This is an automated email from the ASF dual-hosted git repository. kezhenxu94 pushed a commit to branch dep in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git
commit 9f8b38056fba2112ad25ac086c03efe4db87d751 Author: kezhenxu94 <[email protected]> AuthorDate: Fri Sep 9 15:51:32 2022 +0800 Remove htrace dependencies --- docs/docs/en/faq.md | 2 +- docs/docs/zh/faq.md | 2 +- dolphinscheduler-bom/pom.xml | 91 +++++++++- dolphinscheduler-data-quality/pom.xml | 79 ++++---- dolphinscheduler-dist/pom.xml | 34 ++-- dolphinscheduler-dist/release-docs/LICENSE | 35 ++-- dolphinscheduler-dist/release-docs/NOTICE | 14 +- .../release-docs/licenses/LICENSE-htrace-core4.txt | 202 --------------------- pom.xml | 3 +- tools/dependencies/known-dependencies.txt | 38 ++-- 10 files changed, 181 insertions(+), 319 deletions(-) diff --git a/docs/docs/en/faq.md b/docs/docs/en/faq.md index 339d516b38..5981f47cf3 100644 --- a/docs/docs/en/faq.md +++ b/docs/docs/en/faq.md @@ -280,7 +280,7 @@ A : Will hive pom <dependency> <groupId>org.apache.hive</groupId> <artifactId>hive-jdbc</artifactId> - <version>2.3.3</version> + <version>2.3.9</version> </dependency> ``` diff --git a/docs/docs/zh/faq.md b/docs/docs/zh/faq.md index 745422ca87..3b7c56ab52 100644 --- a/docs/docs/zh/faq.md +++ b/docs/docs/zh/faq.md @@ -251,7 +251,7 @@ A: 将 hive pom <dependency> <groupId>org.apache.hive</groupId> <artifactId>hive-jdbc</artifactId> - <version>2.3.3</version> + <version>2.3.9</version> </dependency> ``` diff --git a/dolphinscheduler-bom/pom.xml b/dolphinscheduler-bom/pom.xml index 5061d5c719..bb107cfa5c 100644 --- a/dolphinscheduler-bom/pom.xml +++ b/dolphinscheduler-bom/pom.xml @@ -51,7 +51,7 @@ <commons-collections4.version>4.1</commons-collections4.version> <httpclient.version>4.5.13</httpclient.version> <httpcore.version>4.4.15</httpcore.version> - <jackson.version>2.13.0</jackson.version> + <jackson.version>2.13.4</jackson.version> <protostuff.version>1.7.2</protostuff.version> <byte-buddy.version>1.9.16</byte-buddy.version> <logback.version>1.2.11</logback.version> @@ -65,9 +65,9 @@ <javax.servlet-api.version>3.1.0</javax.servlet-api.version> <activation.version>1.1</activation.version> <javax-mail>1.6.2</javax-mail> - <guava.version>24.1-jre</guava.version> + <guava.version>31.1-jre</guava.version> <postgresql.version>42.4.1</postgresql.version> - <hive-jdbc.version>2.3.3</hive-jdbc.version> + <hive-jdbc.version>2.3.9</hive-jdbc.version> <commons-io.version>2.11.0</commons-io.version> <oshi-core.version>6.1.1</oshi-core.version> <clickhouse-jdbc.version>0.1.52</clickhouse-jdbc.version> @@ -86,12 +86,15 @@ <hibernate-validator.version>6.2.2.Final</hibernate-validator.version> <aws-sdk.version>1.12.160</aws-sdk.version> <joda-time.version>2.10.13</joda-time.version> - <okhttp.version>3.14.9</okhttp.version> + <okhttp.version>4.10.0</okhttp.version> <json-path.version>2.7.0</json-path.version> <spring-cloud-dependencies.version>2021.0.3</spring-cloud-dependencies.version> <gson.version>2.9.1</gson.version> <dropwizard.metrics-version>4.2.11</dropwizard.metrics-version> <snappy.version>1.1.8.4</snappy.version> + <spark.version>3.2.2</spark.version> + <janino.version>3.1.7</janino.version> + <snakeyaml.version>1.31</snakeyaml.version> </properties> <dependencyManagement> @@ -460,6 +463,20 @@ <version>${hadoop.version}</version> </dependency> + <dependency> + <groupId>org.apache.htrace</groupId> + <artifactId>htrace-core4</artifactId> + <scope>provided</scope> + <!