This is an automated email from the ASF dual-hosted git repository.
pvillard pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 6a285c67e5 NIFI-10122 Upgraded Spark Streaming to 3.3.0
6a285c67e5 is described below
commit 6a285c67e54b5977f19b36ccbe1a685f4edaa8c1
Author: exceptionfactory <[email protected]>
AuthorDate: Wed Jun 15 15:15:01 2022 -0500
NIFI-10122 Upgraded Spark Streaming to 3.3.0
- Added false positive vulnerability suppression for Spark modules
Signed-off-by: Pierre Villard <[email protected]>
This closes #6130.
---
nifi-dependency-check-maven/suppressions.xml | 5 +++
nifi-external/nifi-spark-receiver/pom.xml | 52 ++++++----------------------
2 files changed, 15 insertions(+), 42 deletions(-)
diff --git a/nifi-dependency-check-maven/suppressions.xml
b/nifi-dependency-check-maven/suppressions.xml
index a48534c8f8..a1f15c36d2 100644
--- a/nifi-dependency-check-maven/suppressions.xml
+++ b/nifi-dependency-check-maven/suppressions.xml
@@ -94,4 +94,9 @@
<packageUrl
regex="true">^pkg:maven/org\.mortbay\.jetty/servlet\-api@.*$</packageUrl>
<cpe regex="true">^cpe:.*$</cpe>
</suppress>
+ <suppress>
+ <notes>Spark 2.13 used in nifi-spark-receiver is not impacted by Spark
Server vulnerabilities</notes>
+ <packageUrl
regex="true">^pkg:maven/org\.apache\.spark/spark\-.+?_2\.13@.*$</packageUrl>
+ <cpe>cpe:/a:apache:spark</cpe>
+ </suppress>
</suppressions>
diff --git a/nifi-external/nifi-spark-receiver/pom.xml
b/nifi-external/nifi-spark-receiver/pom.xml
index 531fa13582..adfd8c292c 100644
--- a/nifi-external/nifi-spark-receiver/pom.xml
+++ b/nifi-external/nifi-spark-receiver/pom.xml
@@ -22,47 +22,20 @@
</parent>
<groupId>org.apache.nifi</groupId>
<artifactId>nifi-spark-receiver</artifactId>
- <dependencyManagement>
- <dependencies>
- <!-- Override commons-compress -->
- <dependency>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-compress</artifactId>
- <version>1.21</version>
- </dependency>
- <!-- Override commons-beanutils -->
- <dependency>
- <groupId>commons-beanutils</groupId>
- <artifactId>commons-beanutils</artifactId>
- <version>1.9.4</version>
- </dependency>
- <!-- Override zookeeper -->
- <dependency>
- <groupId>org.apache.zookeeper</groupId>
- <artifactId>zookeeper</artifactId>
- <version>${zookeeper.version}</version>
- </dependency>
- <dependency>
- <groupId>io.netty</groupId>
- <artifactId>netty</artifactId>
- <version>${netty.3.version}</version>
- </dependency>
- </dependencies>
- </dependencyManagement>
<dependencies>
<dependency>
<groupId>org.apache.spark</groupId>
- <artifactId>spark-streaming_2.10</artifactId>
+ <artifactId>spark-streaming_2.13</artifactId>
<scope>provided</scope>
- <version>1.6.0</version>
+ <version>3.3.0</version>
<exclusions>
<exclusion>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
</exclusion>
<exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-core</artifactId>
</exclusion>
</exclusions>
</dependency>
@@ -70,19 +43,14 @@
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jcl-over-slf4j</artifactId>
+ </dependency>
<dependency>
<groupId>org.apache.nifi</groupId>
<artifactId>nifi-site-to-site-client</artifactId>
<version>1.17.0-SNAPSHOT</version>
</dependency>
- <dependency>
- <groupId>com.sun.jersey</groupId>
- <artifactId>jersey-server</artifactId>
- <version>1.2</version>
- </dependency>
- <dependency>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-databind</artifactId>
- </dependency>
</dependencies>
</project>
