Skip to content

Commit 5cf7fce

Browse files
Jackie-JiangJackie-Jiang
committed
Upgrade dependencies to fix vulnerabitilites
1 parent dac1d14 commit 5cf7fce

File tree

16 files changed

+391
-280
lines changed

16 files changed

+391
-280
lines changed

pinot-compatibility-verifier/pom.xml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,6 @@
3434

3535
<properties>
3636
<pinot.root>${basedir}/..</pinot.root>
37-
<kafka.lib.version>2.8.2</kafka.lib.version>
3837
</properties>
3938

4039
<build>

pinot-connectors/pinot-spark-2-connector/pom.xml

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -32,9 +32,6 @@
3232
<url>https://pinot.apache.org/</url>
3333
<properties>
3434
<pinot.root>${basedir}/../..</pinot.root>
35-
<spark.version>2.4.8</spark.version>
36-
<scalaxml.version>2.3.0</scalaxml.version>
37-
<scalatest.version>3.2.18</scalatest.version>
3835
<shadeBase>org.apache.pinot.\$internal</shadeBase>
3936
</properties>
4037

@@ -48,14 +45,18 @@
4845
<dependency>
4946
<groupId>org.scala-lang.modules</groupId>
5047
<artifactId>scala-xml_${scala.compat.version}</artifactId>
51-
<version>${scalaxml.version}</version>
5248
</dependency>
5349
<dependency>
5450
<groupId>org.apache.spark</groupId>
5551
<artifactId>spark-sql_${scala.compat.version}</artifactId>
56-
<version>${spark.version}</version>
52+
<version>${spark2.version}</version>
5753
<scope>provided</scope>
5854
<exclusions>
55+
<!-- Exclude it here and include explicitly because it has "hadoop2" classifier -->
56+
<exclusion>
57+
<groupId>org.apache.avro</groupId>
58+
<artifactId>avro-mapred</artifactId>
59+
</exclusion>
5960
<exclusion>
6061
<groupId>log4j</groupId>
6162
<artifactId>log4j</artifactId>
@@ -66,6 +67,11 @@
6667
</exclusion>
6768
</exclusions>
6869
</dependency>
70+
<dependency>
71+
<groupId>org.apache.avro</groupId>
72+
<artifactId>avro-mapred</artifactId>
73+
<scope>provided</scope>
74+
</dependency>
6975
<dependency>
7076
<groupId>org.scala-lang</groupId>
7177
<artifactId>scala-library</artifactId>
@@ -75,7 +81,6 @@
7581
<dependency>
7682
<groupId>org.scalatest</groupId>
7783
<artifactId>scalatest_${scala.compat.version}</artifactId>
78-
<version>${scalatest.version}</version>
7984
<scope>test</scope>
8085
</dependency>
8186
</dependencies>

pinot-connectors/pinot-spark-3-connector/pom.xml

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -32,8 +32,6 @@
3232
<url>https://pinot.apache.org/</url>
3333
<properties>
3434
<pinot.root>${basedir}/../..</pinot.root>
35-
<spark.version>3.5.2</spark.version>
36-
<scalatest.version>3.2.18</scalatest.version>
3735
<shadeBase>org.apache.pinot.\$internal</shadeBase>
3836
</properties>
3937

@@ -47,7 +45,7 @@
4745
<dependency>
4846
<groupId>org.apache.spark</groupId>
4947
<artifactId>spark-sql_${scala.compat.version}</artifactId>
50-
<version>${spark.version}</version>
48+
<version>${spark3.version}</version>
5149
<scope>provided</scope>
5250
</dependency>
5351
<dependency>
@@ -59,7 +57,6 @@
5957
<dependency>
6058
<groupId>org.scalatest</groupId>
6159
<artifactId>scalatest_${scala.compat.version}</artifactId>
62-
<version>${scalatest.version}</version>
6360
<scope>test</scope>
6461
</dependency>
6562
</dependencies>

pinot-connectors/pinot-spark-common/pom.xml

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -32,9 +32,6 @@
3232
<url>https://pinot.apache.org/</url>
3333
<properties>
3434
<pinot.root>${basedir}/../..</pinot.root>
35-
<circe.version>0.14.9</circe.version>
36-
<scalaxml.version>2.3.0</scalaxml.version>
37-
<scalatest.version>3.2.18</scalatest.version>
3835
</properties>
3936