-- set to provided to exclude from all hadoop-* transitive dependencies --> + </dependency> + + <!-- replace htrace-core with hbase-noop-htrace for CVE --> + <dependency> + <groupId>org.apache.hbase.thirdparty</groupId> + <artifactId>hbase-noop-htrace</artifactId> + <version>${htrace.version}</version> + </dependency> + <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-collections4</artifactId> @@ -482,6 +499,12 @@ <groupId>org.apache.hive</groupId> <artifactId>hive-jdbc</artifactId> <version>${hive-jdbc.version}</version> + <exclusions> + <exclusion> + <groupId>org.apache.orc</groupId> + <artifactId>orc-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> @@ -664,7 +687,65 @@ <artifactId>gson</artifactId> <version>${gson.version}</version> </dependency> - </dependencies> + <dependency> + <groupId>org.apache.spark</groupId> + <artifactId>spark-core_2.12</artifactId> + <version>${spark.version}</version> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.module</groupId> + <artifactId>jackson-module-scala_2.11</artifactId> + </exclusion> + </exclusions> + </dependency> + + <dependency> + <groupId>org.apache.spark</groupId> + <artifactId>spark-sql_2.12</artifactId> + <version>${spark.version}</version> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + </exclusion> + </exclusions> + </dependency> + + <dependency> + <groupId>org.apache.spark</groupId> + <artifactId>spark-hive_2.12</artifactId> + <version>${spark.version}</version> + <exclusions> + <exclusion> + <groupId>commons-httpclient</groupId> + <artifactId>commons-httpclient</artifactId> + </exclusion> + <exclusion> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient</artifactId> + </exclusion> + <exclusion> + <groupId>org.codehaus.jackson</groupId> + <artifactId>jackson-core-asl</artifactId> + </exclusion> + <exclusion> + <groupId>org.codehaus.jackson</groupId> + <artifactId>jackson-mapper-asl</artifactId> + </exclusion> + </exclusions> + </dependency> + + <dependency> + <groupId>org.codehaus.janino</groupId> + <artifactId>janino</artifactId> + <version>${janino.version}</version> + </dependency> + <dependency> + <groupId>org.yaml</groupId> + <artifactId>snakeyaml</artifactId> + <version>${snakeyaml.version}</version> + </dependency> + </dependencies> </dependencyManagement> </project> diff --git a/dolphinscheduler-data-quality/pom.xml b/dolphinscheduler-data-quality/pom.xml index 0147089c1d..8634ec99ff 100644 --- a/dolphinscheduler-data-quality/pom.xml +++ b/dolphinscheduler-data-quality/pom.xml @@ -15,59 +15,60 @@ ~ See the License for the specific language governing permissions and ~ limitations under the License. --> -<project xmlns="http://maven.apache.org/POM/4.0.0"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> <parent> - <artifactId>dolphinscheduler</artifactId> <groupId>org.apache.dolphinscheduler</groupId> + <artifactId>dolphinscheduler</artifactId> <version>dev-SNAPSHOT</version> </parent> - <modelVersion>4.0.0</modelVersion> <artifactId>dolphinscheduler-data-quality</artifactId> - <name>dolphinscheduler-data-quality</name> <packaging>jar</packaging> + <name>dolphinscheduler-data-quality</name> - <properties> - <scala.binary.version>2.12</scala.binary.version> - <spark.version>3.2.2</spark.version> - <jackson.version>2.13.0</jackson.version> - <jackson.databind.version>2.13.0</jackson.databind.version> - <scope>provided</scope> - </