This is an automated email from the ASF dual-hosted git repository.
technoboy pushed a commit to branch branch-2.9
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-2.9 by this push:
new 57b18e4f182 [improve][build] Upgrade dependencies to reduce CVE
(#20228)
57b18e4f182 is described below
commit 57b18e4f1825470a4816a56c69d2da7895980e49
Author: Jiwei Guo <techno...@apache.org>
AuthorDate: Mon May 8 10:00:16 2023 +0800
[improve][build] Upgrade dependencies to reduce CVE (#20228)
---
distribution/server/src/assemble/LICENSE.bin.txt | 70 +++++++++++-----------
pom.xml | 21 ++++---
pulsar-io/canal/pom.xml | 43 ++++++++++++-
pulsar-io/flume/pom.xml | 8 ++-
pulsar-io/hdfs2/pom.xml | 2 +-
.../apache/pulsar/io/hdfs2/AbstractHdfsConfig.java | 2 +-
.../pulsar/io/hdfs2/AbstractHdfsConnector.java | 2 +-
.../pulsar/io/hdfs2/sink/HdfsAbstractSink.java | 2 +-
.../pulsar/io/hdfs2/sink/HdfsSinkConfig.java | 2 +-
pulsar-io/hdfs3/pom.xml | 2 +-
.../apache/pulsar/io/hdfs3/AbstractHdfsConfig.java | 2 +-
.../pulsar/io/hdfs3/AbstractHdfsConnector.java | 2 +-
.../pulsar/io/hdfs3/sink/HdfsAbstractSink.java | 2 +-
.../pulsar/io/hdfs3/sink/HdfsSinkConfig.java | 2 +-
pulsar-sql/presto-distribution/LICENSE | 64 ++++++++++----------
pulsar-sql/presto-pulsar/pom.xml | 22 +++++++
tiered-storage/file-system/pom.xml | 9 +++
17 files changed, 171 insertions(+), 86 deletions(-)
diff --git a/distribution/server/src/assemble/LICENSE.bin.txt
b/distribution/server/src/assemble/LICENSE.bin.txt
index 7803532c882..9395cb42829 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -312,14 +312,14 @@ The Apache Software License, Version 2.0
* JCommander -- com.beust-jcommander-1.78.jar
* High Performance Primitive Collections for Java --
com.carrotsearch-hppc-0.7.3.jar
* Jackson
- - com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar
- - com.fasterxml.jackson.core-jackson-core-2.13.4.jar
- - com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar
- - com.fasterxml.jackson.dataformat-jackson-dataformat-yaml-2.13.4.jar
- - com.fasterxml.jackson.jaxrs-jackson-jaxrs-base-2.13.4.jar
- - com.fasterxml.jackson.jaxrs-jackson-jaxrs-json-provider-2.13.4.jar
- - com.fasterxml.jackson.module-jackson-module-jaxb-annotations-2.13.4.jar
- - com.fasterxml.jackson.module-jackson-module-jsonSchema-2.13.4.jar
+ - com.fasterxml.jackson.core-jackson-annotations-2.14.2.jar
+ - com.fasterxml.jackson.core-jackson-core-2.14.2.jar
+ - com.fasterxml.jackson.core-jackson-databind-2.14.2.jar
+ - com.fasterxml.jackson.dataformat-jackson-dataformat-yaml-2.14.2.jar
+ - com.fasterxml.jackson.jaxrs-jackson-jaxrs-base-2.14.2.jar
+ - com.fasterxml.jackson.jaxrs-jackson-jaxrs-json-provider-2.14.2.jar
+ - com.fasterxml.jackson.module-jackson-module-jaxb-annotations-2.14.2.jar
+ - com.fasterxml.jackson.module-jackson-module-jsonSchema-2.14.2.jar
* Caffeine -- com.github.ben-manes.caffeine-caffeine-2.9.1.jar
* Conscrypt -- org.conscrypt-conscrypt-openjdk-uber-2.5.2.jar
* Proto Google Common Protos --
com.google.api.grpc-proto-google-common-protos-2.0.1.jar
@@ -334,9 +334,9 @@ The Apache Software License, Version 2.0
* J2ObjC Annotations -- com.google.j2objc-j2objc-annotations-1.3.jar
* Netty Reactive Streams --
com.typesafe.netty-netty-reactive-streams-2.0.6.jar
* Swagger
- - io.swagger-swagger-annotations-1.6.2.jar
- - io.swagger-swagger-core-1.6.2.jar
- - io.swagger-swagger-models-1.6.2.jar
+ - io.swagger-swagger-annotations-1.6.10.jar
+ - io.swagger-swagger-core-1.6.10.jar
+ - io.swagger-swagger-models-1.6.10.jar
* DataSketches
- com.yahoo.datasketches-memory-0.8.3.jar
- com.yahoo.datasketches-sketches-core-0.8.3.jar
@@ -430,26 +430,26 @@ The Apache Software License, Version 2.0
- org.asynchttpclient-async-http-client-2.12.1.jar
- org.asynchttpclient-async-http-client-netty-utils-2.12.1.jar
* Jetty
