency from nifi-registry-test 
This closes #8750.

- Updated OWASP Dependency Check Suppression configuration to remove non-applicable suppressions

Signed-off-by: Joseph Witt <joewitt@apache.org>
 2024-05-06 09:40:13 -07:00
exceptionfactory 358e4cb451
NIFI-12955 Updated OWASP Dependency Check Suppressions 
- Removed unused suppressions
- Added suppressions for Clojure and Hadoop shaded libraries

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #8570.
 2024-03-27 10:34:20 +01:00
exceptionfactory d9bcc8b496
NIFI-12920 Removed nifi-cassandra-bundle 
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #8531.
 2024-03-19 08:49:15 +01:00
exceptionfactory 4d5f33804b
NIFI-12765 Removed Apache Ranger modules 
This closes #8389

- Removed nifi-ranger-bundle modules
- Removed nifi-registry-ranger modules

Signed-off-by: Joseph Witt <joewitt@apache.org>
 2024-02-14 17:11:50 -07:00
David Handermann 93788f9281
NIFI-12650 Upgraded json-path from 2.8.0 to 2.9.0 (#8282) 
- Upgraded json-smart from 2.4.11 to 2.5.0
- Added json-path to managed dependencies in root Maven configuration
- Suppressed OWASP Dependency Check finding resolved in json-path 2.9.0
 2024-01-22 13:18:28 -05:00
exceptionfactory 1864a370bb
NIFI-12621 Upgraded AWS SDK from 2.20.148 to 2.23.3 
- Upgraded AWS SDK from 1.12.573 to 1.12.637
- Added dependency check suppression to correct identification of newer ion-java library

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #8257.
 2024-01-17 13:03:47 +04:00
exceptionfactory c6f5f534cb
NIFI-12618 Upgraded Azure SDK BOM from 1.2.18 to 1.2.19 
- Suppressed CVE-2023-36052 not applicable to Java Azure libraries

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #8254.
 2024-01-16 23:08:52 +04:00
exceptionfactory e5e76d0161
NIFI-12393 Upgraded OWASP Check from 8.4.2 to 8.4.3 
- Upgraded Azure SDK BOM from 1.2.17 to 1.2.18
- Upgraded Reactor Netty HTTP from 1.0.34 to 1.0.39 for Azure Identity
- Upgraded MSAL4J from 1.13.10 to 1.14.0
- Upgraded Box Java SDK from 4.4.0 to 4.6.1
- Relocated Apache Ant managed versions to bundle parent modules
- Added okio-fakefilesystem to managed dependencies
- Suppressed vulnerability for Picocli misidentified as LINE library
- Added managed dependencies to nifi-code-coverage to avoid false positives due to different parent modules

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #8054.
 2023-11-21 12:16:12 +01:00
exceptionfactory 786784ef62 NIFI-12290 Migrated from Quartz to Spring for Cron Expressions 
- Removed support for Year field in Cron Expressions
- Changed numeric Day of Week field from starting with 1 to starting with 0
- Removed Quartz and C3P0 from Notice files

This closes #7951

Signed-off-by: Mike Moser <mosermw@apache.org>
 2023-10-30 18:47:02 +00:00
exceptionfactory 0e1ae2bd6f
NIFI-12276 Addressed Dependency Check Findings 
- Added dependency-check GitHub workflow
- Upgraded Janino Commons Compiler from 3.1.9 to 3.1.10
- Upgraded Azure SDK BOM from 1.2.16 to 1.2.17
- Upgraded GCP SDK BOM from 26.17.0 to 26.25.0
- Upgraded AWS SDK from 1.12.550 to 1.12.573
- Upgraded Hazelcast from 5.3.2 to 5.3.5
- Upgraded Jersey from 2.40 to 2.41
- Upgraded Camel Salesforce from 3.14.5 to 3.14.9
- Unified ZooKeeper versioning on 3.9.1
- Applied Groovy 2.4.21 to Hive 3 and Iceberg components
- Applied gRPC version 1.59.0 to Asana components
- Applied Jettison 1.5.4 to Atlas and Hive 3 components
- Managed JUnit 4 version to 4.13.2 for MockWebServer
- Excluded HBase libraries from Hive 3 following Iceberg approach
- Excluded Htrace from HBase components
- Upgraded OWASP Dependency Check from 8.4.0 to 8.4.2
- Removed non-applicable dependency check suppressions
- Added dependency check suppressions for non-applicable findings

