diff --git a/extensions-contrib/kubernetes-overlord-extensions/pom.xml b/extensions-contrib/kubernetes-overlord-extensions/pom.xml
index 3ebcbfbf8d75..0c970ab3b671 100644
--- a/extensions-contrib/kubernetes-overlord-extensions/pom.xml
+++ b/extensions-contrib/kubernetes-overlord-extensions/pom.xml
@@ -104,7 +104,7 @@
io.fabric8
kubernetes-model-core
- 6.4.1
+ 6.7.2
javax.validation
@@ -114,17 +114,17 @@
io.fabric8
kubernetes-model-batch
- 6.4.1
+ 6.7.2
io.fabric8
kubernetes-client-api
- 6.4.1
+ 6.7.2
io.fabric8
kubernetes-client
- 6.4.1
+ 6.7.2
runtime
diff --git a/extensions-contrib/opentelemetry-emitter/pom.xml b/extensions-contrib/opentelemetry-emitter/pom.xml
index d988333d9a56..da75b6c59998 100644
--- a/extensions-contrib/opentelemetry-emitter/pom.xml
+++ b/extensions-contrib/opentelemetry-emitter/pom.xml
@@ -38,8 +38,8 @@
1.14.0-alpha
- 30.1.1-jre
- 1.41.0
+ 32.0.1-jre
+ 1.41.3
diff --git a/extensions-core/avro-extensions/pom.xml b/extensions-core/avro-extensions/pom.xml
index ebaccea34104..1643ebcd18fa 100644
--- a/extensions-core/avro-extensions/pom.xml
+++ b/extensions-core/avro-extensions/pom.xml
@@ -35,7 +35,7 @@
0.1.3
- 5.5.1
+ 5.5.12
diff --git a/extensions-core/kubernetes-extensions/pom.xml b/extensions-core/kubernetes-extensions/pom.xml
index 7e3ba252b9cd..4a2149072db4 100644
--- a/extensions-core/kubernetes-extensions/pom.xml
+++ b/extensions-core/kubernetes-extensions/pom.xml
@@ -35,7 +35,7 @@
- 11.0.1
+ 11.0.4
@@ -84,13 +84,11 @@
org.bouncycastle
bcprov-jdk15on
- 1.69
runtime
org.bouncycastle
bcprov-ext-jdk15on
- 1.68
runtime
diff --git a/integration-tests-ex/cases/pom.xml b/integration-tests-ex/cases/pom.xml
index 4997427e3cbc..a74f2ccc86ef 100644
--- a/integration-tests-ex/cases/pom.xml
+++ b/integration-tests-ex/cases/pom.xml
@@ -316,6 +316,7 @@
curator-client
5.4.0
+
@@ -340,6 +341,7 @@
-->
org.glassfish.hk2.external:jakarta.inject
+ jakarta.inject:jakarta.inject-api
diff --git a/integration-tests/pom.xml b/integration-tests/pom.xml
index 18fd9958775c..df21c25e2f32 100644
--- a/integration-tests/pom.xml
+++ b/integration-tests/pom.xml
@@ -363,7 +363,7 @@
io.confluent
kafka-schema-registry-client
- 5.5.1
+ 5.5.12
org.slf4j
@@ -398,7 +398,7 @@
io.confluent
kafka-protobuf-provider
- 5.5.1
+ 5.5.12
provided
diff --git a/licenses.yaml b/licenses.yaml
index 8efba06fe842..2a78cbb1e145 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -13,7 +13,7 @@
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
-# under the License.
+# under the License.