- - org.eclipse.jetty-jetty-client-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-continuation-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-http-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-io-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-proxy-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-security-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-server-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-servlet-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-servlets-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-util-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-util-ajax-9.4.48.v20220622.jar
- -
org.eclipse.jetty.websocket-javax-websocket-client-impl-9.4.48.v20220622.jar
- - org.eclipse.jetty.websocket-websocket-api-9.4.48.v20220622.jar
- - org.eclipse.jetty.websocket-websocket-client-9.4.48.v20220622.jar
- - org.eclipse.jetty.websocket-websocket-common-9.4.48.v20220622.jar
- - org.eclipse.jetty.websocket-websocket-server-9.4.48.v20220622.jar
- - org.eclipse.jetty.websocket-websocket-servlet-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-alpn-conscrypt-server-9.4.48.v20220622.jar
- - org.eclipse.jetty-jetty-alpn-server-9.4.48.v20220622.jar
- * SnakeYaml -- org.yaml-snakeyaml-1.32.jar
+ - org.eclipse.jetty-jetty-client-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-continuation-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-http-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-io-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-proxy-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-security-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-server-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-servlet-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-servlets-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-util-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-util-ajax-9.4.51.v20230217.jar
+ -
org.eclipse.jetty.websocket-javax-websocket-client-impl-9.4.51.v20230217.jar
+ - org.eclipse.jetty.websocket-websocket-api-9.4.51.v20230217.jar
+ - org.eclipse.jetty.websocket-websocket-client-9.4.51.v20230217.jar
+ - org.eclipse.jetty.websocket-websocket-common-9.4.51.v20230217.jar
+ - org.eclipse.jetty.websocket-websocket-server-9.4.51.v20230217.jar
+ - org.eclipse.jetty.websocket-websocket-servlet-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-alpn-conscrypt-server-9.4.51.v20230217.jar
+ - org.eclipse.jetty-jetty-alpn-server-9.4.51.v20230217.jar
+ * SnakeYaml -- org.yaml-snakeyaml-2.0.jar
* RocksDB - org.rocksdb-rocksdbjni-6.29.4.1.jar
* Google Error Prone Annotations -
com.google.errorprone-error_prone_annotations-2.5.1.jar
* Apache Thrift - org.apache.thrift-libthrift-0.14.2.jar
@@ -459,10 +459,10 @@ The Apache Software License, Version 2.0
* Okio - com.squareup.okio-okio-2.8.0.jar
* Javassist -- org.javassist-javassist-3.25.0-GA.jar
* Kotlin Standard Lib
- - org.jetbrains.kotlin-kotlin-stdlib-1.4.32.jar
- - org.jetbrains.kotlin-kotlin-stdlib-common-1.4.32.jar
- - org.jetbrains.kotlin-kotlin-stdlib-jdk7-1.4.32.jar
- - org.jetbrains.kotlin-kotlin-stdlib-jdk8-1.4.32.jar
+ - org.jetbrains.kotlin-kotlin-stdlib-1.6.0.jar
+ - org.jetbrains.kotlin-kotlin-stdlib-common-1.6.0.jar
+ - org.jetbrains.kotlin-kotlin-stdlib-jdk7-1.6.0.jar
+ - org.jetbrains.kotlin-kotlin-stdlib-jdk8-1.6.0.jar
- org.jetbrains-annotations-13.0.jar
* gRPC
- io.grpc-grpc-all-1.45.1.jar
diff --git a/pom.xml b/pom.xml
index ab254acc3dd..75d4734956c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -102,7 +102,7 @@ flexible messaging model and an intuitive client
API.</description>
<!-- apache commons -->
<commons-compress.version>1.21</commons-compress.version>
- <snakeyaml.version>1.32</snakeyaml.version>
+ <snakeyaml.version>2.0</snakeyaml.version>
<bookkeeper.version>4.14.7</bookkeeper.version>
<zookeeper.version>3.6.3</zookeeper.version>
<commons-cli.version>1.5.0</commons-cli.version>
@@ -111,7 +111,7 @@ flexible messaging model and an intuitive client
API.</description>
<curator.version>5.1.0</curator.version>
<netty.version>4.1.87.Final</netty.version>
<netty-tc-native.version>2.0.56.Final</netty-tc-native.version>
- <jetty.version>9.4.48.v20220622</jetty.version>
+ <jetty.version>9.4.51.v20230217</jetty.version>
<conscrypt.version>2.5.2</conscrypt.version>
<jersey.version>2.34</jersey.version>
<athenz.version>1.10.9</athenz.version>
