Skip to content

Commit

Permalink
#109: Upgrade dependencies (#110)
Browse files Browse the repository at this point in the history 
* #109: Upgrade dependencies

* Fix indentation
  • Loading branch information
@kaklakariada
kaklakariada authored Jul 29, 2024
1 parent 03805ea commit f2a0a4c
Show file tree
Hide file tree
Showing 8 changed files with 197 additions and 140 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/ci-build.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/dependencies_update.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions .project-keeper.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ build:
runnerOs: ubuntu-20.04
freeDiskSpace: false
exasolDbVersions:
- "7.1.26"
- "8.24.0"
- "8.26.0"
- "7.1.27"
excludes:
# Only run javadoc as glue-connector cannot be built with java version > 11 currently
- "E-PK-CORE-18: Outdated content: '.github/workflows/ci-build-next-java.yml'"
235 changes: 120 additions & 115 deletions dependencies.md
View file

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions doc/changes/changelog.md
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

37 changes: 37 additions & 0 deletions doc/changes/changes_2.1.7.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
# Exasol AWS Glue Connector 2.1.7, released 2024-07-29

Code name: Fix CVE-2024-25638 in `dnsjava:dnsjava:jar:3.4.0:provided`

## Summary

This release fixes vulnerability CVE-2024-25638 in `dnsjava:dnsjava:jar:3.4.0:provided`.

## Security

* #109: Fixed vulnerability CVE-2024-25638 in `dnsjava:dnsjava:jar:3.4.0:provided`
* #108: Fixed vulnerability CVE-2024-36124 in `org.iq80.snappy:snappy:jar:0.3:test`

## Dependency Updates

### Compile Dependency Updates

* Updated `com.exasol:exasol-jdbc:24.1.0` to `24.1.1`
* Updated `com.exasol:spark-connector-common-java:2.0.4` to `2.0.7`
* Updated `software.amazon.awssdk:s3:2.25.29` to `2.26.25`

### Test Dependency Updates

* Updated `com.amazon.ion:ion-java:1.11.4` to `1.11.9`
* Updated `com.amazonaws:aws-java-sdk-s3:1.12.699` to `1.12.765`
* Updated `com.exasol:exasol-testcontainers:7.0.1` to `7.1.0`
* Added `org.iq80.snappy:snappy:0.5`
* Updated `org.junit.jupiter:junit-jupiter-api:5.10.2` to `5.10.3`
* Updated `org.junit.jupiter:junit-jupiter:5.10.2` to `5.10.3`
* Updated `org.mockito:mockito-core:5.11.0` to `5.12.0`
* Updated `org.mockito:mockito-junit-jupiter:5.11.0` to `5.12.0`
* Updated `org.testcontainers:junit-jupiter:1.19.7` to `1.20.0`
* Updated `org.testcontainers:localstack:1.19.7` to `1.20.0`

### Plugin Dependency Updates

* Updated `com.exasol:project-keeper-maven-plugin:4.3.2` to `4.3.3`
2 changes: 1 addition & 1 deletion pk_generated_parent.pom
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

