This is an automated email from the ASF dual-hosted git repository.
technoboy pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-3.0 by this push:
new e42faff4a9f [improve][build] Upgrade dependency to fix CVE. (#20264)
e42faff4a9f is described below
commit e42faff4a9f9c88a6631b1348cf60ae024dade5c
Author: Jiwei Guo <[email protected]>
AuthorDate: Tue May 9 23:27:34 2023 +0800
[improve][build] Upgrade dependency to fix CVE. (#20264)
---
buildtools/pom.xml | 2 +-
distribution/server/src/assemble/LICENSE.bin.txt | 32 +++++++--------
distribution/shell/src/assemble/LICENSE.bin.txt | 46 +++++++++++-----------
pom.xml | 6 +--
pulsar-broker-auth-oidc/pom.xml | 13 ++++++
pulsar-functions/runtime/pom.xml | 14 +++++++
.../auth/KubernetesSecretsTokenAuthProvider.java | 10 ++---
.../runtime/kubernetes/KubernetesRuntime.java | 11 +++---
.../kubernetes/KubernetesRuntimeFactory.java | 2 +-
.../KubernetesSecretsTokenAuthProviderTest.java | 2 +-
.../kubernetes/KubernetesRuntimeFactoryTest.java | 6 +--
pulsar-functions/secrets/pom.xml | 14 +++++++
pulsar-io/flume/pom.xml | 12 ++++++
pulsar-io/kafka-connect-adaptor/pom.xml | 7 ++++
pulsar-sql/presto-distribution/LICENSE | 30 +++++++-------
src/owasp-dependency-check-suppressions.xml | 8 ----
16 files changed, 133 insertions(+), 82 deletions(-)
diff --git a/buildtools/pom.xml b/buildtools/pom.xml
index 704a2211558..695ae694001 100644
--- a/buildtools/pom.xml
+++ b/buildtools/pom.xml
@@ -52,7 +52,7 @@
<guice.version>4.2.3</guice.version>
<guava.version>31.0.1-jre</guava.version>
<ant.version>1.10.12</ant.version>
- <snakeyaml.version>1.32</snakeyaml.version>
+ <snakeyaml.version>2.0</snakeyaml.version>
<mockito.version>3.12.4</mockito.version>
<!-- required for running tests on JDK11+ -->
<test.additional.args>
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt
b/distribution/server/src/assemble/LICENSE.bin.txt
index e10c6018cce..de10128ec36 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -246,21 +246,21 @@ The Apache Software License, Version 2.0
* JCommander -- com.beust-jcommander-1.82.jar
* High Performance Primitive Collections for Java --
com.carrotsearch-hppc-0.9.1.jar
* Jackson
- - com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar
- - com.fasterxml.jackson.core-jackson-core-2.13.4.jar
- - com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar
- - com.fasterxml.jackson.dataformat-jackson-dataformat-yaml-2.13.4.jar
- - com.fasterxml.jackson.jaxrs-jackson-jaxrs-base-2.13.4.jar
- - com.fasterxml.jackson.jaxrs-jackson-jaxrs-json-provider-2.13.4.jar
- - com.fasterxml.jackson.module-jackson-module-jaxb-annotations-2.13.4.jar
- - com.fasterxml.jackson.module-jackson-module-jsonSchema-2.13.4.jar
- - com.fasterxml.jackson.datatype-jackson-datatype-jdk8-2.13.4.jar
- - com.fasterxml.jackson.datatype-jackson-datatype-jsr310-2.13.4.jar
- - com.fasterxml.jackson.module-jackson-module-parameter-names-2.13.4.jar
+ - com.fasterxml.jackson.core-jackson-annotations-2.14.2.jar
+ - com.fasterxml.jackson.core-jackson-core-2.14.2.jar
+ - com.fasterxml.jackson.core-jackson-databind-2.14.2.jar
+ - com.fasterxml.jackson.dataformat-jackson-dataformat-yaml-2.14.2.jar
+ - com.fasterxml.jackson.jaxrs-jackson-jaxrs-base-2.14.2.jar
+ - com.fasterxml.jackson.jaxrs-jackson-jaxrs-json-provider-2.14.2.jar
+ - com.fasterxml.jackson.module-jackson-module-jaxb-annotations-2.14.2.jar