@@ -123,9 +123,9 @@ flexible messaging model and an intuitive client
API.</description>
<log4j2.version>2.18.0</log4j2.version>
<bouncycastle.version>1.69</bouncycastle.version>
<bouncycastlefips.version>1.0.2</bouncycastlefips.version>
- <jackson.version>2.13.4.20221013</jackson.version>
+ <jackson.version>2.14.2</jackson.version>
<reflections.version>0.9.11</reflections.version>
- <swagger.version>1.6.2</swagger.version>
+ <swagger.version>1.6.10</swagger.version>
<puppycrawl.checkstyle.version>8.37</puppycrawl.checkstyle.version>
<dockerfile-maven.version>1.4.13</dockerfile-maven.version>
<typetools.version>0.5.0</typetools.version>
@@ -179,6 +179,7 @@ flexible messaging model and an intuitive client
API.</description>
<commons-configuration.version>1.10</commons-configuration.version>
<commons-io.version>2.8.0</commons-io.version>
<commons-codec.version>1.15</commons-codec.version>
+ <commons-net.version>3.9.0</commons-net.version>
<javax.ws.rs-api.version>2.1</javax.ws.rs-api.version>
<hdrHistogram.version>2.1.9</hdrHistogram.version>
<javax.servlet-api>3.1.0</javax.servlet-api>
@@ -201,10 +202,10 @@ flexible messaging model and an intuitive client
API.</description>
<!-- use okio version that matches the okhttp3 version -->
<okio.version>2.8.0</okio.version>
<!-- override kotlin-stdlib used by okio in order to address
CVE-2020-29582 -->
- <kotlin-stdlib.version>1.4.32</kotlin-stdlib.version>
+ <kotlin-stdlib.version>1.6.0</kotlin-stdlib.version>
<nsq-client.version>1.0</nsq-client.version>
<cron-utils.version>9.1.6</cron-utils.version>
- <spring-context.version>5.3.19</spring-context.version>
+ <spring-context.version>5.3.27</spring-context.version>
<apache-http-client.version>4.5.13</apache-http-client.version>
<seancfoley.ipaddress.version>5.3.3</seancfoley.ipaddress.version>
<netty-reactive-streams.version>2.0.6</netty-reactive-streams.version>
@@ -226,7 +227,7 @@ flexible messaging model and an intuitive client
API.</description>
<skyscreamer.version>1.5.0</skyscreamer.version>
<objenesis.version>3.1</objenesis.version>
<awaitility.version>4.0.3</awaitility.version>
- <jettison.version>1.5.3</jettison.version>
+ <jettison.version>1.5.4</jettison.version>
<woodstox.version>5.4.0</woodstox.version>
<!-- Plugin dependencies -->
@@ -662,6 +663,12 @@ flexible messaging model and an intuitive client
API.</description>
<version>${commons-lang3.version}</version>
</dependency>
+ <dependency>
+ <groupId>commons-net</groupId>
+ <artifactId>commons-net</artifactId>
+ <version>${commons-net.version}</version>
+ </dependency>
+
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId>
diff --git a/pulsar-io/canal/pom.xml b/pulsar-io/canal/pom.xml
index f1e601dc0da..ceee66a9e98 100644
--- a/pulsar-io/canal/pom.xml
+++ b/pulsar-io/canal/pom.xml
@@ -55,12 +55,53 @@
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
- <version>1.2.73</version>
+ <version>1.2.83</version>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-core</artifactId>
+ <version>${spring-context.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-beans</artifactId>
+ <version>${spring-context.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ <version>1.2.9</version>
</dependency>
<dependency>
<groupId>com.alibaba.otter</groupId>
<artifactId>canal.client</artifactId>
<version>1.1.4</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>spring-aop</artifactId>
+ <groupId>org.springframework</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>spring-beans</artifactId>
+ <groupId>org.springframework</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>spring-jdbc</artifactId>
+ <groupId>org.springframework</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>spring-orm</artifactId>
+ <groupId>org.springframework</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>spring-tx</artifactId>
+ <groupId>org.springframework</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>spring-expression</artifactId>
+ <groupId>org.springframework</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
diff --git a/pulsar-io/flume/pom.xml b/pulsar-io/flume/pom.xml
index e95c79e2ac3..217993f861f 100644