properties> + <dependencyManagement> + <dependencies> + <dependency> + <groupId>org.apache.dolphinscheduler</groupId> + <artifactId>dolphinscheduler-bom</artifactId> + <version>${project.version}</version> + <type>pom</type> + <scope>import</scope> + </dependency> + </dependencies> + </dependencyManagement> <dependencies> <dependency> <groupId>org.apache.spark</groupId> - <artifactId>spark-core_${scala.binary.version}</artifactId> - <version>${spark.version}</version> - <scope>${scope}</scope> + <artifactId>spark-core_2.12</artifactId> + <scope>provided</scope> <exclusions> <exclusion> - <artifactId>jackson-module-scala_2.11</artifactId> <groupId>com.fasterxml.jackson.module</groupId> + <artifactId>jackson-module-scala_2.11</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.apache.spark</groupId> - <artifactId>spark-sql_${scala.binary.version}</artifactId> - <version>${spark.version}</version> - <scope>${scope}</scope> + <artifactId>spark-sql_2.12</artifactId> + <scope>provided</scope> <exclusions> <exclusion> - <artifactId>jackson-core</artifactId> <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.apache.spark</groupId> - <artifactId>spark-hive_${scala.binary.version}</artifactId> - <version>${spark.version}</version> + <artifactId>spark-hive_2.12</artifactId> + <scope>provided</scope> <exclusions> <exclusion> <groupId>commons-httpclient</groupId> @@ -78,15 +79,14 @@ <artifactId>httpclient</artifactId> </exclusion> <exclusion> - <artifactId>jackson-core-asl</artifactId> <groupId>org.codehaus.jackson</groupId> + <artifactId>jackson-core-asl</artifactId> </exclusion> <exclusion> - <artifactId>jackson-mapper-asl</artifactId> <groupId>org.codehaus.jackson</groupId> + <artifactId>jackson-mapper-asl</artifactId> </exclusion> </exclusions> - <scope>${scope}</scope> </dependency> <dependency> @@ -110,8 +110,8 @@ <artifactId>clickhouse-jdbc</artifactId> <exclusions> <exclusion> - <artifactId>jackson-core</artifactId> <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> </exclusion> </exclusions> </dependency> @@ -121,8 +121,8 @@ <artifactId>mssql-jdbc</artifactId> <exclusions> <exclusion> - <artifactId>azure-keyvault</artifactId> <groupId>com.microsoft.azure</groupId> + <artifactId>azure-keyvault</artifactId> </exclusion> </exclusions> </dependency> @@ -140,12 +140,11 @@ <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> - <version>${jackson.databind.version}</version> - <scope>${scope}</scope> + <scope>provided</scope> <exclusions> <exclusion> - <artifactId>jackson-core</artifactId> <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> </exclusion> </exclusions> </dependency> @@ -153,12 +152,11 @@ <dependency> <groupId>com.fasterxml.jackson.module</groupId> <artifactId>jackson-module-scala_2.11</artifactId> - <version>${jackson.version}</version> - <scope>${scope}</scope> + <scope>provided</scope> <exclusions> <exclusion> - <artifactId>jackson-core</artifactId> <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> </exclusion> </exclusions> </dependency> @@ -166,21 +164,8 @@ <dependency> <groupId>org.codehaus.janino</groupId> <artifactId>janino</artifactId> - <version>3.0.8</version> - <scope>${scope}</scope> + <scope>provided</scope> </dependency> </dependencies> - - <dependencyManagement> - <dependencies> - <dependency> - <groupId>org.apache.dolphinscheduler</groupId> - <artifactId>dolphinscheduler-bom</artifactId> - <version>${project.version}</version> - <type>pom</type> - <scope>import</scope> - </dependency> - </dependencies> - </dependencyManagement> </project> diff --git a/dolphinscheduler-dist/pom.xml b/dolphinscheduler-dist/pom.xml index ba14b46576..22316a261a 100644 --- a/dolphinscheduler-dist/pom.xml +++ b/dolphinscheduler-dist/pom.xml @@ -15,14 +15,14 @@ ~ See the License for the specific language governing permissions and ~ limitations under the License. --> - -<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> <parent> - <artifactId>dolphinscheduler</artifactId> <groupId>org.apache.dolphinscheduler</groupId> + <artifactId>dolphinscheduler</artifactId> <version>dev-SNAPSHOT</version> </parent> - <modelVersion>4.0.0</modelVersion> <artifactId>dolphinscheduler-dist</artifactId> <name>${project.artifactId}</name> @@ -30,6 +30,18 @@ <maven.deploy.skip>true</maven.deploy.skip> </properties> + <dependencyManagement> + <dependencies> + <dependency> + <groupId>org.apache.dolphinscheduler</groupId> + <artifactId>dolphinscheduler-bom</artifactId> + <version>${project.version}</version> + <type>pom</type> + <scope>import</scope> + </dependency> + </dependencies> + </dependencyManagement> + <dependencies> <dependency> <groupId>org.apache.dolphinscheduler</groupId> @@ -72,6 +84,10 @@ </dependency> </dependencies> + <build> + <finalName>apache-dolphinscheduler-${project.version}</finalName> + </build> + <profiles> <profile> <id>release</id> @@ -82,10 +98,10 @@ <executions> <execution> <id>dolphinscheduler-bin</id> - <phase>package</phase> <goals> <goal>single</goal> </goals> + <phase>package</phase> <configuration> <descriptors> @@ -97,10 +113,10 @@ <execution> <id>src</id> - <phase>package</phase> <goals> <goal>single</goal> </goals> + <phase>package</phase> <configuration> <descriptors> <descriptor>src/main/assembly/dolphinscheduler-src.xml</descriptor> @@ -125,10 +141,10 @@ <execution> <id>python</id> - <phase>package</phase> <goals> <goal>single</goal> </goals> + <phase>package</phase> <configuration> <!-- Make final directory with simple name `python`, and without any addtion information --> <finalName>python</finalName> @@ -145,8 +161,4 @@ </build> </profile> </profiles> - - <build> - <finalName>apache-dolphinscheduler-${project.version}</finalName> - </build> </project> diff --git a/dolphinscheduler-dist/release-docs/LICENSE b/dolphinscheduler-dist/release-docs/LICENSE index aecabfc734..71a9c102e8 100644 --- a/dolphinscheduler-dist/release-docs/LICENSE +++ b/dolphinscheduler-dist/release-docs/LICENSE @@ -216,7 +216,7 @@ The following components are provided under the Apache License. See project link The text of each license is also included at licenses/LICENSE-[project].txt. accessors-smart 2.4.8: https://github.com/netplex/json-smart-v2, Apache 2.0 - aircompressor 0.3 https://mvnrepository.com/artifact/io.airlift/aircompressor, Apache 2.0 + failureaccess 1.0.1: https://mvnrepository.com/artifact/com.google.guava/failureaccess/1.0.1, Apache 2.0 tomcat-embed-el 9.0.65: https://mvnrepository.com/artifact/org.apache.tomcat.embed/tomcat-embed-el/9.0.65, Apache 2.0 audience-annotations 0.12.0: https://mvnrepository.com/artifact/org.apache.yetus/audience-annotations/0.12.0, Apache 2.0 avro 1.7.7: https://github.com/apache/avro, Apache 2.0 @@ -257,7 +257,7 @@ The text of each license is also included at licenses/LICENSE-[project].txt. metrics-core 4.2.11: https://mvnrepository.com/artifact/io.dropwizard.metrics/metrics-core, Apache 