4037
<profiles>
@@ -51,17 +48,14 @@
5148
<dependency>
5249
<groupId>org.scala-lang.modules</groupId>
5350
<artifactId>scala-xml_${scala.compat.version}</artifactId>
54-
<version>${scalaxml.version}</version>
5551
</dependency>
5652
<dependency>
5753
<groupId>io.circe</groupId>
5854
<artifactId>circe-parser_${scala.compat.version}</artifactId>
59-
<version>${circe.version}</version>
6055
</dependency>
6156
<dependency>
6257
<groupId>io.circe</groupId>
6358
<artifactId>circe-generic_${scala.compat.version}</artifactId>
64-
<version>${circe.version}</version>
6559
</dependency>
6660
<dependency>
6761
<groupId>org.scala-lang</groupId>
@@ -72,7 +66,6 @@
7266
<dependency>
7367
<groupId>org.scalatest</groupId>
7468
<artifactId>scalatest_${scala.compat.version}</artifactId>
75-
<version>${scalatest.version}</version>
7669
<scope>test</scope>
7770
</dependency>
7871
</dependencies>

pinot-plugins/pinot-batch-ingestion/pinot-batch-ingestion-spark-2.4/pom.xml

Lines changed: 10 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -34,9 +34,6 @@
3434
<properties>
3535
<pinot.root>${basedir}/../../..</pinot.root>
3636
<shade.phase.prop>package</shade.phase.prop>
37-
<scala.major.version>2.11</scala.major.version>
38-
<spark.version>2.4.6</spark.version>
39-
<scala.minor.version>2.11.12</scala.minor.version>
4037
</properties>
4138

4239
<dependencies>
@@ -46,25 +43,14 @@
4643
</dependency>
4744
<dependency>
4845
<groupId>org.apache.spark</groupId>
49-
<artifactId>spark-core_${scala.major.version}</artifactId>
50-
<version>${spark.version}</version>
46+
<artifactId>spark-core_${scala.compat.version}</artifactId>
47+
<version>${spark2.version}</version>
5148
<scope>provided</scope>
5249
<exclusions>
50+
<!-- Exclude it here and include explicitly because it has "hadoop2" classifier -->
5351
<exclusion>
54-
<groupId>com.zaxxer</groupId>
55-
<artifactId>HikariCP-java7</artifactId>
56-
</exclusion>
57-
<exclusion>
58-
<groupId>com.twitter</groupId>
59-
<artifactId>chill_2.11</artifactId>
60-
</exclusion>
61-
<exclusion>
62-
<groupId>com.twitter</groupId>
63-
<artifactId>chill-java</artifactId>
64-
</exclusion>
65-
<exclusion>
66-
<groupId>org.apache.curator</groupId>
67-
<artifactId>curator-recipes</artifactId>
52+
<groupId>org.apache.avro</groupId>
53+
<artifactId>avro-mapred</artifactId>
6854
</exclusion>
6955
<exclusion>
7056
<groupId>log4j</groupId>
@@ -76,10 +62,14 @@
7662
</exclusion>
7763
</exclusions>
7864
</dependency>
65+
<dependency>
66+
<groupId>org.apache.avro</groupId>
67+
<artifactId>avro-mapred</artifactId>
68+
<scope>provided</scope>
69+
</dependency>
7970
<dependency>
8071
<groupId>org.scala-lang</groupId>
8172
<artifactId>scala-library</artifactId>
82-
<version>${scala.minor.version}</version>
8373
<scope>provided</scope>
8474
</dependency>
8575

@@ -93,13 +83,11 @@
9383
<dependency>
9484
<groupId>com.esotericsoftware.kryo</groupId>
9585
<artifactId>kryo</artifactId>
96-
<version>2.24.0</version>
9786
<scope>test</scope>
9887
</dependency>
9988
<dependency>
10089
<groupId>com.twitter</groupId>
10190
<artifactId>chill_2.11</artifactId>
102-
<version>0.10.0</version>
10391
<scope>test</scope>
10492
<exclusions>
10593
<exclusion>

pinot-plugins/pinot-batch-ingestion/pinot-batch-ingestion-spark-3/pom.xml

Lines changed: 1 addition & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,6 @@
3434
<properties>
3535
<pinot.root>${basedir}/../../..</pinot.root>
3636
<shade.phase.prop>package</shade.phase.prop>
37-
<spark.version>3.5.2</spark.version>
3837
</properties>
3938