--- a/pulsar-io/flume/pom.xml
+++ b/pulsar-io/flume/pom.xml
@@ -72,6 +72,12 @@
<groupId>org.apache.avro</groupId>
<artifactId>avro-ipc</artifactId>
<version>1.8.1</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>netty</artifactId>
+ <groupId>io.netty</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.apache.curator</groupId>
@@ -106,7 +112,7 @@
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
- <version>18.0</version>
+ <version>30.0-jre</version>
</dependency>
</dependencies>
diff --git a/pulsar-io/hdfs2/pom.xml b/pulsar-io/hdfs2/pom.xml
index 7ea2c41adec..b1ae9c1140a 100644
--- a/pulsar-io/hdfs2/pom.xml
+++ b/pulsar-io/hdfs2/pom.xml
@@ -48,7 +48,7 @@
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-client</artifactId>
- <version>2.8.5</version>
+ <version>3.2.3</version>
<exclusions>
<exclusion>
<groupId>log4j</groupId>
diff --git
a/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/AbstractHdfsConfig.java
b/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/AbstractHdfsConfig.java
index 316d7a86098..792ef95d72c 100644
---
a/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/AbstractHdfsConfig.java
+++
b/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/AbstractHdfsConfig.java
@@ -23,7 +23,7 @@ import java.io.Serializable;
import lombok.Data;
import lombok.experimental.Accessors;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
/**
* Configuration object for all HDFS components.
diff --git
a/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/AbstractHdfsConnector.java
b/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/AbstractHdfsConnector.java
index 456d0e5bc87..2fd15fcf082 100644
---
a/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/AbstractHdfsConnector.java
+++
b/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/AbstractHdfsConnector.java
@@ -32,7 +32,7 @@ import java.util.concurrent.atomic.AtomicReference;
import javax.net.SocketFactory;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
diff --git
a/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/sink/HdfsAbstractSink.java
b/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/sink/HdfsAbstractSink.java
index 1d2096d620d..03a52ec1077 100644
---
a/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/sink/HdfsAbstractSink.java
+++
b/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/sink/HdfsAbstractSink.java
@@ -27,7 +27,7 @@ import java.util.concurrent.LinkedBlockingQueue;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.io.FilenameUtils;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
diff --git
a/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/sink/HdfsSinkConfig.java
b/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/sink/HdfsSinkConfig.java
index 2af24fcd83e..195f29acdde 100644
---
a/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/sink/HdfsSinkConfig.java
+++
b/pulsar-io/hdfs2/src/main/java/org/apache/pulsar/io/hdfs2/sink/HdfsSinkConfig.java
@@ -32,7 +32,7 @@ import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.experimental.Accessors;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.io.hdfs2.AbstractHdfsConfig;
/**
diff --git a/pulsar-io/hdfs3/pom.xml b/pulsar-io/hdfs3/pom.xml
index 7897a828c0e..1c109c5326e 100644
--- a/pulsar-io/hdfs3/pom.xml
+++ b/pulsar-io/hdfs3/pom.xml
@@ -48,7 +48,7 @@
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-client</artifactId>
- <version>3.1.1</version>
+ <version>3.2.3</version>
<exclusions>
<exclusion>
<groupId>jakarta.activation</groupId>
diff --git
a/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/AbstractHdfsConfig.java
b/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/AbstractHdfsConfig.java
index ac6506fcfb2..510404f423c 100644
---
a/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/AbstractHdfsConfig.java
+++
b/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/AbstractHdfsConfig.java
@@ -23,7 +23,7 @@ import java.io.Serializable;
import lombok.Data;
import lombok.experimental.Accessors;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
/**
* Configuration object for all HDFS components.
