>From Michael Blow <mb...@apache.org>: Michael Blow has submitted this change. ( https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/19803 )
Change subject: [NO ISSUE][*DB][MISC] Update netty, jetty dependencies for CVEs ...................................................................... [NO ISSUE][*DB][MISC] Update netty, jetty dependencies for CVEs Ext-ref: MB-66739 Change-Id: Ic28a6a33bee6d4bd43865cb552a4b1e23138d5ff Reviewed-on: https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/19803 Reviewed-by: Michael Blow <mb...@apache.org> Tested-by: Michael Blow <mb...@apache.org> --- M asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/ExternalDataUtils.java M asterixdb/pom.xml M hyracks-fullstack/pom.xml 3 files changed, 69 insertions(+), 249 deletions(-) Approvals: Michael Blow: Looks good to me, approved; Verified diff --git a/asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/ExternalDataUtils.java b/asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/ExternalDataUtils.java index 517a393..72725ee 100644 --- a/asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/ExternalDataUtils.java +++ b/asterixdb/asterix-external-data/src/main/java/org/apache/asterix/external/util/ExternalDataUtils.java @@ -28,6 +28,16 @@ import static org.apache.asterix.common.exceptions.ErrorCode.REQUIRED_PARAM_IF_PARAM_IS_PRESENT; import static org.apache.asterix.common.exceptions.ErrorCode.REQUIRED_PARAM_OR_PARAM_IF_PARAM_IS_PRESENT; import static org.apache.asterix.common.exceptions.ErrorCode.S3_REGION_NOT_SUPPORTED; +import static org.apache.asterix.external.util.ExternalDataConstants.KEY_ADAPTER_NAME_GCS; +import static org.apache.asterix.external.util.ExternalDataConstants.KEY_DELIMITER; +import static org.apache.asterix.external.util.ExternalDataConstants.KEY_ESCAPE; +import static org.apache.asterix.external.util.ExternalDataConstants.KEY_EXCLUDE; +import static org.apache.asterix.external.util.ExternalDataConstants.KEY_EXTERNAL_SCAN_BUFFER_SIZE; +import static org.apache.asterix.external.util.ExternalDataConstants.KEY_FORMAT; +import static org.apache.asterix.external.util.ExternalDataConstants.KEY_INCLUDE; +import static org.apache.asterix.external.util.ExternalDataConstants.KEY_QUOTE; +import static org.apache.asterix.external.util.ExternalDataConstants.KEY_RECORD_END; +import static org.apache.asterix.external.util.ExternalDataConstants.KEY_RECORD_START; import static org.apache.asterix.external.util.ExternalDataConstants.AwsS3.ACCESS_KEY_ID_FIELD_NAME; import static org.apache.asterix.external.util.ExternalDataConstants.AwsS3.ERROR_METHOD_NOT_IMPLEMENTED; import static org.apache.asterix.external.util.ExternalDataConstants.AwsS3.HADOOP_ACCESS_KEY_ID; @@ -55,16 +65,6 @@ import static org.apache.asterix.external.util.ExternalDataConstants.Azure.SHARED_ACCESS_SIGNATURE_FIELD_NAME; import static org.apache.asterix.external.util.ExternalDataConstants.Azure.TENANT_ID_FIELD_NAME; import static org.apache.asterix.external.util.ExternalDataConstants.GCS.JSON_CREDENTIALS_FIELD_NAME; -import static org.apache.asterix.external.util.ExternalDataConstants.KEY_ADAPTER_NAME_GCS; -import static org.apache.asterix.external.util.ExternalDataConstants.KEY_DELIMITER; -import static org.apache.asterix.external.util.ExternalDataConstants.KEY_ESCAPE; -import static org.apache.asterix.external.util.ExternalDataConstants.KEY_EXCLUDE; -import static org.apache.asterix.external.util.ExternalDataConstants.KEY_EXTERNAL_SCAN_BUFFER_SIZE; -import static org.apache.asterix.external.util.ExternalDataConstants.KEY_FORMAT; -import static org.apache.asterix.external.util.ExternalDataConstants.KEY_INCLUDE; -import static org.apache.asterix.external.util.ExternalDataConstants.KEY_QUOTE; -import static org.apache.asterix.external.util.ExternalDataConstants.KEY_RECORD_END; -import static org.apache.asterix.external.util.ExternalDataConstants.KEY_RECORD_START; import static org.apache.asterix.runtime.evaluators.functions.StringEvaluatorUtils.RESERVED_REGEX_CHARS; import static org.apache.hyracks.api.util.ExceptionUtils.getMessageOrToString; diff --git a/asterixdb/pom.xml b/asterixdb/pom.xml index 141ca6d..93d129d 100644 --- a/asterixdb/pom.xml +++ b/asterixdb/pom.xml @@ -649,7 +649,14 @@ <plugin> <groupId>net.revelc.code</groupId> <artifactId>impsort-maven-plugin</artifactId> - <version>1.2.0</version> + <version>1.9.0</version> + <dependencies> + <dependency> + <groupId>com.github.javaparser</groupId> + <artifactId>javaparser-core</artifactId> + <version>3.25.5</version> + </dependency> + </dependencies> </plugin> <plugin> <groupId>org.codehaus.mojo</groupId> @@ -1155,10 +1162,6 @@ <groupId>org.jline</groupId> <artifactId>jline</artifactId> </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-all</artifactId> - </exclusion> </exclusions> </dependency> <dependency> @@ -1535,40 +1538,6 @@ <groupId>software.amazon.awssdk</groupId> <artifactId>s3</artifactId> <version>${awsjavasdk.version}</version> - <exclusions> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-codec-http</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-codec-http2</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-codec</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-transport</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-common</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-buffer</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-handler</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-transport-native-epoll</artifactId> - </exclusion> - </exclusions> </dependency> <dependency> <groupId>software.amazon.awssdk</groupId> @@ -1634,213 +1603,17 @@ <groupId>net.minidev</groupId> <artifactId>json-smart</artifactId> </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-handler</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-handler-proxy</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-codec-http</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-codec-http2</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-buffer</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-common</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-transport</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-transport-native-epoll</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-transport-native-unix-common</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-tcnative-boringssl-static</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-codec-dns</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-transport-native-kqueue</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-resolver</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-resolver-dns</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-resolver-dns-native-macos</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-codec</artifactId> - </exclusion> </exclusions> </dependency> <dependency> <groupId>com.azure</groupId> <artifactId>azure-storage-blob</artifactId> <version>${azureblobjavasdk.version}</version> - <exclusions> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-handler</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-handler-proxy</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-codec-http</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-codec-http2</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-buffer</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-common</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-transport</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-transport-native-epoll</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-transport-native-unix-common</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-tcnative-boringssl-static</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-codec-dns</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-transport-native-kqueue</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-resolver</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-resolver-dns</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-resolver-dns-native-macos</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-codec</artifactId> - </exclusion> - </exclusions> </dependency> <dependency> <groupId>com.azure</groupId> <artifactId>azure-storage-common</artifactId> <version>${azurecommonjavasdk.version}</version> - <exclusions> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-handler</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-handler-proxy</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-codec-http</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-codec-http2</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-buffer</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-common</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-transport</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-transport-native-epoll</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-transport-native-unix-common</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-tcnative-boringssl-static</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-codec-dns</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-transport-native-kqueue</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-resolver</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-resolver-dns</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-resolver-dns-native-macos</artifactId> - </exclusion> - <exclusion> - <groupId>io.netty</groupId> - <artifactId>netty-codec</artifactId> - </exclusion> - </exclusions> </dependency> <!-- Azure Blob Storage end --> <!-- Google Cloud Storage start --> @@ -1978,12 +1751,17 @@ <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-util</artifactId> - <version>9.4.56.v20240826</version> + <version>9.4.57.v20241219</version> </dependency> <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-util-ajax</artifactId> - <version>9.4.56.v20240826</version> + <version>9.4.57.v20241219</version> + </dependency> + <dependency> + <groupId>io.netty</groupId> + <artifactId>netty-tcnative-boringssl-static</artifactId> + <version>2.0.71.Final</version> </dependency> </dependencies> </dependencyManagement> diff --git a/hyracks-fullstack/pom.xml b/hyracks-fullstack/pom.xml index e33184c..3c50278 100644 --- a/hyracks-fullstack/pom.xml +++ b/hyracks-fullstack/pom.xml @@ -76,7 +76,7 @@ <snappy.version>1.1.10.5</snappy.version> <jackson.version>2.14.1</jackson.version> <jackson-databind.version>${jackson.version}</jackson-databind.version> - <netty.version>4.1.115.Final</netty.version> + <netty.version>4.1.121.Final</netty.version> <implementation.title>Apache Hyracks and Algebricks - ${project.name}</implementation.title> <implementation.url>https://asterixdb.apache.org/</implementation.url> @@ -87,6 +87,11 @@ <dependencies> <dependency> <groupId>io.netty</groupId> + <artifactId>netty-all</artifactId> + <version>${netty.version}</version> + </dependency> + <dependency> + <groupId>io.netty</groupId> <artifactId>netty-buffer</artifactId> <version>${netty.version}</version> </dependency> @@ -132,6 +137,23 @@ </dependency> <dependency> <groupId>io.netty</groupId> + <artifactId>netty-transport-native-epoll</artifactId> + <classifier>linux-x86_64</classifier> + <version>${netty.version}</version> + </dependency> + <dependency> + <groupId>io.netty</groupId> + <artifactId>netty-transport-native-kqueue</artifactId> + <classifier>osx-x86_64</classifier> + <version>${netty.version}</version> + </dependency> + <dependency> + <groupId>io.netty</groupId> + <artifactId>netty-transport-native-kqueue</artifactId> + <version>${netty.version}</version> + </dependency> + <dependency> + <groupId>io.netty</groupId> <artifactId>netty-resolver-dns</artifactId> <version>${netty.version}</version> </dependency> @@ -740,7 +762,14 @@ <plugin> <groupId>net.revelc.code</groupId> <artifactId>impsort-maven-plugin</artifactId> - <version>1.2.0</version> + <version>1.9.0</version> + <dependencies> + <dependency> + <groupId>com.github.javaparser</groupId> + <artifactId>javaparser-core</artifactId> + <version>3.25.5</version> + </dependency> + </dependencies> </plugin> <!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.--> <plugin> -- To view, visit https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/19803 To unsubscribe, or for help writing mail filters, visit https://asterix-gerrit.ics.uci.edu/settings Gerrit-Project: asterixdb Gerrit-Branch: stabilization-667a908755 Gerrit-Change-Id: Ic28a6a33bee6d4bd43865cb552a4b1e23138d5ff Gerrit-Change-Number: 19803 Gerrit-PatchSet: 3 Gerrit-Owner: Michael Blow <mb...@apache.org> Gerrit-Reviewer: Jenkins <jenk...@fulliautomatix.ics.uci.edu> Gerrit-Reviewer: Michael Blow <mb...@apache.org> Gerrit-CC: Anon. E. Moose #1000171 Gerrit-MessageType: merged