+ - com.fasterxml.jackson.module-jackson-module-jsonSchema-2.14.2.jar
+ - com.fasterxml.jackson.datatype-jackson-datatype-jdk8-2.14.2.jar
+ - com.fasterxml.jackson.datatype-jackson-datatype-jsr310-2.14.2.jar
+ - com.fasterxml.jackson.module-jackson-module-parameter-names-2.14.2.jar
* Caffeine -- com.github.ben-manes.caffeine-caffeine-2.9.1.jar
* Conscrypt -- org.conscrypt-conscrypt-openjdk-uber-2.5.2.jar
* Proto Google Common Protos --
com.google.api.grpc-proto-google-common-protos-2.0.1.jar
- * Bitbucket -- org.bitbucket.b_c-jose4j-0.7.6.jar
+ * Bitbucket -- org.bitbucket.b_c-jose4j-0.9.3.jar
* Gson
- com.google.code.gson-gson-2.8.9.jar
- io.gsonfire-gson-fire-1.8.5.jar
@@ -402,7 +402,7 @@ The Apache Software License, Version 2.0
- org.eclipse.jetty.websocket-websocket-servlet-9.4.51.v20230217.jar
- org.eclipse.jetty-jetty-alpn-conscrypt-server-9.4.51.v20230217.jar
- org.eclipse.jetty-jetty-alpn-server-9.4.51.v20230217.jar
- * SnakeYaml -- org.yaml-snakeyaml-1.32.jar
+ * SnakeYaml -- org.yaml-snakeyaml-2.0.jar
* RocksDB - org.rocksdb-rocksdbjni-7.9.2.jar
* Google Error Prone Annotations -
com.google.errorprone-error_prone_annotations-2.5.1.jar
* Apache Thrift - org.apache.thrift-libthrift-0.14.2.jar
@@ -453,9 +453,9 @@ The Apache Software License, Version 2.0
* Apache Yetus
- org.apache.yetus-audience-annotations-0.12.0.jar
* Kubernetes Client
- - io.kubernetes-client-java-12.0.1.jar
- - io.kubernetes-client-java-api-12.0.1.jar
- - io.kubernetes-client-java-proto-12.0.1.jar
+ - io.kubernetes-client-java-18.0.0.jar
+ - io.kubernetes-client-java-api-18.0.0.jar
+ - io.kubernetes-client-java-proto-18.0.0.jar
* Dropwizard
- io.dropwizard.metrics-metrics-core-4.1.12.1.jar
- io.dropwizard.metrics-metrics-graphite-4.1.12.1.jar
diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt
b/distribution/shell/src/assemble/LICENSE.bin.txt
index cf741622c75..3021df8c63d 100644
--- a/distribution/shell/src/assemble/LICENSE.bin.txt
+++ b/distribution/shell/src/assemble/LICENSE.bin.txt
@@ -311,17 +311,17 @@ This projects includes binary packages with the following
licenses:
The Apache Software License, Version 2.0
* JCommander -- jcommander-1.82.jar
* Jackson
- - jackson-annotations-2.13.4.jar
- - jackson-core-2.13.4.jar
- - jackson-databind-2.13.4.2.jar
- - jackson-dataformat-yaml-2.13.4.jar
- - jackson-jaxrs-base-2.13.4.jar
- - jackson-jaxrs-json-provider-2.13.4.jar
- - jackson-module-jaxb-annotations-2.13.4.jar
- - jackson-module-jsonSchema-2.13.4.jar
- - jackson-datatype-jdk8-2.13.4.jar
- - jackson-datatype-jsr310-2.13.4.jar
- - jackson-module-parameter-names-2.13.4.jar
+ - jackson-annotations-2.14.2.jar
+ - jackson-core-2.14.2.jar
+ - jackson-databind-2.14.2.jar
+ - jackson-dataformat-yaml-2.14.2.jar
+ - jackson-jaxrs-base-2.14.2.jar
+ - jackson-jaxrs-json-provider-2.14.2.jar
+ - jackson-module-jaxb-annotations-2.14.2.jar
+ - jackson-module-jsonSchema-2.14.2.jar
+ - jackson-datatype-jdk8-2.14.2.jar
+ - jackson-datatype-jsr310-2.14.2.jar
+ - jackson-module-parameter-names-2.14.2.jar
* Conscrypt -- conscrypt-openjdk-uber-2.5.2.jar
* Gson
- gson-2.8.9.jar
@@ -332,9 +332,9 @@ The Apache Software License, Version 2.0
* J2ObjC Annotations -- j2objc-annotations-1.3.jar
* Netty Reactive Streams -- netty-reactive-streams-2.0.6.jar
* Swagger
- - swagger-annotations-1.6.2.jar
- - swagger-core-1.6.2.jar