2.0 error_prone_annotations 2.1.3 https://mvnrepository.com/artifact/com.google.errorprone/error_prone_annotations/2.1.3, Apache 2.0 gson 2.9.1: https://github.com/google/gson, Apache 2.0 - guava 24.1-jre: https://mvnrepository.com/artifact/com.google.guava/guava/24.1-jre, Apache 2.0 + guava 31.1-jre: https://mvnrepository.com/artifact/com.google.guava/guava/31.1-jre, Apache 2.0 guava-retrying 2.0.0: https://mvnrepository.com/artifact/com.github.rholder/guava-retrying/2.0.0, Apache 2.0 hadoop-annotations 3.2.4:https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-annotations/3.2.4, Apache 2.0 hadoop-auth 3.2.4: https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-auth/3.2.4, Apache 2.0 @@ -272,21 +272,20 @@ The text of each license is also included at licenses/LICENSE-[project].txt. hadoop-yarn-client 3.2.4: https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-yarn-client/3.2.4, Apache 2.0 hadoop-yarn-common 3.2.4: https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-yarn-common/3.2.4, Apache 2.0 HikariCP 4.0.3: https://mvnrepository.com/artifact/com.zaxxer/HikariCP/4.0.3, Apache 2.0 - hive-common 2.3.3: https://mvnrepository.com/artifact/org.apache.hive/hive-common/2.3.3, Apache 2.0 - hive-jdbc 2.3.3: https://mvnrepository.com/artifact/org.apache.hive/hive-jdbc/2.3.3, Apache 2.0 - hive-metastore 2.3.3: https://mvnrepository.com/artifact/org.apache.hive/hive-metastore/2.3.3, Apache 2.0 - hive-serde 2.3.3: https://mvnrepository.com/artifact/org.apache.hive/hive-serde/2.3.3, Apache 2.0 - hive-service 2.3.3: https://mvnrepository.com/artifact/org.apache.hive/hive-service/2.3.3, Apache 2.0 - hive-service-rpc 2.3.3: https://mvnrepository.com/artifact/org.apache.hive/hive-service-rpc/2.3.3, Apache 2.0 + hive-common 2.3.9: https://mvnrepository.com/artifact/org.apache.hive/hive-common/2.3.9, Apache 2.0 + hive-jdbc 2.3.9: https://mvnrepository.com/artifact/org.apache.hive/hive-jdbc/2.3.9, Apache 2.0 + hive-metastore 2.3.9: https://mvnrepository.com/artifact/org.apache.hive/hive-metastore/2.3.9, Apache 2.0 + hive-serde 2.3.9: https://mvnrepository.com/artifact/org.apache.hive/hive-serde/2.3.9, Apache 2.0 + hive-service 2.3.9: https://mvnrepository.com/artifact/org.apache.hive/hive-service/2.3.9, Apache 2.0 + hive-service-rpc 2.3.9: https://mvnrepository.com/artifact/org.apache.hive/hive-service-rpc/2.3.9, Apache 2.0 hive-storage-api 2.4.0: https://mvnrepository.com/artifact/org.apache.hive/hive-storage-api/2.4.0, Apache 2.0 - htrace-core4 4.1.0-incubating: https://mvnrepository.com/artifact/org.apache.htrace/htrace-core4/4.1.0-incubating, Apache 2.0 httpclient 4.5.13: https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient/4.5.13, Apache 2.0 httpcore 4.4.15: https://mvnrepository.com/artifact/org.apache.httpcomponents/httpcore/4.4.15, Apache 2.0 httpmime 4.5.13: https://mvnrepository.com/artifact/org.apache.httpcomponents/httpmime/4.5.13, Apache 2.0 - jackson-annotations 2.13.0: https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-annotations/2.13.0, Apache 2.0 - jackson-core 2.13.0: https://github.com/FasterXML/jackson-core, Apache 2.0 + jackson-annotations 2.13.4: https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-annotations/2.13.4, Apache 2.0 + jackson-core 2.13.4: https://github.com/FasterXML/jackson-core, Apache 2.0 jackson-core-asl 1.9.13: https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-core-asl/1.9.13, Apache 