4039
<dependencies>
@@ -45,25 +44,9 @@
4544
<dependency>
4645
<groupId>org.apache.spark</groupId>
4746
<artifactId>spark-core_${scala.compat.version}</artifactId>
48-
<version>${spark.version}</version>
47+
<version>${spark3.version}</version>
4948
<scope>provided</scope>
5049
<exclusions>
51-
<exclusion>
52-
<groupId>com.zaxxer</groupId>
53-
<artifactId>HikariCP-java7</artifactId>
54-
</exclusion>
55-
<exclusion>
56-
<groupId>com.twitter</groupId>
57-
<artifactId>chill_2.11</artifactId>
58-
</exclusion>
59-
<exclusion>
60-
<groupId>com.twitter</groupId>
61-
<artifactId>chill-java</artifactId>
62-
</exclusion>
63-
<exclusion>
64-
<groupId>org.apache.curator</groupId>
65-
<artifactId>curator-recipes</artifactId>
66-
</exclusion>
6750
<exclusion>
6851
<groupId>log4j</groupId>
6952
<artifactId>log4j</artifactId>
@@ -81,7 +64,6 @@
8164
<dependency>
8265
<groupId>org.scala-lang</groupId>
8366
<artifactId>scala-library</artifactId>
84-
<version>${scala.version}</version>
8567
<scope>provided</scope>
8668
</dependency>
8769

pinot-plugins/pinot-file-system/pinot-hdfs/pom.xml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,11 @@
3939
<groupId>org.apache.hadoop</groupId>
4040
<artifactId>hadoop-common</artifactId>
4141
</dependency>
42+
<!-- Replace bcprov-jdk15on which is excluded from hadoop-common -->
43+
<dependency>
44+
<groupId>org.bouncycastle</groupId>
45+
<artifactId>bcprov-jdk18on</artifactId>
46+
</dependency>
4247
<dependency>
4348
<groupId>org.codehaus.woodstox</groupId>
4449
<artifactId>stax2-api</artifactId>

pinot-plugins/pinot-input-format/pinot-confluent-avro/pom.xml

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,6 @@
3333
<url>https://pinot.apache.org/</url>
3434
<properties>
3535
<pinot.root>${basedir}/../../..</pinot.root>
36-
<kafka.lib.version>2.8.2</kafka.lib.version>
3736
<shade.phase.prop>package</shade.phase.prop>
3837
</properties>
3938
<repositories>
@@ -50,23 +49,14 @@
5049
<dependency>
5150
<groupId>org.apache.kafka</groupId>
5251
<artifactId>kafka-clients</artifactId>
53-
<version>${kafka.lib.version}</version>
5452
</dependency>
5553
<dependency>
5654
<groupId>io.confluent</groupId>
5755
<artifactId>kafka-schema-registry-client</artifactId>
58-
<version>${confluent.version}</version>
59-
<exclusions>
60-
<exclusion>
61-
<groupId>org.apache.kafka</groupId>
62-
<artifactId>kafka-clients</artifactId>
63-
</exclusion>
64-
</exclusions>
6556
</dependency>
6657
<dependency>
6758
<groupId>io.confluent</groupId>
6859
<artifactId>kafka-avro-serializer</artifactId>
69-
<version>${confluent.version}</version>
7060
</dependency>
7161
</dependencies>
7262
</project>

pinot-plugins/pinot-input-format/pinot-orc/pom.xml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,11 @@
4141
<artifactId>hadoop-common</artifactId>
4242
<scope>${hadoop.dependencies.scope}</scope>
4343
</dependency>
44+
<!-- Replace bcprov-jdk15on which is excluded from hadoop-common -->
45+
<dependency>
46+
<groupId>org.bouncycastle</groupId>
47+
<artifactId>bcprov-jdk18on</artifactId>
48+
</dependency>
4449
<dependency>
4550
<groupId>org.apache.hadoop</groupId>
4651
<artifactId>hadoop-hdfs</artifactId>

pinot-plugins/pinot-input-format/pinot-parquet/pom.xml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,10 @@
4949
<artifactId>hadoop-common</artifactId>
5050
<scope>${hadoop.dependencies.scope}</scope>
5151
</dependency>
52+
<dependency>
53+
<groupId>org.bouncycastle</groupId>
54+
<artifactId>bcprov-jdk18on</artifactId>
55+
</dependency>
5256
<dependency>
5357
<groupId>org.apache.hadoop</groupId>
5458
<artifactId>hadoop-client-runtime</artifactId>

0 commit comments

Comments
 (0)