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #7948.
 2023-10-27 16:21:38 -07:00
exceptionfactory 26d02fff49 NIFI-11729 Upgraded OWASP Dependency Check from 8.2.1 to 8.3.1 
- Updated OWASP suppressions to exclude several JSON and Kafka false positives
- Excluded JUnit dependency from Hive 3 JDBC

This closes #7411

Signed-off-by: Mike Thomsen <mthomsen@apache.org>
 2023-06-21 06:14:22 -04:00
exceptionfactory 50cda9a2e6
NIFI-11371 Upgraded Ranger from 2.3.0 to 2.4.0 
- Updated Elasticsearch client false positive vulnerability suppressions for new Ranger transitive dependencies

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #7109.
 2023-04-02 17:14:55 +02:00
exceptionfactory dde89c0b15
NIFI-11358 Upgraded Hadoop from 3.3.4 to 3.3.5 
- Upgraded Ranger Hadoop dependencies from 3.3.3 to 3.3.5
- Aligned Iceberg Hadoop version with project Hadoop version
- Updated Atlas dependencies to align hadoop-hdfs-client version with hadoop-common
- Updated Ranger hadoop-auth version to align with other Hadoop dependencies
- Updated Spark Livy bundle to align with project Hadoop version
- Removed unnecessary dependencies from Hive Test Utilities
- Updated HBase 2 Woodstox Core from 5.3.0 to 5.4.0
- Suppressed false positive vulnerabilities for HBase client libraries

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #7097.
 2023-03-29 13:12:57 +02:00
exceptionfactory 5214097c59
NIFI-11355 Upgraded Couchbase Client from 2.5.8 to 2.7.23 
- Suppressed vulnerability findings related to Couchbase Server

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #7094.
 2023-03-28 22:05:55 +02:00
exceptionfactory 5bdee9a714
NIFI-11347 This closes #7089. Upgraded OWASP Dependency Check from 8.0.2 to 8.2.1 
- Updated suppression configuration
- Upgraded Solr from 8.6.3 to 8.11.1 for Ranger
- Excluded Apache Ivy from Hive and Janus Graph dependencies
- Excluded Groovy from Hive tests

Signed-off-by: Joe Witt <joewitt@apache.org>
 2023-03-28 08:41:11 -07:00
exceptionfactory d3908dede8
NIFI-11253 Removed H2 1.4 database migration modules 
Signed-off-by: Matthew Burgess <mattyb149@apache.org>

This closes #7014
 2023-03-07 10:35:21 -05:00
exceptionfactory bda1bd326d
NIFI-11114 Thise closes #6906. Upgraded OWASP Dependency Check from 7.4.4 to 8.0.2 
- Added jetty-jmx to managed dependencies to maintain aligned versions

Signed-off-by: Joe Witt <joewitt@apache.org>
 2023-01-30 17:13:12 -07:00
exceptionfactory b107ae1f8c
NIFI-11046 Upgraded Dependency Check from 7.3.2 to 7.4.4 
- Removed false positive suppressions no longer necessary in current version

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #6839.
 2023-01-14 16:47:28 +01:00
exceptionfactory a7bf2763cd
NIFI-10933 Upgraded OWASP Dependency Check from 7.1.2 to 7.3.2 
- Removed non-applicable suppressions
- Added suppressions for Elasticsearch client libraries and other false positives

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #6751.
 2022-12-02 20:45:03 +01:00
exceptionfactory ae14ef2d1f
NIFI-10373 Set managed version for AWS 1 and 2 SDK 
- Replaced individual AWS SDK versions with root managed dependency version
- Set AWS SDK 1 version to 1.12.299
- Set AWS SDK 2 version to 2.17.270
- Suppressed false positive dependency vulnerability for aws-sdk-swf-libraries