2.0 - jackson-databind 2.13.0: https://github.com/FasterXML/jackson-databind, Apache 2.0 + jackson-databind 2.13.4: https://github.com/FasterXML/jackson-databind, Apache 2.0 jackson-datatype-jdk8 2.13.0: https://mvnrepository.com/artifact/com.fasterxml.jackson.datatype/jackson-datatype-jdk8/2.13.0, Apache 2.0 jackson-datatype-jsr310 2.13.0: https://mvnrepository.com/artifact/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.13.0, Apache 2.0 jackson-mapper-asl 1.9.13: https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-mapper-asl/1.9.13, Apache 2.0 @@ -314,7 +313,7 @@ The text of each license is also included at licenses/LICENSE-[project].txt. json-smart 2.4.8: https://github.com/netplex/json-smart-v2, Apache 2.0 jsqlparser 4.4: https://github.com/JSQLParser/JSqlParser, Apache 2.0 or LGPL 4.4 jsr305 3.0.0: https://mvnrepository.com/artifact/com.google.code.findbugs/jsr305, Apache 2.0 - j2objc-annotations 1.1 https://mvnrepository.com/artifact/com.google.j2objc/j2objc-annotations/1.1, Apache 2.0 + j2objc-annotations 1.3 https://mvnrepository.com/artifact/com.google.j2objc/j2objc-annotations/1.3, Apache 2.0 kerb-admin 1.0.1: https://mvnrepository.com/artifact/org.apache.kerby/kerb-admin/1.0.1, Apache 2.0 kerb-client 1.0.1: https://mvnrepository.com/artifact/org.apache.kerby/kerb-client/1.0.1, Apache 2.0 kerb-common 1.0.1: https://mvnrepository.com/artifact/org.apache.kerby/kerb-common/1.0.1, Apache 2.0 @@ -348,14 +347,13 @@ The text of each license is also included at licenses/LICENSE-[project].txt. nimbus-jose-jwt 9.8.1: https://mvnrepository.com/artifact/com.nimbusds/nimbus-jose-jwt/9.8.1, Apache 2.0 okhttp 2.7.5: https://mvnrepository.com/artifact/com.squareup.okhttp/okhttp/2.7.5, Apache 2.0 opencsv 2.3: https://mvnrepository.com/artifact/net.sf.opencsv/opencsv/2.3, Apache 2.0 - orc-core 1.3.3 https://mvnrepository.com/artifact/org.apache.orc/orc-core, Apache 2.0 parquet-hadoop-bundle 1.8.1: https://mvnrepository.com/artifact/org.apache.parquet/parquet-hadoop-bundle/1.8.1, Apache 2.0 poi 4.1.2: https://mvnrepository.com/artifact/org.apache.poi/poi/4.1.2, Apache 2.0 poi-ooxml 4.1.2: https://mvnrepository.com/artifact/org.apache.poi/poi-ooxml/4.1.2, Apache 2.0 poi-ooxml-schemas-4.1.2: https://mvnrepository.com/artifact/org.apache.poi/poi-ooxml-schemas/4.1.2, Apache 2.0 quartz 2.3.2: https://mvnrepository.com/artifact/org.quartz-scheduler/quartz/2.3.2, Apache 2.0 reload4j 1.2.18.3: https://mvnrepository.com/artifact/ch.qos.reload4j/reload4j/1.2.18.3, Apache 2.0 - snakeyaml 1.30: https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.30, Apache 2.0 + snakeyaml 1.31: https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.31, Apache 2.0 snappy-java 1.1.8.4: https://github.com/xerial/snappy-java, Apache 2.0 SparseBitSet 1.2: https://mvnrepository.com/artifact/com.zaxxer/SparseBitSet/1.2, Apache 2.0 spring-aop 5.3.13: https://mvnrepository.com/artifact/org.springframework/spring-aop/5.3.13, Apache 2.0 @@ -434,7 +432,7 @@ The text of each license is also included at licenses/LICENSE-[project].txt. jackson-dataformat-yaml 2.13.0 https://mvnrepository.com/artifact/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.13.0, Apache 2.0 logging-interceptor 4.9.3 https://mvnrepository.com/artifact/com.squareup.okhttp3/logging-interceptor/4.9.3, Apache 2.0 okhttp 3.14.3 https://mvnrepository.com/artifact/com.squareup.okhttp3/okhttp/3.14.3, Apache 2.0 - okio 1.17.2 