This is an automated email from the ASF dual-hosted git repository.
technoboy pushed a commit to branch branch-2.11
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-2.11 by this push:
new 39348584640 [improve][build] Upgrade dependencies to reduce CVE
(#20226)
39348584640 is described below
commit 39348584640b2576985221e03a630c113c4ef5e9
Author: Jiwei Guo <[email protected]>
AuthorDate: Sun May 7 14:15:39 2023 +0800
[improve][build] Upgrade dependencies to reduce CVE (#20226)
---
distribution/server/src/assemble/LICENSE.bin.txt | 44 +++++++++++-----------
distribution/shell/src/assemble/LICENSE.bin.txt | 22 +++++------
pom.xml | 12 ++++--
pulsar-io/flume/pom.xml | 4 ++
pulsar-io/hdfs2/pom.xml | 7 +++-
.../apache/pulsar/io/hdfs2/AbstractHdfsConfig.java | 2 +-
.../pulsar/io/hdfs2/AbstractHdfsConnector.java | 2 +-
.../pulsar/io/hdfs2/sink/HdfsAbstractSink.java | 2 +-
.../pulsar/io/hdfs2/sink/HdfsSinkConfig.java | 2 +-
pulsar-io/hdfs3/pom.xml | 14 ++++++-
.../apache/pulsar/io/hdfs3/AbstractHdfsConfig.java | 2 +-
.../pulsar/io/hdfs3/AbstractHdfsConnector.java | 2 +-
.../pulsar/io/hdfs3/sink/HdfsAbstractSink.java | 2 +-
.../pulsar/io/hdfs3/sink/HdfsSinkConfig.java | 2 +-
pulsar-io/kinesis/pom.xml | 12 ++++++
pulsar-sql/presto-distribution/LICENSE | 36 +++++++++---------
pulsar-sql/presto-distribution/pom.xml | 6 +++
pulsar-sql/presto-pulsar/pom.xml | 6 +++
src/owasp-dependency-check-suppressions.xml | 29 --------------
19 files changed, 115 insertions(+), 93 deletions(-)
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt
b/distribution/server/src/assemble/LICENSE.bin.txt
index 4ca5c3cab84..13887d5d12b 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -334,9 +334,9 @@ The Apache Software License, Version 2.0
* J2ObjC Annotations -- com.google.j2objc-j2objc-annotations-1.3.jar
* Netty Reactive Streams --
com.typesafe.netty-netty-reactive-streams-2.0.6.jar
* Swagger
- - io.swagger-swagger-annotations-1.6.2.jar
- - io.swagger-swagger-core-1.6.2.jar
- - io.swagger-swagger-models-1.6.2.jar
+ - io.swagger-swagger-annotations-1.6.10.jar
+ - io.swagger-swagger-core-1.6.10.jar
+ - io.swagger-swagger-models-1.6.10.jar
* DataSketches
- com.yahoo.datasketches-memory-0.8.3.jar
- com.yahoo.datasketches-sketches-core-0.8.3.jar
@@ -435,25 +435,25 @@ The Apache Software License, Version 2.0
- org.asynchttpclient-async-http-client-2.12.1.jar
- org.asynchttpclient-async-http-client-netty-utils-2.12.1.jar
* Jetty
- - org.eclipse.jetty-jetty-client-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-continuation-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-http-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-io-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-proxy-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-security-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-server-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-servlet-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-servlets-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-util-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-util-ajax-9.4.48.v20220622.jar
- -
org.eclipse.jetty.websocket-javax-websocket-client-impl-9.4.48.v20220622.jar
- - org.eclipse.jetty.websocket-websocket-api-9.4.48.v20220622.jar
- - org.eclipse.jetty.websocket-websocket-client-9.4.48.v20220622.jar
- - org.eclipse.jetty.websocket-websocket-common-9.4.48.v20220622.jar
- - org.eclipse.jetty.websocket-websocket-server-9.4.48.v20220622.jar