diff --git
a/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/AbstractHdfsConnector.java
b/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/AbstractHdfsConnector.java
index dfe883374d9..270f7c44f70 100644
---
a/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/AbstractHdfsConnector.java
+++
b/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/AbstractHdfsConnector.java
@@ -32,7 +32,7 @@ import java.util.concurrent.atomic.AtomicReference;
import javax.net.SocketFactory;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
diff --git
a/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/sink/HdfsAbstractSink.java
b/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/sink/HdfsAbstractSink.java
index 642c07d77c7..c83c4c4d7b4 100644
---
a/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/sink/HdfsAbstractSink.java
+++
b/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/sink/HdfsAbstractSink.java
@@ -24,7 +24,7 @@ import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
import org.apache.commons.io.FilenameUtils;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FSDataOutputStreamBuilder;
import org.apache.hadoop.fs.FileSystem;
diff --git
a/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/sink/HdfsSinkConfig.java
b/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/sink/HdfsSinkConfig.java
index a35c6e3c33b..6ca59c0525b 100644
---
a/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/sink/HdfsSinkConfig.java
+++
b/pulsar-io/hdfs3/src/main/java/org/apache/pulsar/io/hdfs3/sink/HdfsSinkConfig.java
@@ -30,7 +30,7 @@ import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.experimental.Accessors;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.io.hdfs3.AbstractHdfsConfig;
/**
diff --git a/pulsar-sql/presto-distribution/LICENSE
b/pulsar-sql/presto-distribution/LICENSE
index 9d71d24e68e..ed80b2eed6f 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -207,19 +207,19 @@ This projects includes binary packages with the following
licenses:
The Apache Software License, Version 2.0
* Jackson
- - jackson-annotations-2.13.4.jar
- - jackson-core-2.13.4.jar
- - jackson-databind-2.13.4.2.jar
- - jackson-dataformat-smile-2.13.4.jar
- - jackson-datatype-guava-2.13.4.jar
- - jackson-datatype-jdk8-2.13.4.jar
- - jackson-datatype-joda-2.13.4.jar
- - jackson-datatype-jsr310-2.13.4.jar
- - jackson-dataformat-yaml-2.13.4.jar
- - jackson-jaxrs-base-2.13.4.jar
- - jackson-jaxrs-json-provider-2.13.4.jar
- - jackson-module-jaxb-annotations-2.13.4.jar
- - jackson-module-jsonSchema-2.13.4.jar
+ - jackson-annotations-2.14.2.jar
+ - jackson-core-2.14.2.jar
+ - jackson-databind-2.14.2.jar
+ - jackson-dataformat-smile-2.14.2.jar
+ - jackson-datatype-guava-2.14.2.jar
+ - jackson-datatype-jdk8-2.14.2.jar
+ - jackson-datatype-joda-2.14.2.jar
+ - jackson-datatype-jsr310-2.14.2.jar
+ - jackson-dataformat-yaml-2.14.2.jar
+ - jackson-jaxrs-base-2.14.2.jar
+ - jackson-jaxrs-json-provider-2.14.2.jar
+ - jackson-module-jaxb-annotations-2.14.2.jar
+ - jackson-module-jsonSchema-2.14.2.jar
* Guava
- guava-30.1-jre.jar
- listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
@@ -259,22 +259,22 @@ The Apache Software License, Version 2.0
* Joda Time
- joda-time-2.10.5.jar
* Jetty
- - http2-client-9.4.48.v20220622.jar
- - http2-common-9.4.48.v20220622.jar
- - http2-hpack-9.4.48.v20220622.jar
- - http2-http-client-transport-9.4.48.v20220622.jar
- - jetty-alpn-client-9.4.48.v20220622.jar