- - swagger-models-1.6.2.jar
+ - swagger-annotations-1.6.10.jar
+ - swagger-core-1.6.10.jar
+ - swagger-models-1.6.10.jar
* DataSketches
- memory-0.8.3.jar
- sketches-core-0.8.3.jar
@@ -399,15 +399,15 @@ The Apache Software License, Version 2.0
- async-http-client-2.12.1.jar
- async-http-client-netty-utils-2.12.1.jar
* Jetty
- - jetty-client-9.4.48.v20220622.jar
- - jetty-http-9.4.48.v20220622.jar
- - jetty-io-9.4.48.v20220622.jar
- - jetty-util-9.4.48.v20220622.jar
- - javax-websocket-client-impl-9.4.48.v20220622.jar
- - websocket-api-9.4.48.v20220622.jar
- - websocket-client-9.4.48.v20220622.jar
- - websocket-common-9.4.48.v20220622.jar
- * SnakeYaml -- snakeyaml-1.32.jar
+ - jetty-client-9.4.51.v20230217.jar
+ - jetty-http-9.4.51.v20230217.jar
+ - jetty-io-9.4.51.v20230217.jar
+ - jetty-util-9.4.51.v20230217.jar
+ - javax-websocket-client-impl-9.4.51.v20230217.jar
+ - websocket-api-9.4.51.v20230217.jar
+ - websocket-client-9.4.51.v20230217.jar
+ - websocket-common-9.4.51.v20230217.jar
+ * SnakeYaml -- snakeyaml-2.0.jar
* Google Error Prone Annotations - error_prone_annotations-2.5.1.jar
* Javassist -- javassist-3.25.0-GA.jar
* Apache Avro
diff --git a/pom.xml b/pom.xml
index c949d0b1061..84c8977f519 100644
--- a/pom.xml
+++ b/pom.xml
@@ -154,7 +154,7 @@ flexible messaging model and an intuitive client
API.</description>
<bouncycastle.version>1.69</bouncycastle.version>
<bouncycastle.bcpkix-fips.version>1.0.6</bouncycastle.bcpkix-fips.version>
<bouncycastle.bc-fips.version>1.0.2.3</bouncycastle.bc-fips.version>
- <jackson.version>2.13.4.20221013</jackson.version>
+ <jackson.version>2.14.2</jackson.version>
<reflections.version>0.10.2</reflections.version>
<swagger.version>1.6.10</swagger.version>
<puppycrawl.checkstyle.version>8.37</puppycrawl.checkstyle.version>
@@ -230,7 +230,7 @@ flexible messaging model and an intuitive client
API.</description>
<jakarta.xml.bind.version>2.3.3</jakarta.xml.bind.version>
<jakarta.validation.version>2.0.2</jakarta.validation.version>
<jna.version>5.12.1</jna.version>
- <kubernetesclient.version>12.0.1</kubernetesclient.version>
+ <kubernetesclient.version>18.0.0</kubernetesclient.version>
<okhttp3.version>4.9.3</okhttp3.version>
<!-- use okio version that matches the okhttp3 version -->
<okio.version>2.8.0</okio.version>
@@ -242,7 +242,7 @@ flexible messaging model and an intuitive client
API.</description>
<apache-http-client.version>4.5.13</apache-http-client.version>
<apache-httpcomponents.version>4.4.15</apache-httpcomponents.version>
<jetcd.version>0.5.11</jetcd.version>
- <snakeyaml.version>1.32</snakeyaml.version>
+ <snakeyaml.version>2.0</snakeyaml.version>
<ant.version>1.10.12</ant.version>
<seancfoley.ipaddress.version>5.3.3</seancfoley.ipaddress.version>
<disruptor.version>3.4.3</disruptor.version>
diff --git a/pulsar-broker-auth-oidc/pom.xml b/pulsar-broker-auth-oidc/pom.xml
index 6eaa6653945..bb507862023 100644
--- a/pulsar-broker-auth-oidc/pom.xml
+++ b/pulsar-broker-auth-oidc/pom.xml
@@ -83,7 +83,20 @@
<groupId>io.prometheus</groupId>
<artifactId>simpleclient_httpserver</artifactId>
</exclusion>
+ <exclusion>
+ <artifactId>bcpkix-jdk18on</artifactId>
+ <groupId>org.bouncycastle</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>bcutil-jdk18on</artifactId>
+ <groupId>org.bouncycastle</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>bcprov-jdk18on</artifactId>