- - org.eclipse.jetty.websocket-websocket-servlet-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-alpn-conscrypt-server-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-alpn-server-9.4.48.v20220622.jar
+ - org.eclipse.jetty-jetty-client-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-continuation-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-http-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-io-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-proxy-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-security-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-server-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-servlet-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-servlets-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-util-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-util-ajax-9.4.51.v20230217.jar
+ -
org.eclipse.jetty.websocket-javax-websocket-client-impl-9.4.51.v20230217.jar
+ - org.eclipse.jetty.websocket-websocket-api-9.4.51.v20230217.jar
+ - org.eclipse.jetty.websocket-websocket-client-9.4.51.v20230217.jar
+ - org.eclipse.jetty.websocket-websocket-common-9.4.51.v20230217.jar
+ - org.eclipse.jetty.websocket-websocket-server-9.4.51.v20230217.jar
+ - org.eclipse.jetty.websocket-websocket-servlet-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-alpn-conscrypt-server-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-alpn-server-9.4.51.v20230217.jar
* SnakeYaml -- org.yaml-snakeyaml-2.0.jar
* RocksDB - org.rocksdb-rocksdbjni-6.29.4.1.jar
* Google Error Prone Annotations -
com.google.errorprone-error_prone_annotations-2.5.1.jar
diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt
b/distribution/shell/src/assemble/LICENSE.bin.txt
index b65759e2937..4ddfed56bcc 100644
--- a/distribution/shell/src/assemble/LICENSE.bin.txt
+++ b/distribution/shell/src/assemble/LICENSE.bin.txt
@@ -329,9 +329,9 @@ The Apache Software License, Version 2.0
* J2ObjC Annotations -- j2objc-annotations-1.3.jar
* Netty Reactive Streams -- netty-reactive-streams-2.0.6.jar
* Swagger
- - swagger-annotations-1.6.2.jar
- - swagger-core-1.6.2.jar
- - swagger-models-1.6.2.jar
+ - swagger-annotations-1.6.10.jar
+ - swagger-core-1.6.10.jar
+ - swagger-models-1.6.10.jar
* DataSketches
- memory-0.8.3.jar
- sketches-core-0.8.3.jar
@@ -390,14 +390,14 @@ The Apache Software License, Version 2.0
- async-http-client-2.12.1.jar
- async-http-client-netty-utils-2.12.1.jar
* Jetty
- - jetty-client-9.4.48.v20220622.jar
- - jetty-http-9.4.48.v20220622.jar
- - jetty-io-9.4.48.v20220622.jar
- - jetty-util-9.4.48.v20220622.jar
- - javax-websocket-client-impl-9.4.48.v20220622.jar
- - websocket-api-9.4.48.v20220622.jar
- - websocket-client-9.4.48.v20220622.jar
- - websocket-common-9.4.48.v20220622.jar
+ - jetty-client-9.4.51.v20230217.jar
+ - jetty-http-9.4.51.v20230217.jar
+ - jetty-io-9.4.51.v20230217.jar
+ - jetty-util-9.4.51.v20230217.jar
+ - javax-websocket-client-impl-9.4.51.v20230217.jar
+ - websocket-api-9.4.51.v20230217.jar
+ - websocket-client-9.4.51.v20230217.jar
+ - websocket-common-9.4.51.v20230217.jar
* SnakeYaml -- snakeyaml-2.0.jar
* Google Error Prone Annotations - error_prone_annotations-2.5.1.jar
* Javassist -- javassist-3.25.0-GA.jar
diff --git a/pom.xml b/pom.xml
index 85c561eccd2..e52ebfd8374 100644
--- a/pom.xml
+++ b/pom.xml
@@ -124,7 +124,7 @@ flexible messaging model and an intuitive client
API.</description>
<dropwizardmetrics.version>4.1.12.1</dropwizardmetrics.version> <!--
ZooKeeper server -->
<curator.version>5.1.0</curator.version>
<netty.version>4.1.86.Final</netty.version>