- - http2-server-9.4.48.v20220622.jar
- - jetty-alpn-java-client-9.4.48.v20220622.jar
- - jetty-client-9.4.48.v20220622.jar
- - jetty-http-9.4.48.v20220622.jar
- - jetty-io-9.4.48.v20220622.jar
- - jetty-jmx-9.4.48.v20220622.jar
- - jetty-security-9.4.48.v20220622.jar
- - jetty-server-9.4.48.v20220622.jar
- - jetty-servlet-9.4.48.v20220622.jar
- - jetty-util-9.4.48.v20220622.jar
- - jetty-util-ajax-9.4.48.v20220622.jar
+ - http2-client-9.4.51.v20230217.jar
+ - http2-common-9.4.51.v20230217.jar
+ - http2-hpack-9.4.51.v20230217.jar
+ - http2-http-client-transport-9.4.51.v20230217.jar
+ - jetty-alpn-client-9.4.51.v20230217.jar
+ - http2-server-9.4.51.v20230217.jar
+ - jetty-alpn-java-client-9.4.51.v20230217.jar
+ - jetty-client-9.4.51.v20230217.jar
+ - jetty-http-9.4.51.v20230217.jar
+ - jetty-io-9.4.51.v20230217.jar
+ - jetty-jmx-9.4.51.v20230217.jar
+ - jetty-security-9.4.51.v20230217.jar
+ - jetty-server-9.4.51.v20230217.jar
+ - jetty-servlet-9.4.51.v20230217.jar
+ - jetty-util-9.4.51.v20230217.jar
+ - jetty-util-ajax-9.4.51.v20230217.jar
* Apache BVal
- bval-jsr-2.0.0.jar
* Bytecode
@@ -398,7 +398,7 @@ The Apache Software License, Version 2.0
* RocksDB JNI
- rocksdbjni-6.29.4.1.jar
* SnakeYAML
- - snakeyaml-1.32.jar
+ - snakeyaml-2.0.jar
* Bean Validation API
- validation-api-2.0.1.Final.jar
* Objectsize
@@ -444,7 +444,7 @@ The Apache Software License, Version 2.0
* Snappy
- snappy-java-1.1.7.jar
* Jackson
- - jackson-module-parameter-names-2.13.4.jar
+ - jackson-module-parameter-names-2.14.2.jar
* Java Assist
- javassist-3.25.0-GA.jar
* Java Native Access
@@ -460,7 +460,7 @@ The Apache Software License, Version 2.0
* Apache Yetus Audience Annotations
- audience-annotations-0.5.0.jar
* Swagger
- - swagger-annotations-1.6.2.jar
+ - swagger-annotations-1.6.10.jar
Protocol Buffers License
* Protocol Buffers
diff --git a/pulsar-sql/presto-pulsar/pom.xml b/pulsar-sql/presto-pulsar/pom.xml
index 894445dac35..09920d78f1b 100644
--- a/pulsar-sql/presto-pulsar/pom.xml
+++ b/pulsar-sql/presto-pulsar/pom.xml
@@ -117,6 +117,28 @@
<artifactId>presto-main</artifactId>
<version>${presto.version}</version>
<scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <artifactId>jetty-client</artifactId>
+ <groupId>org.eclipse.jetty</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>jetty-security</artifactId>
+ <groupId>org.eclipse.jetty</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>async-http-client</artifactId>
+ <groupId>com.ning</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>http2-server</artifactId>
+ <groupId>org.eclipse.jetty.http2</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>http-server</artifactId>
+ <groupId>io.airlift</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
diff --git a/tiered-storage/file-system/pom.xml
b/tiered-storage/file-system/pom.xml
index d07988c07db..c649e12fd80 100644
--- a/tiered-storage/file-system/pom.xml
+++ b/tiered-storage/file-system/pom.xml
@@ -37,6 +37,11 @@
<artifactId>managed-ledger</artifactId>
<version>${project.version}</version>
</dependency>
+
+ <dependency>
+ <groupId>commons-net</groupId>
+ <artifactId>commons-net</artifactId>
+ </dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-hdfs-client</artifactId>
@@ -55,6 +60,10 @@
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>commons-net</groupId>
+ <artifactId>commons-net</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