+ <groupId>org.bouncycastle</groupId>
+ </exclusion>
</exclusions>
+
</dependency>
<dependency>
diff --git a/pulsar-functions/runtime/pom.xml b/pulsar-functions/runtime/pom.xml
index 1789c85f62b..689cdac84ad 100644
--- a/pulsar-functions/runtime/pom.xml
+++ b/pulsar-functions/runtime/pom.xml
@@ -64,6 +64,20 @@
<groupId>io.kubernetes</groupId>
<artifactId>client-java</artifactId>
<version>${kubernetesclient.version}</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>bcpkix-jdk18on</artifactId>
+ <groupId>org.bouncycastle</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>bcutil-jdk18on</artifactId>
+ <groupId>org.bouncycastle</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>bcprov-jdk18on</artifactId>
+ <groupId>org.bouncycastle</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
diff --git
a/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/auth/KubernetesSecretsTokenAuthProvider.java
b/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/auth/KubernetesSecretsTokenAuthProvider.java
index 1053e6e170e..916b8e9a6e1 100644
---
a/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/auth/KubernetesSecretsTokenAuthProvider.java
+++
b/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/auth/KubernetesSecretsTokenAuthProvider.java
@@ -205,8 +205,7 @@ public class KubernetesSecretsTokenAuthProvider implements
KubernetesFunctionAut
.sleepBetweenInvocationsMs(SLEEP_BETWEEN_RETRIES_MS)
.supplier(() -> {
try {
- coreClient.readNamespacedSecret(secretName,
kubeNamespace,
- null, null, null);
+ coreClient.readNamespacedSecret(secretName,
kubeNamespace, null);
} catch (ApiException e) {
// statefulset is gone
@@ -305,12 +304,13 @@ public class KubernetesSecretsTokenAuthProvider
implements KubernetesFunctionAut
.data(buildSecretMap(token));
try {
- coreClient.createNamespacedSecret(kubeNamespace,
v1Secret, null, null, null);
+ coreClient.createNamespacedSecret(kubeNamespace,
v1Secret, null, null, null, null);
} catch (ApiException e) {
if (e.getCode() == HTTP_CONFLICT) {
try {
coreClient
- .replaceNamespacedSecret(secretName,
kubeNamespace, v1Secret, null, null, null);
+ .replaceNamespacedSecret(secretName,
kubeNamespace,
+ v1Secret, null, null, null,
null);
return
Actions.ActionResult.builder().success(true).build();
} catch (ApiException e1) {
@@ -366,7 +366,7 @@ public class KubernetesSecretsTokenAuthProvider implements
KubernetesFunctionAut
.metadata(new
V1ObjectMeta().name(getSecretName(id)))
.data(buildSecretMap(token));
try {
- coreClient.createNamespacedSecret(kubeNamespace,
v1Secret, null, null, null);
+ coreClient.createNamespacedSecret(kubeNamespace,
v1Secret, null, null, null, null);
} catch (ApiException e) {
// already exists
if (e.getCode() == HTTP_CONFLICT) {
diff --git
a/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntime.java
b/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntime.java
index b1df6c098f6..939a446d7fe 100644
---
a/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntime.java
+++
b/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntime.java
@@ -472,7 +472,7 @@ public class KubernetesRuntime implements Runtime {
.supplier(() -> {
final V1Service response;
try {
- response =
coreClient.createNamespacedService(jobNamespace, service, null, null, null);
+ response =
coreClient.createNamespacedService(jobNamespace, service, null, null, null,
