8723014c12
Bump protobuf-java from 3.20.1 to 3.21.1 in /plugins/repository-hdfs ( #3472 )
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-30 21:30:08 -07:00
5320b680e7
Bump avro from 1.10.2 to 1.11.0 in /plugins/repository-hdfs ( #3358 )
...
* Bump avro from 1.10.2 to 1.11.0 in /plugins/repository-hdfs
Bumps avro from 1.10.2 to 1.11.0.
---
updated-dependencies:
- dependency-name: org.apache.avro:avro
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Updating SHAs
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
2022-05-25 10:21:20 -07:00
2711d324f6
Bump re2j from 1.1 to 1.6 in /plugins/repository-hdfs ( #3337 )
...
* Bump re2j from 1.1 to 1.6 in /plugins/repository-hdfs
Bumps [re2j](https://github.com/google/re2j ) from 1.1 to 1.6.
- [Release notes](https://github.com/google/re2j/releases )
- [Commits](https://github.com/google/re2j/compare/re2j-1.1...re2j-1.6 )
---
updated-dependencies:
- dependency-name: com.google.re2j:re2j
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Updating SHAs
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
2022-05-16 11:46:35 -04:00
1edcd480c1
Bump zookeeper from 3.7.0 to 3.8.0 in /plugins/repository-hdfs ( #3251 )
...
* Bump zookeeper from 3.7.0 to 3.8.0 in /plugins/repository-hdfs
Bumps zookeeper from 3.7.0 to 3.8.0.
---
updated-dependencies:
- dependency-name: org.apache.zookeeper:zookeeper
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Updating SHAs
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
2022-05-09 14:16:14 -04:00
4fef5a3e8c
Bump commons-cli from 1.2 to 1.5.0 in /plugins/repository-hdfs ( #3125 )
...
* Bump commons-cli from 1.2 to 1.5.0 in /plugins/repository-hdfs
Bumps commons-cli from 1.2 to 1.5.0.
---
updated-dependencies:
- dependency-name: commons-cli:commons-cli
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Updating SHAs
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
2022-05-02 10:22:57 -07:00
f3404fdeec
Bump protobuf-java from 3.20.0 to 3.20.1 in /plugins/repository-hdfs ( #3062 )
...
* Bump protobuf-java from 3.20.0 to 3.20.1 in /plugins/repository-hdfs
Bumps [protobuf-java](https://github.com/protocolbuffers/protobuf ) from 3.20.0 to 3.20.1.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases )
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/generate_changelog.py )
- [Commits](https://github.com/protocolbuffers/protobuf/compare/v3.20.0...v3.20.1 )
---
updated-dependencies:
- dependency-name: com.google.protobuf:protobuf-java
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* Updating SHAs
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-25 11:45:43 -05:00
bb19f627f0
Bump guava from 30.1.1-jre to 31.1-jre in /plugins/repository-hdfs ( #2948 )
...
* Bump guava from 30.1.1-jre to 31.1-jre in /plugins/repository-hdfs
Bumps [guava](https://github.com/google/guava ) from 30.1.1-jre to 31.1-jre.
- [Release notes](https://github.com/google/guava/releases )
- [Commits](https://github.com/google/guava/commits )
---
updated-dependencies:
- dependency-name: com.google.guava:guava
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
* Updating SHAs
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
2022-04-18 11:30:36 -07:00
00ae764752
Bump protobuf-java from 3.19.3 to 3.20.0 in /plugins/repository-hdfs ( #2836 )
...
* Bump protobuf-java from 3.19.3 to 3.20.0 in /plugins/repository-hdfs
Bumps [protobuf-java](https://github.com/protocolbuffers/protobuf ) from 3.19.3 to 3.20.0.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases )
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/generate_changelog.py )
- [Commits](https://github.com/protocolbuffers/protobuf/compare/v3.19.3...v3.20.0 )
---
updated-dependencies:
- dependency-name: com.google.protobuf:protobuf-java
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Updating SHAs
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
2022-04-11 11:48:21 -04:00
b5d5616d44
Update commons-logging to 1.2 ( #2806 )
...
* Upgrade to Apache Commons Logging 1.2
Signed-off-by: Yoann Rodière <yoann@hibernate.org>
* Clarify that Apache HTTP/commons-* dependencies are not just for tests
Signed-off-by: Yoann Rodière <yoann@hibernate.org>
2022-04-08 16:43:51 -04:00
baaab58ccc
Bump json-smart from 2.4.7 to 2.4.8 in /plugins/repository-hdfs ( #2735 )
...
* Bump json-smart from 2.4.7 to 2.4.8 in /plugins/repository-hdfs
Bumps [json-smart](https://github.com/netplex/json-smart-v2 ) from 2.4.7 to 2.4.8.