name: conjunctive normal form conversion code, a variance aggregator algorithm, and Bloom filter adapted from Apache Hive
version:
@@ -178,7 +178,7 @@ name: AWS SDK for Java
license_category: binary
module: java-core
license_name: Apache License version 2.0
-version: 1.12.317
+version: 1.12.497
libraries:
- com.amazonaws: aws-java-sdk-core
- com.amazonaws: aws-java-sdk-ec2
@@ -590,7 +590,7 @@ name: Apache Commons Net
license_category: binary
module: java-core
license_name: Apache License version 2.0
-version: 3.6
+version: 3.9.0
libraries:
- commons-net: commons-net
@@ -871,7 +871,7 @@ name: kubernetes official java client
license_category: binary
module: extensions/druid-kubernetes-extensions
license_name: Apache License version 2.0
-version: 11.0.1
+version: 11.0.4
libraries:
- io.kubernetes: client-java
@@ -881,7 +881,7 @@ name: kubernetes official java client api
license_category: binary
module: extensions/druid-kubernetes-extensions
license_name: Apache License version 2.0
-version: 11.0.1
+version: 11.0.4
libraries:
- io.kubernetes: client-java-api
@@ -891,7 +891,7 @@ name: kubernetes official java client extended
license_category: binary
module: extensions/druid-kubernetes-extensions
license_name: Apache License version 2.0
-version: 11.0.1
+version: 11.0.4
libraries:
- io.kubernetes: client-java-extended
@@ -901,7 +901,7 @@ name: kubernetes fabric java client
license_category: binary
module: extensions-contrib/kubernetes-overlord-extensions
license_name: Apache License version 2.0
-version: 6.4.1
+version: 6.7.2
libraries:
- io.fabric8: kubernetes-client
@@ -1031,7 +1031,7 @@ name: io.kubernetes client-java-proto
license_category: binary
module: extensions/druid-kubernetes-extensions
license_name: Apache License version 2.0
-version: 11.0.1
+version: 11.0.4
libraries:
- io.kubernetes: client-java-proto
@@ -1041,7 +1041,7 @@ name: org.yaml snakeyaml
license_category: binary
module: extensions/druid-kubernetes-extensions
license_name: Apache License version 2.0
-version: 1.27
+version: 1.33
libraries:
- org.yaml: snakeyaml
@@ -1057,16 +1057,6 @@ libraries:
---
-name: org.bouncycastle bcprov-jdk15on
-license_category: binary
-module: extensions/druid-kubernetes-extensions
-license_name: MIT License
-version: 1.68
-libraries:
- - org.bouncycastle: bcprov-jdk15on
-
----
-
name: io.sundr resourcecify-annotations
license_category: binary
module: extensions/druid-kubernetes-extensions
@@ -1087,16 +1077,46 @@ libraries:
---
+name: org.bouncycastle bcprov-jdk15on
+license_category: binary
+module: extensions/druid-kubernetes-extensions
+license_name: MIT License
+version: "1.70"
+libraries:
+ - org.bouncycastle: bcprov-jdk15on
+
+---
+
name: org.bouncycastle bcprov-ext-jdk15on
license_category: binary
module: extensions/druid-kubernetes-extensions
license_name: MIT License
-version: 1.68
+version: "1.70"
libraries:
- org.bouncycastle: bcprov-ext-jdk15on
---
+name: org.bouncycastle bcpkix-jdk15on
+license_category: binary
+module: extensions/druid-kubernetes-extensions
+license_name: MIT License
+version: "1.70"
+libraries:
+ - org.bouncycastle: bcpkix-jdk15on
+
+---
+
+name: org.bouncycastle bcutil-jdk15on
+license_category: binary
+module: extensions/druid-kubernetes-extensions
+license_name: MIT License
+version: "1.70"
+libraries:
+ - org.bouncycastle: bcutil-jdk15on
+
+---
+
name: io.sundr sundr-core
license_category: binary
module: extensions/druid-kubernetes-extensions
@@ -1117,16 +1137,6 @@ libraries:
---
-name: org.bouncycastle bcpkix-jdk15on
-license_category: binary
-module: extensions/druid-kubernetes-extensions
-license_name: MIT License
-version: 1.66
-libraries:
- - org.bouncycastle: bcpkix-jdk15on
-
----
-
name: com.github.vladimir-bukhtoyarov bucket4j-core
license_category: binary
module: extensions/druid-kubernetes-extensions
@@ -1269,7 +1279,7 @@ name: Netty
license_category: binary
module: java-core
license_name: Apache License version 2.0
-version: 4.1.86.Final
+version: 4.1.94.Final
libraries:
- io.netty: netty-buffer
- io.netty: netty-codec