- <jetty.version>9.4.48.v20220622</jetty.version>
+ <jetty.version>9.4.51.v20230217</jetty.version>
<conscrypt.version>2.5.2</conscrypt.version>
<jersey.version>2.34</jersey.version>
<athenz.version>1.10.50</athenz.version>
@@ -138,7 +138,7 @@ flexible messaging model and an intuitive client
API.</description>
<bouncycastlefips.version>1.0.2</bouncycastlefips.version>
<jackson.version>2.14.2</jackson.version>
<reflections.version>0.9.11</reflections.version>
- <swagger.version>1.6.2</swagger.version>
+ <swagger.version>1.6.10</swagger.version>
<puppycrawl.checkstyle.version>8.37</puppycrawl.checkstyle.version>
<dockerfile-maven.version>1.4.13</dockerfile-maven.version>
<typetools.version>0.5.0</typetools.version>
@@ -192,6 +192,7 @@ flexible messaging model and an intuitive client
API.</description>
<commons-lang3.version>3.11</commons-lang3.version>
<commons-configuration.version>1.10</commons-configuration.version>
<commons-io.version>2.8.0</commons-io.version>
+ <commons-net.version>3.9.0</commons-net.version>
<commons-codec.version>1.15</commons-codec.version>
<javax.ws.rs-api.version>2.1</javax.ws.rs-api.version>
<hdrHistogram.version>2.1.9</hdrHistogram.version>
@@ -219,7 +220,7 @@ flexible messaging model and an intuitive client
API.</description>
<kotlin-stdlib.version>1.8.20</kotlin-stdlib.version>
<nsq-client.version>1.0</nsq-client.version>
<cron-utils.version>9.1.6</cron-utils.version>
- <spring.version>5.3.20</spring.version>
+ <spring.version>5.3.27</spring.version>
<apache-http-client.version>4.5.13</apache-http-client.version>
<apache-httpcomponents.version>4.4.15</apache-httpcomponents.version>
<jetcd.version>0.5.11</jetcd.version>
@@ -671,6 +672,11 @@ flexible messaging model and an intuitive client
API.</description>
<artifactId>commons-configuration</artifactId>
<version>${commons-configuration.version}</version>
</dependency>
+ <dependency>
+ <groupId>commons-net</groupId>
+ <artifactId>commons-net</artifactId>
+ <version>${commons-net.version}</version>
+ </dependency>
<dependency>
<groupId>commons-io</groupId>
diff --git a/pulsar-io/flume/pom.xml b/pulsar-io/flume/pom.xml
index 440223e1517..78f0ea24086 100644
--- a/pulsar-io/flume/pom.xml
+++ b/pulsar-io/flume/pom.xml
@@ -90,6 +90,10 @@
<groupId>io.netty</groupId>
<artifactId>netty</artifactId>
</exclusion>
+ <exclusion>
+ <artifactId>commons-collections</artifactId>
+ <groupId>commons-collections</groupId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/pulsar-io/hdfs2/pom.xml b/pulsar-io/hdfs2/pom.xml
index bd12cc5dfac..93a1ac34a30 100644
--- a/pulsar-io/hdfs2/pom.xml
+++ b/pulsar-io/hdfs2/pom.xml
@@ -50,10 +50,15 @@
<artifactId>commons-collections4</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-lang3</artifactId>
+ </dependency>
+
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-client</artifactId>
- <version>2.8.5</version>
+ <version>3.2.3</version>
<exclusions>
<exclusion>
<groupId>log4j</groupId>
diff --git
a/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/AbstractHdfsConfig.java
b/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/AbstractHdfsConfig.java
index 2448875ff10..0d962fbdf56 100644
---
a/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/AbstractHdfsConfig.java
+++
b/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/AbstractHdfsConfig.java
@@ -21,7 +21,7 @@ package org.apache.pulsar.io.hdfs2;
import java.io.Serializable;
import lombok.Data;
import lombok.experimental.Accessors;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
/**
* Configuration object for all HDFS components.
