You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by eo...@apache.org on 2021/04/18 10:52:36 UTC

[pulsar] branch master updated: Upgrade jclouds to 2.3.0 to fix security vulnerabilities (#10149)

This is an automated email from the ASF dual-hosted git repository.

eolivelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new 756802d  Upgrade jclouds to 2.3.0 to fix security vulnerabilities (#10149)
756802d is described below

commit 756802d3d4ebcc2c36f8ba5f8b050cad653a4cf0
Author: Lari Hotari <lh...@users.noreply.github.com>
AuthorDate: Sun Apr 18 13:51:49 2021 +0300

    Upgrade jclouds to 2.3.0 to fix security vulnerabilities (#10149)
    
    * Upgrade jclouds to 2.3.0 to fix security vulnerabilities
    
    * Shade gson as part of jclouds-shaded
    
    * Upgrade javax.annotation-api to 1.3.2
    
    * Add javax.annotation:javax.annotation-api dependency
    
    * Fix presto-distribution LICENSE
---
 distribution/server/src/assemble/LICENSE.bin.txt |  2 +-
 jclouds-shaded/pom.xml                           | 20 +++++---------------
 pom.xml                                          |  4 ++--
 pulsar-sql/presto-distribution/LICENSE           |  1 -
 4 files changed, 8 insertions(+), 19 deletions(-)

diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
index 81c547d..ae830a8 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -550,7 +550,7 @@ Protocol Buffers License
 
 CDDL-1.1 -- licenses/LICENSE-CDDL-1.1.txt
  * Java Annotations API
-    - javax.annotation-javax.annotation-api-1.2.jar
+    - javax.annotation-javax.annotation-api-1.3.2.jar
     - com.sun.activation-javax.activation-1.2.0.jar
     - javax.xml.bind-jaxb-api-2.3.1.jar
  * Java Servlet API -- javax.servlet-javax.servlet-api-3.1.0.jar
diff --git a/jclouds-shaded/pom.xml b/jclouds-shaded/pom.xml
index 5870686..11dff8a 100644
--- a/jclouds-shaded/pom.xml
+++ b/jclouds-shaded/pom.xml
@@ -39,19 +39,12 @@
       <artifactId>jclouds-allblobstore</artifactId>
       <version>${jclouds.version}</version>
     </dependency>
+    <dependency>
+      <groupId>javax.annotation</groupId>
+      <artifactId>javax.annotation-api</artifactId>
+    </dependency>
   </dependencies>
 
-  <dependencyManagement>
-    <dependencies>
-      <!-- JClouds still is using Guava 18.0 and it won't work with newer versions -->
-      <dependency>
-        <groupId>com.google.guava</groupId>
-        <artifactId>guava</artifactId>
-        <version>18.0</version>
-      </dependency>
-    </dependencies>
-  </dependencyManagement>
-
   <build>
     <plugins>
       <plugin>
@@ -79,6 +72,7 @@
                   <include>com.google.inject.extensions:guice-assistedinject</include>
                   <include>com.google.inject:guice</include>
                   <include>com.google.inject.extensions:guice-multibindings</include>
+                  <include>com.google.code.gson:gson</include>
                   <include>javax.ws.rs:*</include>
                   <include>com.jamesmurty.utils:*</include>
                   <include>net.iharder:*</include>
@@ -91,10 +85,6 @@
 
               <relocations>
                 <relocation>
-                  <pattern>com.google.gson.internal</pattern>
-                  <shadedPattern>org.jclouds.json.gson.internal</shadedPattern>
-                </relocation>
-                <relocation>
                   <pattern>com.google</pattern>
                   <shadedPattern>org.apache.pulsar.jcloud.shade.com.google</shadedPattern>
                 </relocation>
diff --git a/pom.xml b/pom.xml
index 209dcc1..cfc773a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -142,7 +142,7 @@ flexible messaging model and an intuitive client API.</description>
     <aws-sdk.version>1.11.774</aws-sdk.version>
     <avro.version>1.10.2</avro.version>
     <joda.version>2.10.1</joda.version>
-    <jclouds.version>2.2.1</jclouds.version>
+    <jclouds.version>2.3.0</jclouds.version>
     <sqlite-jdbc.version>3.8.11.2</sqlite-jdbc.version>
     <mysql-jdbc.version>8.0.11</mysql-jdbc.version>
     <postgresql-jdbc.version>42.2.12</postgresql-jdbc.version>
@@ -181,7 +181,7 @@ flexible messaging model and an intuitive client API.</description>
     <spark-streaming_2.10.version>2.1.0</spark-streaming_2.10.version>
     <assertj-core.version>3.18.1</assertj-core.version>
     <lombok.version>1.18.18</lombok.version>
-    <javax.annotation-api.version>1.2</javax.annotation-api.version>
+    <javax.annotation-api.version>1.3.2</javax.annotation-api.version>
     <jaxb-api>2.3.1</jaxb-api>
     <javax.activation.version>1.2.0</javax.activation.version>
     <jna.version>4.2.0</jna.version>
diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE
index 82b6f30..993261d 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -508,7 +508,6 @@ CDDL - 1.0
 
 CDDL-1.1 -- licenses/LICENSE-CDDL-1.1.txt
  * Java Annotations API
-   - javax.annotation-api-1.2.jar
    - javax.annotation-api-1.3.2.jar
    - javax.activation-1.2.0.jar
    - javax.activation-api-1.2.0.jar