50 changes: 32 additions & 18 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,22 +3,22 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.exasol</groupId>
<artifactId>glue-connector</artifactId>
<version>2.1.6</version>
<version>2.1.7</version>
<name>Exasol AWS Glue Connector</name>
<description>An AWS Glue connector for accessing Exasol database</description>
<url>https://github.com/exasol/glue-connector/</url>
<parent>
<artifactId>glue-connector-generated-parent</artifactId>
<groupId>com.exasol</groupId>
<version>2.1.6</version>
<version>2.1.7</version>
<relativePath>pk_generated_parent.pom</relativePath>
</parent>
<properties>
<java.version>8</java.version>
<toolchain.version>11</toolchain.version>
<hadoop.version>3.4.0</hadoop.version>
<junit.version>5.10.2</junit.version>
<mockito.version>5.11.0</mockito.version>
<junit.version>5.10.3</junit.version>
<mockito.version>5.12.0</mockito.version>
<log4j.version>2.23.1</log4j.version>
</properties>
<repositories>
Expand Down Expand Up @@ -142,7 +142,7 @@
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId>
<version>1.26.1</version>
<version>1.26.2</version>
<scope>provided</scope>
</dependency>
<!-- override dependency of com.amazonaws:AWSGlueETL
Expand Down Expand Up @@ -213,11 +213,18 @@
</exclusion>
</exclusions>
</dependency>
<dependency>
<!-- Override version 3.4.0 from org.apache.hadoop:hadoop-client to fix CVE-2023-33546-->
<artifactId>dnsjava</artifactId>
<groupId>dnsjava</groupId>
<version>3.6.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<!-- Fix CVE-2024-29131 & CVE-2024-29133 in transitive dependency of hadoop-client -->
<groupId>org.apache.commons</groupId>
<artifactId>commons-configuration2</artifactId>
<version>2.10.1</version>
<version>2.11.0</version>
<scope>provided</scope>
</dependency>
<dependency>
Expand All @@ -231,7 +238,7 @@
<!-- Fix CVE-2023-52428 in transitive dependency of hadoop-client -->
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>9.39.3</version>
<version>9.40</version>
<scope>provided</scope>
</dependency>
<dependency>
Expand Down Expand Up @@ -259,7 +266,7 @@
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>33.1.0-jre</version>
<version>33.2.1-jre</version>
<scope>provided</scope>
</dependency>
<dependency>
Expand All @@ -271,12 +278,12 @@
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>s3</artifactId>
<version>2.25.29</version>
<version>2.26.25</version>
</dependency>
<dependency>
<groupId>com.exasol</groupId>
<artifactId>exasol-jdbc</artifactId>
<version>24.1.0</version>
<version>24.1.1</version>
</dependency>
<dependency>
<groupId>com.exasol</groupId>
Expand All @@ -286,7 +293,7 @@
<dependency>
<groupId>com.exasol</groupId>
<artifactId>spark-connector-common-java</artifactId>
<version>2.0.4</version>
<version>2.0.7</version>
</dependency>
<dependency>
<groupId>com.exasol</groupId>
Expand Down Expand Up @@ -327,13 +334,13 @@
<dependency>
<groupId>org.testcontainers</groupId>
<artifactId>junit-jupiter</artifactId>
<version>1.19.7</version>
<version>1.20.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.testcontainers</groupId>
<artifactId>localstack</artifactId>
<version>1.19.7</version>
<version>1.20.0</version>
<scope>test</scope>
</dependency>
<!--
Expand All @@ -343,7 +350,7 @@
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-s3</artifactId>
<version>1.12.699</version>
<version>1.12.765</version>
<scope>test</scope>
</dependency>
<dependency>
Expand Down Expand Up @@ -455,16 +462,23 @@
</exclusions>
</dependency>
<dependency>
<!-- Upgrade transtivie dependency of AWSGlueETL to fix CVE-2024-21634 -->
<!-- Upgrade transitive dependency of AWSGlueETL to fix CVE-2024-36124 -->
<groupId>org.iq80.snappy</groupId>
<artifactId>snappy</artifactId>
<version>0.5</version>
<scope>test</scope>
</dependency>
<dependency>
<!-- Upgrade transitive dependency of AWSGlueETL to fix CVE-2024-21634 -->
<groupId>com.amazon.ion</groupId>
<artifactId>ion-java</artifactId>
<version>1.11.4</version>
<version>1.11.9</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.exasol</groupId>
<artifactId>exasol-testcontainers</artifactId>
<version>7.0.1</version>
<version>7.1.0</version>
<scope>test</scope>
</dependency>
<dependency>
Expand Down Expand Up @@ -536,7 +550,7 @@
<plugin>
<groupId>com.exasol</groupId>
<artifactId>project-keeper-maven-plugin</artifactId>
<version>4.3.2</version>
<version>4.3.3</version>
<executions>
<execution>
<goals>
Expand Down

0 comments on commit f2a0a4c

Please sign in to comment.