null);
} catch (ApiException e) {
// already exists
if (e.getCode() == HTTP_CONFLICT) {
@@ -561,7 +561,8 @@ public class KubernetesRuntime implements Runtime {
.supplier(() -> {
final V1StatefulSet response;
try {
- response =
appsClient.createNamespacedStatefulSet(jobNamespace, statefulSet, null, null,
null);
+ response =
appsClient.createNamespacedStatefulSet(jobNamespace,
+ statefulSet, null, null, null, null);
} catch (ApiException e) {
// already exists
if (e.getCode() == HTTP_CONFLICT) {
@@ -657,8 +658,7 @@ public class KubernetesRuntime implements Runtime {
.supplier(() -> {
V1StatefulSet response;
try {
- response =
appsClient.readNamespacedStatefulSet(statefulSetName, jobNamespace,
- null, null, null);
+ response =
appsClient.readNamespacedStatefulSet(statefulSetName, jobNamespace, null);
} catch (ApiException e) {
// statefulset is gone
if (e.getCode() == HTTP_NOT_FOUND) {
@@ -805,8 +805,7 @@ public class KubernetesRuntime implements Runtime {
.supplier(() -> {
V1Service response;
try {
- response =
coreClient.readNamespacedService(serviceName, jobNamespace,
- null, null, null);
+ response =
coreClient.readNamespacedService(serviceName, jobNamespace, null);
} catch (ApiException e) {
// service is gone
diff --git
a/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntimeFactory.java
b/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntimeFactory.java
index 895304138a5..3e1d40e80dc 100644
---
a/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntimeFactory.java
+++
b/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntimeFactory.java
@@ -405,7 +405,7 @@ public class KubernetesRuntimeFactory implements
RuntimeFactory {
KubernetesRuntimeFactory
kubernetesRuntimeFactory) {
try {
V1ConfigMap v1ConfigMap =
- coreClient.readNamespacedConfigMap(changeConfigMap,
changeConfigMapNamespace, null, true, false);
+ coreClient.readNamespacedConfigMap(changeConfigMap,
changeConfigMapNamespace, null);
Map<String, String> data = v1ConfigMap.getData();
if (data != null) {
overRideKubernetesConfig(data, kubernetesRuntimeFactory);
diff --git
a/pulsar-functions/runtime/src/test/java/org/apache/pulsar/functions/auth/KubernetesSecretsTokenAuthProviderTest.java
b/pulsar-functions/runtime/src/test/java/org/apache/pulsar/functions/auth/KubernetesSecretsTokenAuthProviderTest.java
index 081e693b6a3..cf294afcf9b 100644
---
a/pulsar-functions/runtime/src/test/java/org/apache/pulsar/functions/auth/KubernetesSecretsTokenAuthProviderTest.java
+++
b/pulsar-functions/runtime/src/test/java/org/apache/pulsar/functions/auth/KubernetesSecretsTokenAuthProviderTest.java
@@ -103,7 +103,7 @@ public class KubernetesSecretsTokenAuthProviderTest {
@Test
public void testCacheAuthData() throws ApiException {
CoreV1Api coreV1Api = mock(CoreV1Api.class);
- doReturn(new
V1Secret()).when(coreV1Api).createNamespacedSecret(anyString(), any(),
anyString(), anyString(), anyString());
+ doReturn(new
V1Secret()).when(coreV1Api).createNamespacedSecret(anyString(), any(),
anyString(), anyString(), anyString(), anyString());
KubernetesSecretsTokenAuthProvider kubernetesSecretsTokenAuthProvider
= new KubernetesSecretsTokenAuthProvider();
kubernetesSecretsTokenAuthProvider.initialize(coreV1Api, null, (fd)
-> "default");
Function.FunctionDetails funcDetails =
