From 7a2d3b43c3913277cfaf5e01577bef6312f48227 Mon Sep 17 00:00:00 2001 From: Joshua Li Date: Thu, 2 Jun 2022 18:14:23 +0000 Subject: [PATCH 1/3] Bump jackson to 2.13.2 Signed-off-by: Joshua Li --- integ-test/build.gradle | 4 ++-- opensearch/build.gradle | 6 +++--- plugin/build.gradle | 6 +++--- protocol/build.gradle | 6 +++--- sql-jdbc/build.gradle | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/integ-test/build.gradle b/integ-test/build.gradle index 6079eede9f..b09d8bab06 100644 --- a/integ-test/build.gradle +++ b/integ-test/build.gradle @@ -52,8 +52,8 @@ configurations.all { // enforce 1.1.3, https://www.whitesourcesoftware.com/vulnerability-database/WS-2019-0379 resolutionStrategy.force 'commons-codec:commons-codec:1.13' resolutionStrategy.force 'com.google.guava:guava:31.0.1-jre' - resolutionStrategy.force 'com.fasterxml.jackson.core:jackson-core:2.12.6' - resolutionStrategy.force 'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.12.6' + resolutionStrategy.force 'com.fasterxml.jackson.core:jackson-core:2.13.2' + resolutionStrategy.force 'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.13.2' } dependencies { diff --git a/opensearch/build.gradle b/opensearch/build.gradle index b4d5f5d6c1..063fe3fa63 100644 --- a/opensearch/build.gradle +++ b/opensearch/build.gradle @@ -32,9 +32,9 @@ dependencies { compile project(':core') compile group: 'org.opensearch', name: 'opensearch', version: "${opensearch_version}" compile "io.github.resilience4j:resilience4j-retry:1.5.0" - compile group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.12.6' - compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.12.6' - compile group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-cbor', version: '2.12.6' + compile group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.13.2' + compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.13.2' + compile group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-cbor', version: '2.13.2' compile group: 'org.json', name: 'json', version:'20180813' compileOnly group: 'org.opensearch.client', name: 'opensearch-rest-high-level-client', version: "${opensearch_version}" compile group: 'org.opensearch', name:'opensearch-ml-client', version: '1.3.2.0-SNAPSHOT' diff --git a/plugin/build.gradle b/plugin/build.gradle index b934a804a3..b3cc10a950 100644 --- a/plugin/build.gradle +++ b/plugin/build.gradle @@ -56,12 +56,12 @@ configurations.all { resolutionStrategy.force 'junit:junit:4.13.2' // conflict with spring-jcl exclude group: "commons-logging", module: "commons-logging" - // enforce 2.12.6, https://github.com/opensearch-project/sql/issues/424 - resolutionStrategy.force 'com.fasterxml.jackson.core:jackson-core:2.12.6' + // enforce 2.13.2, https://www.mend.io/vulnerability-database/CVE-2020-36518 + resolutionStrategy.force 'com.fasterxml.jackson.core:jackson-core:2.13.2' // enforce 1.1.3, https://www.whitesourcesoftware.com/vulnerability-database/WS-2019-0379 resolutionStrategy.force 'commons-codec:commons-codec:1.13' resolutionStrategy.force 'com.google.guava:guava:31.0.1-jre' - resolutionStrategy.force 'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.12.6' + resolutionStrategy.force 'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.13.2' } dependencies { diff --git a/protocol/build.gradle b/protocol/build.gradle index 5e1464a0a4..c77a50ec87 100644 --- a/protocol/build.gradle +++ b/protocol/build.gradle @@ -30,9 +30,9 @@ plugins { dependencies { compile group: 'com.google.guava', name: 'guava', version: '31.0.1-jre' - compile group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.12.6' - compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.12.6' - compile group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-cbor', version: '2.12.6' + compile group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.13.2' + compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.13.2' + compile group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-cbor', version: '2.13.2' implementation 'com.google.code.gson:gson:2.8.9' compile project(':core') compile project(':opensearch') diff --git a/sql-jdbc/build.gradle b/sql-jdbc/build.gradle index b1f45b0994..7ce4102e43 100644 --- a/sql-jdbc/build.gradle +++ b/sql-jdbc/build.gradle @@ -46,7 +46,7 @@ repositories { dependencies { implementation