@@ -1611,7 +1621,7 @@ name: JSON Small and Fast Parser
license_category: binary
module: java-core
license_name: Apache License version 2.0
-version: 2.3
+version: 2.4.11
libraries:
- net.minidev: json-smart
@@ -2040,7 +2050,7 @@ name: Jetty
license_category: binary
module: java-core
license_name: Apache License version 2.0
-version: 9.4.48.v20220622
+version: 9.4.51.v20230217
libraries:
- org.eclipse.jetty: jetty-client
- org.eclipse.jetty: jetty-continuation
@@ -3089,7 +3099,7 @@ name: Apache Commons Net
license_category: binary
module: hadoop-client
license_name: Apache License version 2.0
-version: 3.1
+version: 3.9
libraries:
- commons-net: commons-net
notices:
@@ -3300,11 +3310,28 @@ notices:
Copyright 2007 The Apache Software Foundation
---
+name: JSON Small and Fast Parser
+license_category: binary
+module: druid-pac4j
+license_name: Apache License version 2.0
+version: 2.4.11
+libraries:
+ - net.minidev: json-smart
+---
+
+name: JSON Small and Fast Parser
+license_category: binary
+module: druid-pac4j
+license_name: Apache License version 2.0
+version: 2.4.11
+libraries:
+ - net.minidev: accessors-smart
+---
name: JSON Small and Fast Parser
license_category: binary
module: hadoop-client
license_name: Apache License version 2.0
-version: 1.1.1
+version: 2.4.11
libraries:
- net.minidev: json-smart
@@ -3521,8 +3548,17 @@ libraries:
---
-name: Kafka Schema Registry Client
-version: 5.5.1
+name: Kafka clients
+version: 5.5.12-ccs
+license_category: binary
+module: extensions/druid-avro-extensions
+license_name: Apache License version 2.0
+libraries:
+ - org.apache.kafka: kafka-clients
+
+---
+name: Kafka-schema-registry-client
+version: 5.5.12
license_category: binary
module: extensions/druid-avro-extensions
license_name: Apache License version 2.0
@@ -3533,6 +3569,27 @@ libraries:
---
+name: Swagger
+version: 1.6.2
+license_category: binary
+module: extensions/druid-avro-extensions
+license_name: Apache License version 2.0
+libraries:
+ - io.swagger: swagger-core
+ - io.swagger: swagger-models
+
+---
+
+name: Jackson Dataformat Yaml
+version: 2.10.5
+license_category: binary
+module: extensions/druid-avro-extensions
+license_name: Apache License version 2.0
+libraries:
+ - com.fasterxml.jackson.dataformat: jackson-dataformat-yaml
+
+---
+
name: Kinesis Client
license_category: binary
version: 1.14.4
@@ -3590,7 +3647,7 @@ module: extensions/druid-avro-extensions
license_name: Eclipse Public License 2.0
libraries:
- org.glassfish.hk2.external: jakarta.inject
-
+
---
name: jakarta.annotation
@@ -3600,7 +3657,7 @@ module: extensions/druid-avro-extensions
license_name: Eclipse Public License 2.0
libraries:
- jakarta.annotation: jakarta.annotation-api
-
+
---
name: javax.ws.rs-api
@@ -3610,7 +3667,7 @@ module: extensions/druid-avro-extensions
license_name: Eclipse Public License 2.0
libraries:
- javax.ws.rs: javax.ws.rs-api
-
+
---
name: jakarta.ws.rs-api
@@ -3620,7 +3677,7 @@ module: extensions/druid-avro-extensions
license_name: Eclipse Public License 2.0
libraries:
- jakarta.ws.rs: jakarta.ws.rs-api
-
+
---
name: Kafka Schema Registry Client 6.0.1
@@ -3855,25 +3912,25 @@ notices:
- kafka-clients: |
Apache Kafka
Copyright 2023 The Apache Software Foundation.
-
+
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
-
+
This distribution has a binary dependency on jersey, which is available under the CDDL
License. The source code of jersey can be found at https://github.com/jersey/jersey/.
-
+
This distribution has a binary test dependency on jqwik, which is available under
the Eclipse Public License 2.0. The source code can be found at
https://github.com/jlink/jqwik.
-
+
The streams-scala (streams/streams-scala) module was donated by Lightbend and the original code was copyrighted by them:
Copyright (C) 2018 Lightbend Inc.
Copyright (C) 2017-2018 Alexis Seigneurin.
-
+
This project contains the following code copied from Apache Hadoop:
clients/src/main/java/org/apache/kafka/common/utils/PureJavaCrc32C.java
Some portions of this file Copyright (c) 2004-2006 Intel Corporation and licensed under the BSD license.