Function.FunctionDetails.newBuilder().setTenant("test-tenant").setNamespace("test-ns").setName("test-func").build();
diff --git
a/pulsar-functions/runtime/src/test/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntimeFactoryTest.java
b/pulsar-functions/runtime/src/test/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntimeFactoryTest.java
index a5fc8f231a6..48497bf218d 100644
---
a/pulsar-functions/runtime/src/test/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntimeFactoryTest.java
+++
b/pulsar-functions/runtime/src/test/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntimeFactoryTest.java
@@ -468,9 +468,9 @@ public class KubernetesRuntimeFactoryTest {
KubernetesRuntimeFactory kubernetesRuntimeFactory =
getKuberentesRuntimeFactory();
CoreV1Api coreV1Api = Mockito.mock(CoreV1Api.class);
V1ConfigMap v1ConfigMap = new V1ConfigMap();
-
Mockito.doReturn(v1ConfigMap).when(coreV1Api).readNamespacedConfigMap(any(),
any(), any(), any(), any());
+
Mockito.doReturn(v1ConfigMap).when(coreV1Api).readNamespacedConfigMap(any(),
any(), any());
KubernetesRuntimeFactory.fetchConfigMap(coreV1Api, changeConfigMap,
changeConfigNamespace, kubernetesRuntimeFactory);
- Mockito.verify(coreV1Api,
Mockito.times(1)).readNamespacedConfigMap(eq(changeConfigMap),
eq(changeConfigNamespace), eq(null), eq(true), eq(false));
+ Mockito.verify(coreV1Api,
Mockito.times(1)).readNamespacedConfigMap(eq(changeConfigMap),
eq(changeConfigNamespace), eq(null));
KubernetesRuntimeFactory expected = getKuberentesRuntimeFactory();
assertEquals(kubernetesRuntimeFactory, expected);
@@ -479,7 +479,7 @@ public class KubernetesRuntimeFactoryTest {
configs.put("imagePullPolicy", "test_imagePullPolicy2");
v1ConfigMap.setData(configs);
KubernetesRuntimeFactory.fetchConfigMap(coreV1Api, changeConfigMap,
changeConfigNamespace, kubernetesRuntimeFactory);
- Mockito.verify(coreV1Api,
Mockito.times(2)).readNamespacedConfigMap(eq(changeConfigMap),
eq(changeConfigNamespace), eq(null), eq(true), eq(false));
+ Mockito.verify(coreV1Api,
Mockito.times(2)).readNamespacedConfigMap(eq(changeConfigMap),
eq(changeConfigNamespace), eq(null));
assertEquals(kubernetesRuntimeFactory.getPulsarDockerImageName(),
"test_dockerImage2");
assertEquals(kubernetesRuntimeFactory.getImagePullPolicy(),
"test_imagePullPolicy2");
diff --git a/pulsar-functions/secrets/pom.xml b/pulsar-functions/secrets/pom.xml
index 6bf93d5a03c..f2786b8c85b 100644
--- a/pulsar-functions/secrets/pom.xml
+++ b/pulsar-functions/secrets/pom.xml
@@ -35,6 +35,20 @@
<groupId>io.kubernetes</groupId>
<artifactId>client-java</artifactId>
<version>${kubernetesclient.version}</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>bcpkix-jdk18on</artifactId>
+ <groupId>org.bouncycastle</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>bcutil-jdk18on</artifactId>
+ <groupId>org.bouncycastle</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>bcprov-jdk18on</artifactId>
+ <groupId>org.bouncycastle</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
diff --git a/pulsar-io/flume/pom.xml b/pulsar-io/flume/pom.xml
index 5df8971e117..1d5afabc986 100644
--- a/pulsar-io/flume/pom.xml
+++ b/pulsar-io/flume/pom.xml
@@ -45,6 +45,10 @@
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-collections4</artifactId>
+ </dependency>
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
@@ -65,6 +69,10 @@
<artifactId>avro</artifactId>