group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.6' - implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.12.6' + implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.13.2' implementation group: 'com.amazonaws', name: 'aws-java-sdk-core', version: '1.11.452' testImplementation('org.junit.jupiter:junit-jupiter-api:5.3.1') From 838d912c847791db3c268bd5843887b879fbb278 Mon Sep 17 00:00:00 2001 From: Joshua Li Date: Thu, 2 Jun 2022 18:14:34 +0000 Subject: [PATCH 2/3] Bump spring to 5.2.20 Signed-off-by: Joshua Li --- core/build.gradle | 6 +++--- plugin/build.gradle | 2 +- ppl/build.gradle | 4 ++-- sql/build.gradle | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/core/build.gradle b/core/build.gradle index 32a14bad3b..17bb1e1a71 100644 --- a/core/build.gradle +++ b/core/build.gradle @@ -40,8 +40,8 @@ repositories { dependencies { compile group: 'com.google.guava', name: 'guava', version: '31.0.1-jre' - compile group: 'org.springframework', name: 'spring-context', version: '5.2.19.RELEASE' - compile group: 'org.springframework', name: 'spring-beans', version: '5.2.19.RELEASE' + compile group: 'org.springframework', name: 'spring-context', version: '5.2.20.RELEASE' + compile group: 'org.springframework', name: 'spring-beans', version: '5.2.20.RELEASE' compile group: 'org.apache.commons', name: 'commons-lang3', version: '3.10' compile group: 'com.facebook.presto', name: 'presto-matching', version: '0.240' compile group: 'org.apache.commons', name: 'commons-math3', version: '3.6.1' @@ -49,7 +49,7 @@ dependencies { testImplementation('org.junit.jupiter:junit-jupiter:5.6.2') testCompile group: 'org.hamcrest', name: 'hamcrest-library', version: '2.1' - testCompile group: 'org.springframework', name: 'spring-test', version: '5.2.19.RELEASE' + testCompile group: 'org.springframework', name: 'spring-test', version: '5.2.20.RELEASE' testCompile group: 'org.mockito', name: 'mockito-core', version: '3.3.3' testCompile group: 'org.mockito', name: 'mockito-junit-jupiter', version: '3.3.3' } diff --git a/plugin/build.gradle b/plugin/build.gradle index b3cc10a950..34666a3857 100644 --- a/plugin/build.gradle +++ b/plugin/build.gradle @@ -65,7 +65,7 @@ configurations.all { } dependencies { - compile group: 'org.springframework', name: 'spring-beans', version: '5.2.19.RELEASE' + compile group: 'org.springframework', name: 'spring-beans', version: '5.2.20.RELEASE' compile project(":ppl") compile project(':legacy') compile project(':opensearch') diff --git a/ppl/build.gradle b/ppl/build.gradle index 4b88c000fe..4b0d361555 100644 --- a/ppl/build.gradle +++ b/ppl/build.gradle @@ -48,8 +48,8 @@ dependencies { compile group: 'com.google.guava', name: 'guava', version: '31.0.1-jre' compile group: 'org.opensearch', name: 'opensearch-x-content', version: "${opensearch_version}" compile group: 'org.json', name: 'json', version: '20180813' - compile group: 'org.springframework', name: 'spring-context', version: '5.2.19.RELEASE' - compile group: 'org.springframework', name: 'spring-beans', version: '5.2.19.RELEASE' + compile group: 'org.springframework', name: 'spring-context', version: '5.2.20.RELEASE' + compile group: 'org.springframework', name: 'spring-beans', version: '5.2.20.RELEASE' compile group: 'org.apache.logging.log4j', name: 'log4j-core', version:'2.17.1' compile project(':common') compile project(':core') diff --git a/sql/build.gradle b/sql/build.gradle index 1acb115137..e49810fb5f 100644 --- a/sql/build.gradle +++ b/sql/build.gradle @@ -47,8 +47,8 @@ dependencies { compile "org.antlr:antlr4-runtime:4.7.1" implementation group: 'com.google.guava', name: 'guava', version: '31.0.1-jre' compile group: 'org.json', name: 'json', version:'20180813' - compile group: 'org.springframework', name: 'spring-context', version: '5.2.19.RELEASE' - compile group: 'org.springframework', name: 'spring-beans', version: '5.2.19.RELEASE' + compile group: 'org.springframework', name: 'spring-context', version: '5.2.20.RELEASE' + compile group: 'org.springframework', name: 'spring-beans', version: '5.2.20.RELEASE' compile project(':common') compile project(':core') compile project(':protocol') From 0f886449859025318a7cf6b68094e6bb72ba7555 Mon Sep 17 00:00:00 2001 From: Joshua Li Date: Thu, 2 Jun 2022 18:22:35 +0000 Subject: [PATCH 3/3] Revert "Bump jackson to 2.13.2" This reverts commit 7a2d3b43c3913277cfaf5e01577bef6312f48227. Signed-off-by: Joshua Li --- integ-test/build.gradle | 4 ++-- opensearch/build.gradle | 6 +++--- plugin/build.gradle | 6 +++--- protocol/build.gradle | 6 +++--- sql-jdbc/build.gradle | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/integ-test/build.gradle b/integ-test/build.gradle index b09d8bab06..6079eede9f 100644 --- a/integ-test/build.gradle +++ b/integ-test/build.gradle @@ -52,8 +52,8 @@ configurations.all { // enforce 1.1.3, https://www.whitesourcesoftware.com/vulnerability-database/WS-2019-0379 resolutionStrategy.force 'commons-codec:commons-codec:1.13' resolutionStrategy.force 'com.google.guava:guava:31.0.1-jre' - resolutionStrategy.force 'com.fasterxml.jackson.core:jackson-core:2.13.2' - resolutionStrategy.force 'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.13.2' + resolutionStrategy.force 'com.fasterxml.jackson.core:jackson-core:2.12.6' + resolutionStrategy.force 'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.12.6' } dependencies { diff --git a/opensearch/build.gradle b/opensearch/build.gradle index 063fe3fa63..b4d5f5d6c1 100644 --- a/opensearch/build.gradle +++ b/opensearch/build.gradle @@ -32,9 +32,9 @@ dependencies { compile project(':core') compile group: 'org.opensearch', name: 'opensearch', version: "${opensearch_version}" compile "io.github.resilience4j:resilience4j-retry:1.5.0" - compile group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.13.2' - compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.13.2' - compile group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-cbor', version: '2.13.2' + compile group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.12.6' + compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.12.6' + compile group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-cbor', version: '2.12.6' compile group: 'org.json', name: 'json', version:'20180813' compileOnly group: 'org.opensearch.client', name: 'opensearch-rest-high-level-client', version: "${opensearch_version}" compile group: 'org.opensearch', name:'opensearch-ml-client', version: '1.3.2.0-SNAPSHOT' diff --git a/plugin/build.gradle b/plugin/build.gradle index 34666a3857..3ed4407ebe 100644 --- a/plugin/build.gradle +++ b/plugin/build.gradle @@ -56,12 +56,12 @@ configurations.all { resolutionStrategy.force 'junit:junit:4.13.2' // conflict with spring-jcl exclude group: "commons-logging", module: "commons-logging" - // enforce 2.13.2, https://www.mend.io/vulnerability-database/CVE-2020-36518 - resolutionStrategy.force 'com.fasterxml.jackson.core:jackson-core:2.13.2' + // enforce 2.12.6, https://github.com/opensearch-project/sql/issues/424 + resolutionStrategy.force 'com.fasterxml.jackson.core:jackson-core:2.12.6' // enforce 1.1.3, https://www.whitesourcesoftware.com/vulnerability-database/WS-2019-0379 resolutionStrategy.force 'commons-codec:commons-codec:1.13' resolutionStrategy.force 'com.google.guava:guava:31.0.1-jre' - resolutionStrategy.force 'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.13.2' + resolutionStrategy.force 'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.12.6' } dependencies { diff --git a/protocol/build.gradle b/protocol/build.gradle index c77a50ec87..5e1464a0a4 100644 --- a/protocol/build.gradle +++ b/protocol/build.gradle @@ -30,9 +30,9 @@ plugins { dependencies { compile group: 'com.google.guava', name: 'guava', version: '31.0.1-jre' - compile group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.13.2' - compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.13.2' - compile group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-cbor', version: '2.13.2' + compile group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.12.6' + compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.12.6' + compile group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-cbor', version: '2.12.6' implementation 'com.google.code.gson:gson:2.8.9' compile project(':core') compile project(':opensearch') diff --git a/sql-jdbc/build.gradle b/sql-jdbc/build.gradle index 7ce4102e43..b1f45b0994 100644 --- a/sql-jdbc/build.gradle +++ b/sql-jdbc/build.gradle @@ -46,7 +46,7 @@ repositories { dependencies { implementation group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.6' - implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.13.2' + implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.12.6' implementation group: 'com.amazonaws', name: 'aws-java-sdk-core', version: '1.11.452' testImplementation('org.junit.jupiter:junit-jupiter-api:5.3.1')