- [Release notes](https://github.com/netplex/json-smart-v2/releases )
- [Commits](https://github.com/netplex/json-smart-v2/commits/2.4.8 )
---
updated-dependencies:
- dependency-name: net.minidev:json-smart
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* Updating SHAs
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
2022-04-04 11:18:28 -07:00
d8a1ba6912
[CVE-2020-36518] Update jackson-databind to 2.13.2.2 ( #2599 )
...
Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
2022-03-29 12:24:37 -04:00
2425f64baa
Bump htrace-core4 from 4.1.0-incubating to 4.2.0-incubating in /plugins/repository-hdfs ( #2618 )
...
* Bump htrace-core4 in /plugins/repository-hdfs
Bumps htrace-core4 from 4.1.0-incubating to 4.2.0-incubating.
---
updated-dependencies:
- dependency-name: org.apache.htrace:htrace-core4
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Updating SHAs
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
2022-03-28 15:02:44 -04:00
d2bdcdec33
Bump commons-lang3 from 3.7 to 3.12.0 in /plugins/repository-hdfs ( #2552 )
...
Bumps commons-lang3 from 3.7 to 3.12.0.
---
updated-dependencies:
- dependency-name: org.apache.commons:commons-lang3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-21 22:44:46 -05:00
d43235c5cf
Move Jackson-databind to 2.13.2 ( #2548 )
...
Resolves CVE-2020-36518
Signed-off-by: Peter Nied <petern@amazon.com>
2022-03-21 18:44:13 -05:00
1b8181cb50
Bump gson from 2.8.9 to 2.9.0 in /plugins/repository-hdfs ( #2279 )
...
* Bump gson from 2.8.9 to 2.9.0 in /plugins/repository-hdfs
Bumps [gson](https://github.com/google/gson ) from 2.8.9 to 2.9.0.
- [Release notes](https://github.com/google/gson/releases )
- [Changelog](https://github.com/google/gson/blob/master/CHANGELOG.md )
- [Commits](https://github.com/google/gson/compare/gson-parent-2.8.9...gson-parent-2.9.0 )
---
updated-dependencies:
- dependency-name: com.google.code.gson:gson
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Updating SHAs
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
2022-02-28 12:17:16 -08:00
1cd009567c
Bump woodstox-core from 6.1.1 to 6.2.8 in /plugins/repository-hdfs ( #2187 )
...
* Bump woodstox-core from 6.1.1 to 6.2.8 in /plugins/repository-hdfs
Bumps [woodstox-core](https://github.com/FasterXML/woodstox ) from 6.1.1 to 6.2.8.
- [Release notes](https://github.com/FasterXML/woodstox/releases )
- [Commits](https://github.com/FasterXML/woodstox/compare/woodstox-core-6.1.1...woodstox-core-6.2.8 )
---
updated-dependencies:
- dependency-name: com.fasterxml.woodstox:woodstox-core
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Updating SHAs
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
2022-02-21 11:53:15 -08:00
3ce6c025c4
Bump commons-io from 2.7 to 2.11.0 in /plugins/repository-hdfs ( #2140 )
...
* Bump commons-io from 2.7 to 2.11.0 in /plugins/repository-hdfs
Bumps commons-io from 2.7 to 2.11.0.
---
updated-dependencies:
- dependency-name: commons-io:commons-io
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Updating SHAs
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
2022-02-17 16:00:49 -08:00
1568407c36
Upgrading Jackson-Databind version ( #1982 )
...
* Upgrading Jackson-Databind version
Signed-off-by: Rishikesh1159 <rishireddy1159@gmail.com>
* Adding jackson-databind version using getProperty method
Signed-off-by: Rishikesh1159 <rishireddy1159@gmail.com>
2022-01-26 20:44:22 -08:00
8b8d04173c
Update protobuf-java to 3.19.3 ( #1945 )
...
* Update protobuf-java to 3.19.3
Signed-off-by: Tianli Feng <ftl94@live.com>
* Exclude some API usage violations in the package com.google.protobuf for thirdPartyAudit task to pass
Signed-off-by: Tianli Feng <ftl94@live.com>
2022-01-20 11:05:28 -08:00
32f2189686
Update Netty to 4.1.73.Final ( #1936 )
...
Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
2022-01-18 16:30:18 -08:00
7a97018a92
Updatting Netty to 4.1.72.Final ( #1831 )
2022-01-03 07:30:52 -05:00
65804d25a6
Update to log4j 2.17.1 ( #1820 )
...
Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
2021-12-28 17:06:42 -05:00
ca27c8fd4f
Update to log4j 2.17.0 ( #1771 )
2021-12-18 09:36:59 -08:00
6db435412b
Upgrade to log4j 2.16.0 ( #1721 )
...
Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
2021-12-14 07:34:45 -05:00
309649ce8a
Upgrade to logj4 2.15.0 ( #1698 )
...
Signed-off-by: Andrew Ross <andrross@amazon.com>
2021-12-10 13:03:41 -08:00
e0e6995c4a
Updating Log4j to 2.11.2 ( #1696 )
...
Signed-off-by: Sarat Vemulapalli <vemulapallisarat@gmail.com>
2021-12-10 08:03:45 -08:00
fd87f3a2d7
Upgrading commons-codec in hdfs-fixture and cleaning up dependencies in repository-hdfs ( #1603 )
...
Signed-off-by: Vacha <vachshah@amazon.com>
2021-11-23 13:32:33 -05:00
bcfb57c06a
Upgrade dependency ( #1571 )
...
* Upgrading guava, commons-io and apache-ant dependencies
Signed-off-by: Vacha <vachshah@amazon.com>
* Adding failureaccess since guava needs it
Signed-off-by: Vacha <vachshah@amazon.com>
2021-11-18 13:38:49 -05:00
c6dd484ce3
Upgrading gson to 2.8.9 ( #1541 )
...
Signed-off-by: Vacha <vachshah@amazon.com>
2021-11-15 14:10:29 -05:00
01d1cb0ce6
Updated links for linkchecker ( #1539 )
...
Signed-off-by: Ryan Bogan <rbogan@amazon.com>
2021-11-11 18:24:26 -05:00
af6ae752b4
Upgrading dependencies ( #1491 )
...
Signed-off-by: Vacha <vachshah@amazon.com>
2021-11-02 13:47:54 -07:00
389b7dfa18
Upgrading dependencies in hdfs plugin ( #1466 )
...
Signed-off-by: Vacha <vachshah@amazon.com>
2021-11-01 12:58:07 -07:00
d151082832
Upgrade hadoop dependencies for hdfs plugin ( #1335 )
...
* Upgrade hadoop dependencies for hdfs plugin
Signed-off-by: Vacha <vachshah@amazon.com>
* Fixing gradle check failures
Signed-off-by: Vacha <vachshah@amazon.com>
* Upgrading htrace-core4 to 4.1.0
Signed-off-by: Vacha <vachshah@amazon.com>
2021-10-14 14:43:49 -04:00
50abf6d066
[CVE] Upgrade dependencies to mitigate CVEs ( #657 )
...
This PR upgrade the following dependencies to fix CVEs.
- commons-codec:1.12 (->1.13) apache/commons-codec@48b6157
- ant:1.10.8 (->1.10.9) https://ant.apache.org/security.html
- jackson-databind:2.10.4 (->2.11.0) FasterXML/jackson-databind#2589
- jackson-dataformat-cbor:2.10.4 (->2.11.0) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28491
- apache-httpclient:4.5.10 (->4.5.13) https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-13956
- checkstyle:8.20 (->8.29) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10782
- junit:4.12 (->4.13.1) https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp
- netty:4.1.49.Final (->4.1.59) https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2
Signed-off-by: Rabi Panda <adnapibar@gmail.com>
2021-05-18 11:37:24 -07:00
943c778a7f
[CVE-2018-11765] Upgrade hadoop dependencies for hdfs plugin ( #654 )
...
Hadoop 2.8.5 has been reported to have CVEs (https://bugzilla.redhat.com/show_bug.cgi?id=1883549 ). We need to upgrade this to 2.10.1. This also updates the hadoop-minicluster version to 2.10.1 as well. This upgrade also brings in two additional dependencies, woodstox-core and stax2-api that are added along with the sha1s, licenses and notices.
Also upgrade guava to the latest as per the CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908
Signed-off-by: Rabi Panda <adnapibar@gmail.com>
2021-05-13 14:56:47 -07:00
b84c74cf70
Update the HDFS version used by HDFS Repo ( #53693 ) ( #54125 )
2020-03-25 14:01:29 -04:00
371cb9a8ce
Remove Log4j 1.2 API as a dependency ( #42702 )
...
We had this as a dependency for legacy dependencies that still needed
the Log4j 1.2 API. This appears to no longer be necessary, so this
commit removes this artifact as a dependency.
To remove this dependency, we had to fix a few places where we were
accidentally relying on Log4j 1.2 instead of Log4j 2 (easy to do, since
both APIs were on the compile-time classpath).
Finally, we can remove our custom Netty logger factory. This was needed
when we were on Log4j 1.2 and handled logging in our own unique
way. When we migrated to Log4j 2 we could have dropped this
dependency. However, even then Netty would still pick up Log4j 1.2 since
it was on the classpath, thus the advantage to removing this as a
dependency now.