https://mvnrepository.com/artifact/com.squareup.okio/okio/1.17.2, Apache 2.0 + okio 1.6.0 https://mvnrepository.com/artifact/com.squareup.okio/okio/1.6.0, Apache 2.0 hibernate-validator 6.2.2.Final https://mvnrepository.com/artifact/org.hibernate.validator/hibernate-validator/6.2.2.Final, Apache 2.0 jakarta.validation-api 2.0.2 https://mvnrepository.com/artifact/jakarta.validation/jakarta.validation-api/2.0.2, Apache 2.0 jboss-logging:jar 3.4.3.Final https://mvnrepository.com/artifact/org.jboss.logging/jboss-logging/3.4.3.Final, Apache 2.0 @@ -550,9 +548,8 @@ The text of each license is also included at licenses/LICENSE-[project].txt. ruamel.yaml 0.17: https://sourceforge.net/projects/ruamel-yaml, MIT slf4j-api 1.7.36: https://mvnrepository.com/artifact/org.slf4j/slf4j-api/1.7.36, MIT slf4j-reload4j 1.7.35: https://mvnrepository.com/artifact/org.slf4j/slf4j-reload4j/1.7.35, MIT - animal-sniffer-annotations 1.14 https://mvnrepository.com/artifact/org.codehaus.mojo/animal-sniffer-annotations/1.14, MIT - checker-compat-qual 2.0.0 https://mvnrepository.com/artifact/org.checkerframework/checker-compat-qual/2.0.0, MIT + GPLv2 - checker-qual 3.19.0 https://mvnrepository.com/artifact/org.checkerframework/checker-qual/3.19.0, MIT + GPLv2 + animal-sniffer-annotations 1.19 https://mvnrepository.com/artifact/org.codehaus.mojo/animal-sniffer-annotations/1.19, MIT + checker-qual 3.12.0 https://mvnrepository.com/artifact/org.checkerframework/checker-qual/3.12.0, MIT + GPLv2 Java-WebSocket 1.5.1: https://github.com/TooTallNate/Java-WebSocket MIT oshi-core 6.1.1: https://mvnrepository.com/artifact/com.github.oshi/oshi-core/6.1.1, MIT unirest-java 3.7.04-standalone: https://mvnrepository.com/artifact/com.konghq/unirest-java/3.7.04, MIT diff --git a/dolphinscheduler-dist/release-docs/NOTICE b/dolphinscheduler-dist/release-docs/NOTICE index ef6a6c0044..18a684fb87 100644 --- a/dolphinscheduler-dist/release-docs/NOTICE +++ b/dolphinscheduler-dist/release-docs/NOTICE @@ -1408,18 +1408,6 @@ This project contains annotations derived from JCIP-ANNOTATIONS Copyright (c) 2005 Brian Goetz and Tim Peierls. See http://www.jcip.net ========================================================================= - -htrace-core NOTICE - - -========================================================================= -Copyright 2015 The Apache Software Foundation - -This product includes software developed at -The Apache Software Foundation (http://www.apache.org/). -========================================================================= - - Hadoop NOTICE ========================================================================= @@ -2107,4 +2095,4 @@ perfmark NOTICE * LICENSE: * agent/src/main/resources/io/perfmark/agent/third_party/asm/LICENSE (BSD style License) * HOMEPAGE: - * https://asm.ow2.io/ \ No newline at end of file + * https://asm.ow2.io/ diff --git a/dolphinscheduler-dist/release-docs/licenses/LICENSE-htrace-core4.txt b/dolphinscheduler-dist/release-docs/licenses/LICENSE-htrace-core4.txt deleted file mode 100644 index d645695673..0000000000 --- a/dolphinscheduler-dist/release-docs/licenses/LICENSE-htrace-core4.txt +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/pom.xml b/pom.xml index 1e50eb29c9..a2dbccd253 100644 --- a/pom.xml +++ b/pom.xml @@ -84,7 +84,7 @@ <maven-jar-plugin.version>3.2.0</maven-jar-plugin.version> <powermock.version>2.0.9</powermock.version> <exec-maven-plugin.version>3.0.0</exec-maven-plugin.version> - <owasp-dependency-check-maven.version>7.0.4</owasp-dependency-check-maven.version> + <owasp-dependency-check-maven.version>7.1.2</owasp-dependency-check-maven.version> <lombok.version>1.18.20</lombok.version> <docker.hub>apache</docker.hub> <docker.repo>${project.name}</docker.repo> @@ -450,6 +450,7 @@ <workingDirectory>${project.basedir}</workingDirectory> <arguments> <argument>build</argument> + <argument>--load</argument> <argument>--no-cache</argument> <argument>-t</argument> <argument>${docker.hub}/${docker.repo}:${docker.tag}</argument> diff --git a/tools/dependencies/known-dependencies.txt b/tools/dependencies/known-dependencies.txt index bbfa7c9fcb..08ba7ce524 100644 --- a/tools/dependencies/known-dependencies.txt +++ b/tools/dependencies/known-dependencies.txt @@ -5,8 +5,7 @@ LatencyUtils-2.0.3.jar SparseBitSet-1.2.jar accessors-smart-2.4.8.jar activation-1.1.jar -aircompressor-0.3.jar -animal-sniffer-annotations-1.14.jar +animal-sniffer-annotations-1.19.jar annotations-13.0.jar asm-9.1.jar aspectjweaver-1.9.7.jar @@ -23,7 +22,7 @@ bcprov-jdk15on-1.68.jar bonecp-0.8.0.RELEASE.jar byte-buddy-1.9.16.jar caffeine-2.9.3.jar -checker-compat-qual-2.0.0.jar +checker-qual-3.12.0.jar checker-qual-3.19.0.jar checker-qual-3.5.0.jar classgraph-4.8.83.jar @@ -62,9 +61,10 @@ derby-10.14.2.0.jar dnsjava-2.1.7.jar druid-1.2.4.jar error_prone_annotations-2.5.1.jar +failureaccess-1.0.1.jar generex-1.0.2.jar gson-2.9.1.jar -guava-24.1-jre.jar +guava-31.1-jre.jar guava-retrying-2.0.0.jar h2-2.1.210.jar hadoop-annotations-3.2.4.jar @@ -79,25 +79,24 @@ hadoop-yarn-api-3.2.4.jar hadoop-yarn-client-3.2.4.jar hadoop-yarn-common-3.2.4.jar hibernate-validator-6.2.2.Final.jar -hive-common-2.3.3.jar -hive-jdbc-2.3.3.jar -hive-metastore-2.3.3.jar -hive-serde-2.3.3.jar -hive-service-2.3.3.jar -hive-service-rpc-2.3.3.jar +hive-common-2.3.9.jar +hive-jdbc-2.3.9.jar +hive-metastore-2.3.9.jar +hive-serde-2.3.9.jar +hive-service-2.3.9.jar +hive-service-rpc-2.3.9.jar hive-storage-api-2.4.0.jar -htrace-core4-4.1.0-incubating.jar httpasyncclient-4.1.5.jar httpclient-4.5.13.jar httpcore-4.4.15.jar httpcore-nio-4.4.15.jar httpmime-4.5.13.jar ion-java-1.0.2.jar -j2objc-annotations-1.1.jar -jackson-annotations-2.13.0.jar -jackson-core-2.13.0.jar +j2objc-annotations-1.3.jar +jackson-annotations-2.13.4.jar +jackson-core-2.13.4.jar jackson-core-asl-1.9.13.jar -jackson-databind-2.13.0.jar +jackson-databind-2.13.4.jar jackson-dataformat-cbor-2.13.3.jar jackson-dataformat-yaml-2.13.3.jar jackson-datatype-jdk8-2.13.3.jar @@ -198,6 +197,7 @@ kubernetes-model-scheduling-5.10.2.jar kubernetes-model-storageclass-5.10.2.jar libfb303-0.9.3.jar libthrift-0.9.3.jar +listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar log4j-1.2-api-2.17.2.jar logback-classic-1.2.11.jar logback-core-1.2.11.jar @@ -228,10 +228,10 @@ netty-transport-native-epoll-4.1.53.Final.jar netty-transport-native-unix-common-4.1.53.Final.jar nimbus-jose-jwt-9.8.1.jar okhttp-2.7.5.jar -okhttp-3.14.9.jar -okio-1.17.2.jar +okhttp-4.10.0.jar +okio-1.6.0.jar +okio-jvm-3.0.0.jar opencsv-2.3.jar -orc-core-1.3.3.jar oshi-core-6.1.1.jar paranamer-2.3.jar parquet-hadoop-bundle-1.8.1.jar @@ -257,7 +257,7 @@ simpleclient_tracer_otel-0.15.0.jar simpleclient_tracer_otel_agent-0.15.0.jar slf4j-api-1.7.36.jar slf4j-reload4j-1.7.35.jar -snakeyaml-1.30.jar +snakeyaml-1.31.jar snappy-java-1.1.8.4.jar spring-aop-5.3.22.jar spring-beans-5.3.19.jar