diff --git
a/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/AbstractHdfsConnector.java
b/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/AbstractHdfsConnector.java
index c79ee49689b..2c40d9ab01b 100644
---
a/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/AbstractHdfsConnector.java
+++
b/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/AbstractHdfsConnector.java
@@ -30,7 +30,7 @@ import java.util.Map;
import java.util.WeakHashMap;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.SocketFactory;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
diff --git
a/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/sink/HdfsAbstractSink.java
b/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/sink/HdfsAbstractSink.java
index 27e841a0df2..87f73430590 100644
---
a/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/sink/HdfsAbstractSink.java
+++
b/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/sink/HdfsAbstractSink.java
@@ -26,7 +26,7 @@ import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.io.FilenameUtils;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
diff --git
a/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/sink/HdfsSinkConfig.java
b/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/sink/HdfsSinkConfig.java
index 13ce2df48ac..5082f82a914 100644
---
a/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/sink/HdfsSinkConfig.java
+++
b/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/sink/HdfsSinkConfig.java
@@ -29,7 +29,7 @@ import java.util.Map;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.experimental.Accessors;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.io.hdfs2.AbstractHdfsConfig;
/**
diff --git a/pulsar-io/hdfs3/pom.xml b/pulsar-io/hdfs3/pom.xml
index 0b4de7cfbed..17f5ff8959e 100644
--- a/pulsar-io/hdfs3/pom.xml
+++ b/pulsar-io/hdfs3/pom.xml
@@ -49,11 +49,19 @@
<groupId>org.apache.commons</groupId>
<artifactId>commons-collections4</artifactId>
</dependency>
+ <dependency>
+ <groupId>commons-net</groupId>
+ <artifactId>commons-net</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-lang3</artifactId>
+ </dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-client</artifactId>
- <version>3.1.1</version>
+ <version>3.2.3</version>
<exclusions>
<exclusion>
<groupId>jakarta.activation</groupId>
@@ -67,6 +75,10 @@
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>commons-net</groupId>
+ <artifactId>commons-net</artifactId>
+ </exclusion>
</exclusions>
</dependency>
diff --git
a/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/AbstractHdfsConfig.java
b/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/AbstractHdfsConfig.java
index e6a5da74112..32ee7da4821 100644
---
a/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/AbstractHdfsConfig.java
+++
b/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/AbstractHdfsConfig.java
@@ -21,7 +21,7 @@ package org.apache.pulsar.io.hdfs3;
import java.io.Serializable;
import lombok.Data;
import lombok.experimental.Accessors;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
/**
* Configuration object for all HDFS components.
diff --git
a/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/AbstractHdfsConnector.java
b/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/AbstractHdfsConnector.java
index 1e523ce6aeb..c6edbe99cc8 100644
---
a/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/AbstractHdfsConnector.java
+++
b/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/AbstractHdfsConnector.java
@@ -30,7 +30,7 @@ import java.util.Map;
import java.util.WeakHashMap;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.SocketFactory;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
diff --git
a/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/sink/HdfsAbstractSink.java
b/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/sink/HdfsAbstractSink.java
index 54a9e3935b0..04b98204713 100644
---
a/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/sink/HdfsAbstractSink.java
+++
b/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/sink/HdfsAbstractSink.java
@@ -23,7 +23,7 @@ import java.util.Map;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
import org.apache.commons.io.FilenameUtils;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FSDataOutputStreamBuilder;
import org.apache.hadoop.fs.FileSystem;
diff --git
a/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/sink/HdfsSinkConfig.java
b/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/sink/HdfsSinkConfig.java
index 46db9915c53..75a7cf0eee5 100644
---
a/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/sink/HdfsSinkConfig.java
+++
b/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/sink/HdfsSinkConfig.java
