Skip to content

Commit

Permalink
Fix WS-2023-0236
Browse files Browse the repository at this point in the history 
Signed-off-by: Asif Sohail Mohammed <[email protected]>
Signed-off-by: Asif Sohail Mohammed <[email protected]>
  • Loading branch information
@asifsmohammed
asifsmohammed committed Sep 26, 2023
1 parent e40fbb1 commit 72d89de
Show file tree
Hide file tree
Showing 5 changed files with 10 additions and 30 deletions.
19 changes: 1 addition & 18 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ subprojects {
}
dependencies {
implementation platform('com.fasterxml.jackson:jackson-bom:2.15.0')
implementation platform('org.eclipse.jetty:jetty-bom:11.0.16')
implementation platform('io.micrometer:micrometer-bom:1.10.5')
implementation libs.guava.core
implementation libs.slf4j.api
Expand Down Expand Up @@ -145,24 +146,6 @@ subprojects {
}
because 'CVE from transitive dependencies'
}
implementation('org.eclipse.jetty:jetty-http') {
version {
require '11.0.16'
}
because 'CVE from transitive dependencies'
}
implementation('org.eclipse.jetty:jetty-server') {
version {
require '11.0.16'
}
because 'CVE from transitive dependencies'
}
implementation('org.eclipse.jetty:jetty-servlets') {
version {
require '11.0.16'
}
because 'CVE from transitive dependencies'
}
implementation('org.jetbrains.kotlin:kotlin-stdlib') {
version {
require '1.8.21'
Expand Down
4 changes: 2 additions & 2 deletions data-prepper-plugins/parquet-codecs/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ dependencies {
implementation project(':data-prepper-api')
implementation project(':data-prepper-plugins:common')
implementation 'org.apache.avro:avro:1.11.0'
implementation 'org.apache.hadoop:hadoop-common:3.3.5'
implementation('org.apache.hadoop:hadoop-mapreduce-client-core:3.3.5') {
implementation libs.hadoop.common
implementation(libs.hadoop.mapreduce) {
exclude group: 'org.apache.hadoop', module: 'hadoop-hdfs-client'
}
implementation 'org.apache.parquet:parquet-avro:1.13.1'
Expand Down
2 changes: 1 addition & 1 deletion data-prepper-plugins/s3-sink/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ dependencies {
implementation 'org.jetbrains.kotlin:kotlin-stdlib:1.8.21'
implementation project(':data-prepper-plugins:avro-codecs')
implementation 'org.apache.avro:avro:1.11.1'
implementation 'org.apache.hadoop:hadoop-common:3.3.6'
implementation libs.hadoop.common
implementation 'org.apache.parquet:parquet-avro:1.13.1'
implementation 'software.amazon.awssdk:apache-client'
implementation 'org.jetbrains.kotlin:kotlin-stdlib-common:1.8.21'
Expand Down
10 changes: 1 addition & 9 deletions data-prepper-plugins/s3-source/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,19 +47,11 @@ dependencies {
testImplementation project(':data-prepper-core')
testImplementation project(':data-prepper-plugins:parquet-codecs')
testImplementation 'org.apache.avro:avro:1.11.0'
testImplementation 'org.apache.hadoop:hadoop-common:3.3.5'
testImplementation testLibs.hadoop.common
testImplementation 'org.apache.parquet:parquet-avro:1.13.1'
testImplementation 'org.apache.parquet:parquet-column:1.13.1'
testImplementation 'org.apache.parquet:parquet-common:1.13.1'
testImplementation 'org.apache.parquet:parquet-hadoop:1.13.1'
constraints {
testImplementation('org.eclipse.jetty:jetty-bom') {
version {
require '11.0.14'
}
because 'Fixes CVE-2023-26048'
}
}
}

test {
Expand Down
5 changes: 5 additions & 0 deletions settings.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,9 @@ dependencyResolutionManagement {
library('commons-io', 'commons-io', 'commons-io').version('2.13.0')
library('commons-codec', 'commons-codec', 'commons-codec').version('1.16.0')
library('commons-compress', 'org.apache.commons', 'commons-compress').version('1.24.0')
version('hadoop', '3.3.6')
library('hadoop-common', 'org.apache.hadoop', 'hadoop-common').versionRef('hadoop')
library('hadoop-mapreduce', 'org.apache.hadoop', 'hadoop-mapreduce-client-core').versionRef('hadoop')
}
testLibs {
version('junit', '5.8.2')
Expand All @@ -51,6 +54,7 @@ dependencyResolutionManagement {
version('awaitility', '4.2.0')
version('spring', '5.3.28')
version('slf4j', '2.0.6')
version('hadoop', '3.3.6')
library('junit-core', 'org.junit.jupiter', 'junit-jupiter').versionRef('junit')
library('junit-params', 'org.junit.jupiter', 'junit-jupiter-params').versionRef('junit')
library('junit-engine', 'org.junit.jupiter', 'junit-jupiter-engine').versionRef('junit')
Expand All @@ -64,6 +68,7 @@ dependencyResolutionManagement {
library('awaitility', 'org.awaitility', 'awaitility').versionRef('awaitility')
library('spring-test', 'org.springframework', 'spring-test').versionRef('spring')
library('slf4j-simple', 'org.slf4j', 'slf4j-simple').versionRef('slf4j')
library('hadoop-common', 'org.apache.hadoop', 'hadoop-common').versionRef('hadoop')
}
}
}
Expand Down

0 comments on commit 72d89de

Please sign in to comment.