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #6405.
 2022-09-13 15:06:42 +02:00
exceptionfactory 6350829676 NIFI-10384 Upgraded Avatica to 1.22.0 for Hive 3 
Signed-off-by: Nathan Gough <thenatog@gmail.com>

This closes #6323.
 2022-09-01 12:43:04 -04:00
exceptionfactory d2dbaa3c62
NIFI-10346 Added OWASP Dependency Check Suppressions 
- Suppressed Apache Calcite vulnerabilities not applicable to Calcite Avatica subproject
- Suppressed HBase server vulnerabilities not applicable to client libraries
- Suppressed several mismatched product vulnerabilities

This closes #6290
Signed-off-by: Paul Grey <greyp@apache.org>
 2022-08-19 16:31:11 -04:00
exceptionfactory a89873f437
NIFI-9518 Upgraded mysql-binlog-connector-java from 0.20.1 to 0.26.1 
- Changed from com.github.shyiko to com.zendesk dependency group for current library version

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #6302.
 2022-08-17 10:51:35 +02:00
exceptionfactory 7244b9cfc4
NIFI-10271 This closes #6242. Upgraded Xerces from 2.12.1 to 2.12.2 
- Suppressed false positive vulnerability report for CVE-2017-10355

Signed-off-by: Joe Witt <joewitt@apache.org>
 2022-07-23 17:59:33 -07:00
exceptionfactory ee3dcc78bf
NIFI-10173 This closes #6164. Upgraded Flume from 1.6.0 to 1.10.0 
- Removed unmaintained flume-dataset-sink and flume-ng-elasticsearch-sink dependencies
- Added dependency-check suppression configuration for false positives on Flume libraries

Signed-off-by: Joe Witt <joewitt@apache.org>
 2022-06-29 10:04:09 -07:00
exceptionfactory 6a285c67e5
NIFI-10122 Upgraded Spark Streaming to 3.3.0 
- Added false positive vulnerability suppression for Spark modules

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #6130.
 2022-06-16 18:12:47 +02:00
exceptionfactory 6c6cb99b38
NIFI-10118 Upgraded OWASP Dependency Check from 7.1.0 to 7.1.1 
This closes #6127

Signed-off-by: David Handermann <exceptionfactory@apache.org>
 2022-06-14 16:17:50 -05:00
exceptionfactory 18ecb73441
NIFI-10092 Updated OWASP dependency-check suppressions 
- Changed Maven profile from owasp to dependency-check
- Configured dependency check plugin to run in validate phase

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #6100.
 2022-06-07 14:31:09 +01:00
exceptionfactory 2d5e24c0a2
NIFI-9975 Upgraded OWASP Dependency Check from 6.5.3 to 7.1.0 
- Removed unnecessary suppression configurations due to detection improvements

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #6004.
 2022-04-29 10:08:49 +02:00
exceptionfactory cacd6bb88a
NIFI-9270 Upgraded JGit from 5.11.1 to 5.13.0 
- Adjusted OWASP dependency-check suppressions to match Registry and MiNiFi packages

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #5431.
 2021-10-03 10:54:30 +02:00
exceptionfactory 6f87865e27
NIFI-9213 Upgraded Dependency Check Plugin to 6.3.1 
- Suppressed false positive for ftpserver
- Suppressed false positive for com.metamx:http-client
- Suppressed false positive for Jetty servlet-api
- Suppressed false positive for Testcontainers MySQL
- Suppressed false positive for vorbis-java-tika

This closes #5384

Signed-off-by: Joe Gresock <jgresock@gmail.com>
 2021-09-18 07:42:42 -04:00
exceptionfactory c273b02ebe
NIFI-9008 Added Jetty modules to managed dependencies 
- Updated OWASP dependency check suppressions with jetty-test-helper

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #5281.
 2021-08-05 12:01:02 +02:00
exceptionfactory 06ebb761a2
NIFI-5541 This closes #4971. Added OWASP Maven build profile for dependency checking 
Signed-off-by: Joe Witt <joewitt@apache.org>
 2021-04-12 20:46:51 -07:00