-
+
This project contains the following code copied from Apache Hive:
streams/src/main/java/org/apache/kafka/streams/state/internals/Murmur3.java
@@ -4234,7 +4291,7 @@ name: PostgreSQL JDBC Driver
license_category: binary
module: extensions/druid-lookups-cached-single
license_name: BSD-2-Clause License
-version: 42.4.1
+version: 42.4.3
copyright: PostgreSQL Global Development Group
license_file_path: licenses/bin/postgresql.BSD2
libraries:
@@ -4246,7 +4303,7 @@ name: PostgreSQL JDBC Driver
license_category: binary
module: extensions/druid-lookups-cached-global
license_name: BSD-2-Clause License
-version: 42.4.1
+version: 42.4.3
copyright: PostgreSQL Global Development Group
license_file_path: licenses/bin/postgresql.BSD2
libraries:
@@ -4258,7 +4315,7 @@ name: PostgreSQL JDBC Driver
license_category: binary
module: extensions/postgresql-metadata-storage
license_name: BSD-2-Clause License
-version: 42.4.1
+version: 42.4.3
copyright: PostgreSQL Global Development Group
license_file_path: licenses/bin/postgresql.BSD2
libraries:
@@ -4729,7 +4786,7 @@ name: Google Compute Engine API
license_category: binary
module: extensions/gce-extensions
license_name: Apache License version 2.0
-version: v1-rev20190607-1.26.0
+version: v1-rev20190523-1.26.0
libraries:
- com.google.apis: google-api-services-compute
@@ -4739,7 +4796,7 @@ name: Google APIs Client Library For Java
license_category: binary
module: java-core
license_name: Apache License version 2.0
-version: 1.26.0
+version: 1.32.1
libraries:
- com.google.api-client: google-api-client
@@ -4749,7 +4806,7 @@ name: Google HTTP Client Library For Java
license_category: binary
module: java-core
license_name: Apache License version 2.0
-version: 1.26.0
+version: 1.35.2
libraries:
- com.google.http-client: google-http-client
- com.google.http-client: google-http-client-jackson2
@@ -4789,25 +4846,25 @@ notices:
- kafka-clients: |
Apache Kafka
Copyright 2023 The Apache Software Foundation.
-
+
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
-
+
This distribution has a binary dependency on jersey, which is available under the CDDL
License. The source code of jersey can be found at https://github.com/jersey/jersey/.
-
+
This distribution has a binary test dependency on jqwik, which is available under
the Eclipse Public License 2.0. The source code can be found at
https://github.com/jlink/jqwik.
-
+
The streams-scala (streams/streams-scala) module was donated by Lightbend and the original code was copyrighted by them:
Copyright (C) 2018 Lightbend Inc.
Copyright (C) 2017-2018 Alexis Seigneurin.
-
+
This project contains the following code copied from Apache Hadoop:
clients/src/main/java/org/apache/kafka/common/utils/PureJavaCrc32C.java
Some portions of this file Copyright (c) 2004-2006 Intel Corporation and licensed under the BSD license.
-
+
This project contains the following code copied from Apache Hive:
streams/src/main/java/org/apache/kafka/streams/state/internals/Murmur3.java
diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml
index 886750cad0ea..207cafb3bf70 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -258,23 +258,13 @@
CVE-2022-45693
CVE-2023-1436
-
-
-
- ^pkg:maven/org\.yaml/snakeyaml@1.6$
- CVE-2017-18640
- CVE-2022-25857
- CVE-2023-2251
- CVE-2022-3064
-
+
+
- CVE-2022-25857
CVE-2022-1471
CVE-2023-2251
@@ -595,7 +585,7 @@
CVE-2015-7430
CVE-2017-3162
-
+
^pkg:maven/org\.apache\.calcite/calcite\-core@.*$
CVE-2020-13955
-
-
-
- CVE-2022-31197
-
16.0.1
4.1.0
1.3
- 9.4.48.v20220622
+ 9.4.51.v20230217
1.19.4
2.10.5.20201202
1.9.13
@@ -104,8 +104,8 @@
5.1.49
2.7.3
3.10.6.Final
- 4.1.86.Final
- 42.4.1
+ 4.1.94.Final
+ 42.4.3
3.21.7
1.3.1
1.7.36
@@ -113,7 +113,7 @@
5.13.0
3.3.6
4.3.1
- 1.12.317
+ 1.12.497
2.8.0
0.8.7
5.3.6.Final
@@ -236,7 +236,7 @@
false
-
+
sigar
@@ -246,7 +246,7 @@
-
+
${repoOrgId}
@@ -284,7 +284,7 @@
commons-net
commons-net
- 3.6
+ 3.9.0
com.github.seancfoley
@@ -342,6 +342,36 @@
+
+ net.minidev
+ json-smart
+ 2.4.11
+
+
+ org.yaml
+ snakeyaml
+ 1.33
+
+
+ org.bouncycastle
+ bcprov-jdk15on
+ 1.70
+
+
+ org.bouncycastle
+ bcprov-ext-jdk15on
+ 1.70
+
+
+ org.bouncycastle
+ bcpkix-jdk15on
+ 1.70
+
+
+ org.bouncycastle
+ bcutil-jdk15on
+ 1.70
+
org.apache.zookeeper
zookeeper
@@ -756,7 +786,7 @@
org.xerial.snappy
snappy-java
- 1.1.8.4
+ 1.1.10.1
com.google.protobuf