This is an automated email from the ASF dual-hosted git repository. mblow pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/asterixdb.git
commit 028998c50b2015a5d08228fd087ad5e2887d6d55 Merge: ad2e106326 4bdcbc5881 Author: Michael Blow <[email protected]> AuthorDate: Tue Oct 10 13:54:07 2023 -0400 Merge branch 'gerrit/trinity' into 'master' Change-Id: If21b84885d2b5d8e899b58eeb1955079c00e34d3 .../asterix/active/IActiveNotificationHandler.java | 8 +- asterixdb/asterix-external-data/pom.xml | 24 +- asterixdb/asterix-server/pom.xml | 8 +- asterixdb/pom.xml | 111 ++---- .../appended-resources/supplemental-models.xml | 382 +++++++-------------- ...oogleapis_api-common-java_blob_main_LICENSE.txt | 26 ++ ...com_googleapis_gax-java_blob_master_LICENSE.txt | 27 ++ .../opensource.org_licenses_BSD-3-Clause.txt | 11 + ...ercontent.com_grpc_grpc-java_v1.52.1_NOTICE.txt | 62 ---- ...rcontent.com_grpc_grpc-java_v1.56.1_NOTICE.txt} | 0 ...nt.com_xerial_snappy-java_v1.1.10.5_NOTICE.txt} | 10 +- .../licenses/content/spdx.org_licenses_MIT.txt | 9 + hyracks-fullstack/hyracks/hyracks-hdfs/pom.xml | 14 - hyracks-fullstack/pom.xml | 61 +--- 14 files changed, 277 insertions(+), 476 deletions(-) diff --cc asterixdb/asterix-external-data/pom.xml index 5957eff6fc,4306864c5c..476708b32e --- a/asterixdb/asterix-external-data/pom.xml +++ b/asterixdb/asterix-external-data/pom.xml @@@ -561,16 -560,11 +560,21 @@@ <groupId>net.minidev</groupId> <artifactId>json-smart</artifactId> </dependency> + <!-- Manually overridden to avoid CVE-2023-1436, CVE-2022-45693, CVE-2022-45685, CVE-2022-40150, CVE-2022-40149 --> + <dependency> + <groupId>org.codehaus.jettison</groupId> + <artifactId>jettison</artifactId> + </dependency> + <dependency> + <groupId>org.apache.iceberg</groupId> + <artifactId>iceberg-core</artifactId> + <version>1.1.0</version> + </dependency> + <dependency> + <groupId>org.apache.avro</groupId> + <artifactId>avro</artifactId> + <version>1.11.1</version> + </dependency> </dependencies> <!-- apply patch for HADOOP-17225 to workaround CVE-2019-10172 --> <repositories> diff --cc asterixdb/asterix-server/pom.xml index 41720333fc,479ef8508b..98517ef213 --- a/asterixdb/asterix-server/pom.xml +++ b/asterixdb/asterix-server/pom.xml @@@ -544,52 -540,6 +544,45 @@@ <gav>com.google.api:gax-grpc:2.7.1</gav> <url>https://raw.githubusercontent.com/googleapis/gax-java/v2.7.1/LICENSE</url> </override> - <override> - <gavs> - <gav>org.bouncycastle:bcprov-jdk15on:1.60</gav> - <gav>org.bouncycastle:bcpkix-jdk15on:1.60</gav> - </gavs> - <url>https://raw.githubusercontent.com/bcgit/bc-java/r1rv60/LICENSE.html</url> - </override> + <override> + <gavs> + <gav>org.jetbrains:annotations:17.0.0</gav> + </gavs> + <url>https://raw.githubusercontent.com/JetBrains/java-annotations/master/LICENSE.txt</url> + </override> + <override> + <gavs> + <gav>org.roaringbitmap:RoaringBitmap:0.9.22</gav> + <gav>org.roaringbitmap:shims:0.9.22</gav> + </gavs> + <url>https://raw.githubusercontent.com/RoaringBitmap/RoaringBitmap/0.9.39/LICENSE</url> + </override> + <override> + <gavs> + <gav>io.airlift:aircompressor:0.21</gav> + </gavs> + <url>https://raw.githubusercontent.com/airlift/aircompressor/0.21/license.txt</url> + <noticeUrl>https://raw.githubusercontent.com/airlift/aircompressor/0.21/notice.md</noticeUrl> + </override> + <override> + <gavs> + <gav>org.apache.orc:orc-core:1.8.0</gav> + </gavs> + <url>https://raw.githubusercontent.com/apache/orc/v1.8.0/LICENSE</url> + <noticeUrl>https://raw.githubusercontent.com/apache/orc/v1.8.0/NOTICE</noticeUrl> + </override> + <override> + <gavs> + <gav>tech.allegro.schema.json2avro:converter:0.2.15</gav> + </gavs> + <url>https://raw.githubusercontent.com/allegro/json-avro-converter/json-avro-converter-0.2.15/LICENSE.md</url> + </override> + <override> + <gavs> + <gav>com.github.stephenc.findbugs:findbugs-annotations:1.3.9-1</gav> + </gavs> + <url>https://www.apache.org/licenses/LICENSE-2.0.txt</url> + </override> </overrides> <licenses> <license> diff --cc asterixdb/pom.xml index d08b752a61,265aa37c91..65116d3150 --- a/asterixdb/pom.xml +++ b/asterixdb/pom.xml @@@ -82,18 -82,14 +82,18 @@@ <shim.stage>none</shim.stage> <pytestlib.stage>none</pytestlib.stage> <skip-npm-touch.stage>none</skip-npm-touch.stage> + <azurite.npm.install.stage>none</azurite.npm.install.stage> + <azurite.install.stage>none</azurite.install.stage> + <azurite.stage>none</azurite.stage> <!-- Versions under dependencymanagement or used in many projects via properties --> - <algebricks.version>0.3.8.2-SNAPSHOT</algebricks.version> - <hyracks.version>0.3.8.2-SNAPSHOT</hyracks.version> + <algebricks.version>0.3.9-SNAPSHOT</algebricks.version> + <hyracks.version>0.3.9-SNAPSHOT</hyracks.version> - <hadoop.version>3.3.4</hadoop.version> + <hadoop.version>3.3.6</hadoop.version> <jacoco.version>0.7.6.201602180812</jacoco.version> <log4j.version>2.19.0</log4j.version> - <awsjavasdk.version>2.17.218</awsjavasdk.version> + <awsjavasdk.version>2.20.135</awsjavasdk.version> + <awsjavasdk.crt.version>0.27.1</awsjavasdk.crt.version> <parquet.version>1.12.3</parquet.version> <hadoop-awsjavasdk.version>1.12.402</hadoop-awsjavasdk.version> <azureblobjavasdk.version>12.22.0</azureblobjavasdk.version> @@@ -2051,24 -1956,16 +2019,21 @@@ </exclusions> </dependency> <!-- Hadoop GCS end --> - - <!-- TODO(htowaileb): removed from hadoop transitively and added separately to avoid CVEs, can - be removed once upgraded to hadoop 3.3.4 as it addresses the CVEs --> <dependency> - <groupId>org.eclipse.jetty</groupId> - <artifactId>jetty-util</artifactId> - <version>9.4.51.v20230217</version> + <groupId>org.codehaus.jettison</groupId> + <artifactId>jettison</artifactId> + <version>1.5.4</version> </dependency> <dependency> - <groupId>org.eclipse.jetty</groupId> - <artifactId>jetty-util-ajax</artifactId> - <version>9.4.51.v20230217</version> + <groupId>io.grpc</groupId> + <artifactId>grpc-census</artifactId> + <version>1.56.1</version> </dependency> + <dependency> + <groupId>org.apache.avro</groupId> + <artifactId>avro</artifactId> + <version>1.11.1</version> + </dependency> </dependencies> </dependencyManagement>