2019-05-30 16:08:07 -04:00
54dbf9469c
Update httpclient for JDK 11 TLS engine ( #37994 )
...
The apache commons http client implementations recently released
versions that solve TLS compatibility issues with the new TLS engine
that supports TLSv1.3 with JDK 11. This change updates our code to
use these versions since JDK 11 is a supported JDK and we should
allow the use of TLSv1.3.
2019-01-30 14:24:29 -07:00
0a67cb4133
LOGGING: Upgrade to Log4J 2.11.1 ( #32616 )
...
* LOGGING: Upgrade to Log4J 2.11.1
* Upgrade to `2.11.1` to fix memory leaks in slow logger when logging large requests
* This was caused by a bug in Log4J https://issues.apache.org/jira/browse/LOG4J2-2269 and is fixed in `2.11.1` via https://git-wip-us.apache.org/repos/asf?p=logging-log4j2.git;h=9496c0c
* Fixes #32537
* Fixes #27300
2018-08-06 14:56:21 +02:00
e16f1271b6
Fix SecurityException when HDFS Repository used against HA Namenodes ( #27196 )
...
* Sense HA HDFS settings and remove permission restrictions during regular execution.
This PR adds integration tests for HA-Enabled HDFS deployments, both regular and secured.
The Mini HDFS fixture has been updated to optionally run in HA-Mode. A new test suite has
been added for reproducing the effects of a Namenode failing over during regular repository
usage. Going forward, the HDFS Repository will still be subject to its self imposed permission
restrictions during normal use, but will no longer restrict them when running against an HA
enabled HDFS cluster. Instead, the plugin will rely on the provided security policy and not
further restrict the permissions so that the transparent operation to failover to a different
Namenode in the client does not raise security exceptions. Additionally, we are now testing the
secure mode with SASL based wire encryption of data between Elasticsearch and HDFS. This
includes a missing library (commons codec) in order to support this change.
2017-12-01 14:26:05 -05:00
2e63a13c0a
Upgrade to Log4j 2.9.1
...
This commit upgrades the Log4j dependency, picking up a fix for an issue
with handling stack traces on JDK 9.
Relates #26750
2017-09-22 11:57:06 -04:00
f6a489f323
Add Log4j to SLF4J binding for repository-hdfs
...
This commit adds the Log4j to SLF4J binding JAR to the repository-hdfs
plugin so that SLF4J can detect Log4j at runtime and therefore use the
server Log4j implementation for logging (and the usual Elasticsearch
APIs can be used for setting logging levels).
Relates #26514
2017-09-05 19:38:17 -04:00
74f4a14d82
Upgrading HDFS Repository Plugin to use HDFS 2.8.1 Client ( #25497 )
...
Hadoop 2.7.x libraries fail when running on JDK9 due to the version string changing to a single
character. On Hadoop 2.8, this is no longer a problem, and it is unclear on whether the fix will be
backported to the 2.7 branch. This commit upgrades our dependency of Hadoop for the HDFS
Repository to 2.8.1.
2017-06-30 17:57:56 -04:00
b9622251fe
Correct version on repository-hdfs Guava dependency
...
This commit sets the version on the repository-hdfs Guava dependency to
version 11.0.2. This change is made to align the version here with the
version that is defined in the POM for Hadoop 2.7.1, the version of
Hadoop that the repository-hdfs plugin is based on. See HADOOP-10101 and
HADOOP-11319 for the ridiculous history of trying to upgrade Guava past
this version in the Hadoop project.
Relates #23420
2017-03-01 16:29:06 -05:00
80ae2b0002
Fix more licenses
2016-03-09 00:10:59 -08:00
ba5be0332d
Remove optional logger wrappers
...
Removes all our logger wrappers except the wrapper for log4j1.2. If you
depend on Elasticsearch's jar in your application you'll need to declare
log4j 1.2 and/or some bridge to your favorite logger.
We did this to simplify our builds and code. No more commons-logging like
log implementation sniffing. No more optional dependency hacks in gradle.
We might one day want to use j.u.l instead of log4j. If we do want that
we can recover its wrapper by studying this commit. We didn't go directly
to j.u.l in this commit because that is a bigger change. Our logging
configuration is based on log4j1.2 and people are used to it. So it'd
be a much more fraught breaking change to do that conversion.
2016-02-26 16:41:07 -05:00
e2b2ee24fa
Add licensing for dependencies
2015-12-19 03:06:40 -05:00
dependabot[bot]
Yoann Rodière
Andriy Redko
Peter Nied
Rishikesh Pasham
Tianli Feng
Sarat Vemulapalli
Andrew Ross
Vacha
Ryan Bogan
Rabi Panda
James Baiera
Jason Tedor
Jay Modi
Armin Braun
Ryan Ernst
Nik Everett
Robert Muir