@@ -27,7 +27,7 @@ import java.util.Map;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.experimental.Accessors;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.io.hdfs3.AbstractHdfsConfig;
/**
diff --git a/pulsar-io/kinesis/pom.xml b/pulsar-io/kinesis/pom.xml
index f8097964e1b..d66815b940f 100644
--- a/pulsar-io/kinesis/pom.xml
+++ b/pulsar-io/kinesis/pom.xml
@@ -91,10 +91,22 @@
<version>${avro.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-text</artifactId>
+ <version>${commons-text.version}</version>
+ </dependency>
+
<dependency>
<groupId>com.github.wnameless.json</groupId>
<artifactId>json-flattener</artifactId>
<version>${json-flattener.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-text</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
diff --git a/pulsar-sql/presto-distribution/LICENSE
b/pulsar-sql/presto-distribution/LICENSE
index 5783834a023..745be0a3c5f 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -273,23 +273,23 @@ The Apache Software License, Version 2.0
* Joda Time
- joda-time-2.10.5.jar
- failsafe-2.4.4.jar
- * Jetty
- - http2-client-9.4.48.v20220622.jar
- - http2-common-9.4.48.v20220622.jar
- - http2-hpack-9.4.48.v20220622.jar
- - http2-http-client-transport-9.4.48.v20220622.jar
- - jetty-alpn-client-9.4.48.v20220622.jar
- - http2-server-9.4.48.v20220622.jar
- - jetty-alpn-java-client-9.4.48.v20220622.jar
- - jetty-client-9.4.48.v20220622.jar
- - jetty-http-9.4.48.v20220622.jar
- - jetty-io-9.4.48.v20220622.jar
- - jetty-jmx-9.4.48.v20220622.jar
- - jetty-security-9.4.48.v20220622.jar
- - jetty-server-9.4.48.v20220622.jar
- - jetty-servlet-9.4.48.v20220622.jar
- - jetty-util-9.4.48.v20220622.jar
- - jetty-util-ajax-9.4.48.v20220622.jar
+ * Jetty
+ - http2-client-9.4.51.v20230217.jar
+ - http2-common-9.4.51.v20230217.jar
+ - http2-hpack-9.4.51.v20230217.jar
+ - http2-http-client-transport-9.4.51.v20230217.jar
+ - jetty-alpn-client-9.4.51.v20230217.jar
+ - http2-server-9.4.51.v20230217.jar
+ - jetty-alpn-java-client-9.4.51.v20230217.jar
+ - jetty-client-9.4.51.v20230217.jar
+ - jetty-http-9.4.51.v20230217.jar
+ - jetty-io-9.4.51.v20230217.jar
+ - jetty-jmx-9.4.51.v20230217.jar
+ - jetty-security-9.4.51.v20230217.jar
+ - jetty-server-9.4.51.v20230217.jar
+ - jetty-servlet-9.4.51.v20230217.jar
+ - jetty-util-9.4.51.v20230217.jar
+ - jetty-util-ajax-9.4.51.v20230217.jar
* Apache BVal
- bval-jsr-2.0.0.jar
* Bytecode
@@ -484,7 +484,7 @@ The Apache Software License, Version 2.0
* Apache Yetus Audience Annotations
- audience-annotations-0.12.0.jar
* Swagger
- - swagger-annotations-1.6.2.jar
+ - swagger-annotations-1.6.10.jar
* Perfmark
- perfmark-api-0.19.0.jar
* Annotations
diff --git a/pulsar-sql/presto-distribution/pom.xml
b/pulsar-sql/presto-distribution/pom.xml
index f95c1e5b04a..3f037b4496f 100644
--- a/pulsar-sql/presto-distribution/pom.xml
+++ b/pulsar-sql/presto-distribution/pom.xml
@@ -104,6 +104,12 @@
<groupId>io.prestosql</groupId>
<artifactId>presto-cli</artifactId>
<version>${presto.version}</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>logback-core</artifactId>
+ <groupId>ch.qos.logback</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
diff --git a/pulsar-sql/presto-pulsar/pom.xml b/pulsar-sql/presto-pulsar/pom.xml
index 3f6ac62149e..b750634a3db 100644
--- a/pulsar-sql/presto-pulsar/pom.xml
+++ b/pulsar-sql/presto-pulsar/pom.xml
@@ -41,6 +41,12 @@
<dependency>
<groupId>io.airlift</groupId>
<artifactId>bootstrap</artifactId>
+ <exclusions>
+ <exclusion>
+ <artifactId>logback-core</artifactId>
+ <groupId>ch.qos.logback</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
diff --git a/src/owasp-dependency-check-suppressions.xml
b/src/owasp-dependency-check-suppressions.xml
index 9e66c32f517..79fc4fd1942 100644
--- a/src/owasp-dependency-check-suppressions.xml
+++ b/src/owasp-dependency-check-suppressions.xml
@@ -64,35 +64,6 @@
<cve>CVE-2022-23712</cve>
</suppress>
- <!-- see https://github.com/apache/pulsar/pull/14629 -->
- <suppress>
- <notes><![CDATA[
- file name: kotlin-stdlib-common-1.4.32.jar
- ]]></notes>
- <sha1>ef50bfa2c0491a11dcc35d9822edbfd6170e1ea2</sha1>
- <cpe>cpe:/a:jetbrains:kotlin</cpe>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: kotlin-stdlib-jdk7-1.4.32.jar
- ]]></notes>
- <sha1>3546900a3ebff0c43f31190baf87a9220e37b7ea</sha1>
- <cve>CVE-2022-24329</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: kotlin-stdlib-jdk8-1.4.32.jar
- ]]></notes>
- <sha1>3302f9ec8a5c1ed220781dbd37770072549bd333</sha1>
- <cve>CVE-2022-24329</cve>
- </suppress>
- <suppress>
- <notes><![CDATA[
- file name: kotlin-stdlib-1.4.32.jar
- ]]></notes>
- <sha1>461367948840adbb0839c51d91ed74ef4a9ccb52</sha1>
- <cve>CVE-2022-24329</cve>
- </suppress>
<!-- see https://github.com/alibaba/canal/issues/4010 -->
<suppress>