<groupId>org.apache.avro</groupId>
</exclusion>
+ <exclusion>
+ <artifactId>commons-collections</artifactId>
+ <groupId>commons-collections</groupId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -90,6 +98,10 @@
<groupId>io.netty</groupId>
<artifactId>netty</artifactId>
</exclusion>
+ <exclusion>
+ <artifactId>commons-collections</artifactId>
+ <groupId>commons-collections</groupId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/pulsar-io/kafka-connect-adaptor/pom.xml
b/pulsar-io/kafka-connect-adaptor/pom.xml
index f4f8c9cb3db..b6fc6b428d7 100644
--- a/pulsar-io/kafka-connect-adaptor/pom.xml
+++ b/pulsar-io/kafka-connect-adaptor/pom.xml
@@ -147,6 +147,13 @@
<type>test-jar</type>
</dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bc-fips</artifactId>
+ <version>${bouncycastle.bc-fips.version}</version>
+ <scope>test</scope>
+ </dependency>
+
<dependency>
<groupId>org.apache.avro</groupId>
<artifactId>avro</artifactId>
diff --git a/pulsar-sql/presto-distribution/LICENSE
b/pulsar-sql/presto-distribution/LICENSE
index 9a5e4678baa..d41155a321d 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -207,19 +207,19 @@ This projects includes binary packages with the following
licenses:
The Apache Software License, Version 2.0
* Jackson
- - jackson-annotations-2.13.4.jar
- - jackson-core-2.13.4.jar
- - jackson-databind-2.13.4.2.jar
- - jackson-dataformat-smile-2.13.4.jar
- - jackson-datatype-guava-2.13.4.jar
- - jackson-datatype-jdk8-2.13.4.jar
- - jackson-datatype-joda-2.13.4.jar
- - jackson-datatype-jsr310-2.13.4.jar
- - jackson-dataformat-yaml-2.13.4.jar
- - jackson-jaxrs-base-2.13.4.jar
- - jackson-jaxrs-json-provider-2.13.4.jar
- - jackson-module-jaxb-annotations-2.13.4.jar
- - jackson-module-jsonSchema-2.13.4.jar
+ - jackson-annotations-2.14.2.jar
+ - jackson-core-2.14.2.jar
+ - jackson-databind-2.14.2.jar
+ - jackson-dataformat-smile-2.14.2.jar
+ - jackson-datatype-guava-2.14.2.jar
+ - jackson-datatype-jdk8-2.14.2.jar
+ - jackson-datatype-joda-2.14.2.jar
+ - jackson-datatype-jsr310-2.14.2.jar
+ - jackson-dataformat-yaml-2.14.2.jar
+ - jackson-jaxrs-base-2.14.2.jar
+ - jackson-jaxrs-json-provider-2.14.2.jar
+ - jackson-module-jaxb-annotations-2.14.2.jar
+ - jackson-module-jsonSchema-2.14.2.jar
* Guava
- guava-31.0.1-jre.jar
- listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
@@ -401,7 +401,7 @@ The Apache Software License, Version 2.0
* RocksDB JNI
- rocksdbjni-7.9.2.jar
* SnakeYAML
- - snakeyaml-1.32.jar
+ - snakeyaml-2.0.jar
* Bean Validation API
- validation-api-2.0.1.Final.jar
* Objectsize
@@ -456,7 +456,7 @@ The Apache Software License, Version 2.0
* Snappy
- snappy-java-1.1.8.4.jar
* Jackson
- - jackson-module-parameter-names-2.13.4.jar
+ - jackson-module-parameter-names-2.14.2.jar
* Java Assist
- javassist-3.25.0-GA.jar
* Java Native Access
diff --git a/src/owasp-dependency-check-suppressions.xml
b/src/owasp-dependency-check-suppressions.xml
index 4bca86ab126..dd95cbc1025 100644
--- a/src/owasp-dependency-check-suppressions.xml
+++ b/src/owasp-dependency-check-suppressions.xml
@@ -37,14 +37,6 @@
<vulnerabilityName regex="true">.*</vulnerabilityName>
</suppress>
- <suppress>
- <notes><![CDATA[
- file name: snakeyaml-1.32.jar
- ]]></notes>
- <sha1>e80612549feb5c9191c498de628c1aa80693cf0b</sha1>
- <cve>CVE-2022-1471</cve>
- </suppress>
-
<!-- influxdb dependencies -->
<suppress>
<notes><