From 5ef90310b76b25813c024ed4d0a10a5b73ebf031 Mon Sep 17 00:00:00 2001 From: Jan Werner Date: Thu, 29 Jun 2023 13:55:04 -0400 Subject: [PATCH 01/16] update dependencies to address several CVEs --- licenses.yaml | 48 ++++++++++++++++++++++++------------------------ pom.xml | 17 +++++++++++------ 2 files changed, 35 insertions(+), 30 deletions(-) diff --git a/licenses.yaml b/licenses.yaml index 8efba06fe842..4531fecda10d 100644 --- a/licenses.yaml +++ b/licenses.yaml @@ -13,7 +13,7 @@ # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations -# under the License. +# under the License. name: conjunctive normal form conversion code, a variance aggregator algorithm, and Bloom filter adapted from Apache Hive version: @@ -178,7 +178,7 @@ name: AWS SDK for Java license_category: binary module: java-core license_name: Apache License version 2.0 -version: 1.12.317 +version: 1.12.497 libraries: - com.amazonaws: aws-java-sdk-core - com.amazonaws: aws-java-sdk-ec2 @@ -590,7 +590,7 @@ name: Apache Commons Net license_category: binary module: java-core license_name: Apache License version 2.0 -version: 3.6 +version: 3.9.0 libraries: - commons-net: commons-net @@ -1041,7 +1041,7 @@ name: org.yaml snakeyaml license_category: binary module: extensions/druid-kubernetes-extensions license_name: Apache License version 2.0 -version: 1.27 +version: 1.33 libraries: - org.yaml: snakeyaml @@ -2040,7 +2040,7 @@ name: Jetty license_category: binary module: java-core license_name: Apache License version 2.0 -version: 9.4.48.v20220622 +version: 9.4.51.v20230217 libraries: - org.eclipse.jetty: jetty-client - org.eclipse.jetty: jetty-continuation @@ -3590,7 +3590,7 @@ module: extensions/druid-avro-extensions license_name: Eclipse Public License 2.0 libraries: - org.glassfish.hk2.external: jakarta.inject - + --- name: jakarta.annotation @@ -3600,7 +3600,7 @@ module: extensions/druid-avro-extensions license_name: Eclipse Public License 2.0 libraries: - jakarta.annotation: jakarta.annotation-api - + --- name: javax.ws.rs-api @@ -3610,7 +3610,7 @@ module: extensions/druid-avro-extensions license_name: Eclipse Public License 2.0 libraries: - javax.ws.rs: javax.ws.rs-api - + --- name: jakarta.ws.rs-api @@ -3620,7 +3620,7 @@ module: extensions/druid-avro-extensions license_name: Eclipse Public License 2.0 libraries: - jakarta.ws.rs: jakarta.ws.rs-api - + --- name: Kafka Schema Registry Client 6.0.1 @@ -3855,25 +3855,25 @@ notices: - kafka-clients: | Apache Kafka Copyright 2023 The Apache Software Foundation. - + This product includes software developed at The Apache Software Foundation (https://www.apache.org/). - + This distribution has a binary dependency on jersey, which is available under the CDDL License. The source code of jersey can be found at https://github.com/jersey/jersey/. - + This distribution has a binary test dependency on jqwik, which is available under the Eclipse Public License 2.0. The source code can be found at https://github.com/jlink/jqwik. - + The streams-scala (streams/streams-scala) module was donated by Lightbend and the original code was copyrighted by them: Copyright (C) 2018 Lightbend Inc. Copyright (C) 2017-2018 Alexis Seigneurin. - + This project contains the following code copied from Apache Hadoop: clients/src/main/java/org/apache/kafka/common/utils/PureJavaCrc32C.java Some portions of this file Copyright (c) 2004-2006 Intel Corporation and licensed under the BSD license. - + This project contains the following code copied from Apache Hive: streams/src/main/java/org/apache/kafka/streams/state/internals/Murmur3.java @@ -4234,7 +4234,7 @@ name: PostgreSQL JDBC Driver license_category: binary module: extensions/druid-lookups-cached-single license_name: BSD-2-Clause License -version: 42.4.1 +version: 42.4.3 copyright: PostgreSQL Global Development Group license_file_path: licenses/bin/postgresql.BSD2 libraries: @@ -4246,7 +4246,7 @@ name: PostgreSQL JDBC Driver license_category: binary module: extensions/druid-lookups-cached-global license_name: BSD-2-Clause License -version: 42.4.1 +version: 42.4.3 copyright: PostgreSQL Global Development Group license_file_path: licenses/bin/postgresql.BSD2 libraries: @@ -4258,7 +4258,7 @@ name: PostgreSQL JDBC Driver license_category: binary module: extensions/postgresql-metadata-storage license_name: BSD-2-Clause License -version: 42.4.1 +version: 42.4.3 copyright: PostgreSQL Global Development Group license_file_path: licenses/bin/postgresql.BSD2 libraries: @@ -4789,25 +4789,25 @@ notices: - kafka-clients: | Apache Kafka Copyright 2023 The Apache Software Foundation. - + This product includes software developed at The Apache Software Foundation (https://www.apache.org/). - + This distribution has a binary dependency on jersey, which is available under the CDDL License. The source code of jersey can be found at https://github.com/jersey/jersey/. - + This distribution has a binary test dependency on jqwik, which is available under the Eclipse Public License 2.0. The source code can be found at https://github.com/jlink/jqwik. - + The streams-scala (streams/streams-scala) module was donated by Lightbend and the original code was copyrighted by them: Copyright (C) 2018 Lightbend Inc. Copyright (C) 2017-2018 Alexis Seigneurin. - + This project contains the following code copied from Apache Hadoop: clients/src/main/java/org/apache/kafka/common/utils/PureJavaCrc32C.java Some portions of this file Copyright (c) 2004-2006 Intel Corporation and licensed under the BSD license. - + This project contains the following code copied from Apache Hive: streams/src/main/java/org/apache/kafka/streams/state/internals/Murmur3.java diff --git a/pom.xml b/pom.xml index 6d0d13374984..1daf8c947938 100644 --- a/pom.xml +++ b/pom.xml @@ -96,7 +96,7 @@ 16.0.1 4.1.0 1.3 - 9.4.48.v20220622 + 9.4.51.v20230217 1.19.4 2.10.5.20201202 1.9.13 @@ -105,7 +105,7 @@ 2.7.3 3.10.6.Final 4.1.86.Final - 42.4.1 + 42.4.3 3.21.7 1.3.1 1.7.36 @@ -113,7 +113,7 @@ 5.13.0 3.3.6 4.3.1 - 1.12.317 + 1.12.497 2.8.0 0.8.7 5.3.6.Final @@ -236,7 +236,7 @@ false - + sigar @@ -246,7 +246,7 @@ - + ${repoOrgId} @@ -284,7 +284,7 @@ commons-net commons-net - 3.6 + 3.9.0 com.github.seancfoley @@ -342,6 +342,11 @@ + + org.yaml + snakeyaml + 1.33 + org.apache.zookeeper zookeeper From f0f2896e091650ee33756c327a0c4422184118f0 Mon Sep 17 00:00:00 2001 From: Jan Werner Date: Thu, 29 Jun 2023 13:56:01 -0400 Subject: [PATCH 02/16] remove unnecessary entry for pgsql --- owasp-dependency-check-suppressions.xml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml index 886750cad0ea..076e18762afd 100644 --- a/owasp-dependency-check-suppressions.xml +++ b/owasp-dependency-check-suppressions.xml @@ -595,7 +595,7 @@ CVE-2015-7430 CVE-2017-3162 - + ^pkg:maven/org\.apache\.calcite/calcite\-core@.*$ CVE-2020-13955 - - - - CVE-2022-31197 - Date: Thu, 29 Jun 2023 14:37:08 -0400 Subject: [PATCH 03/16] google libraries versions uplift --- extensions-core/kubernetes-extensions/pom.xml | 6 +++--- licenses.yaml | 14 +++++++------- pom.xml | 6 +++--- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/extensions-core/kubernetes-extensions/pom.xml b/extensions-core/kubernetes-extensions/pom.xml index 7e3ba252b9cd..1ac2f7e44a1c 100644 --- a/extensions-core/kubernetes-extensions/pom.xml +++ b/extensions-core/kubernetes-extensions/pom.xml @@ -35,7 +35,7 @@ - 11.0.1 + 11.0.4 @@ -84,13 +84,13 @@ org.bouncycastle bcprov-jdk15on - 1.69 + 1.70 runtime org.bouncycastle bcprov-ext-jdk15on - 1.68 + 1.70 runtime diff --git a/licenses.yaml b/licenses.yaml index 4531fecda10d..fe96892b58cb 100644 --- a/licenses.yaml +++ b/licenses.yaml @@ -871,7 +871,7 @@ name: kubernetes official java client license_category: binary module: extensions/druid-kubernetes-extensions license_name: Apache License version 2.0 -version: 11.0.1 +version: 11.0.4 libraries: - io.kubernetes: client-java @@ -881,7 +881,7 @@ name: kubernetes official java client api license_category: binary module: extensions/druid-kubernetes-extensions license_name: Apache License version 2.0 -version: 11.0.1 +version: 11.0.4 libraries: - io.kubernetes: client-java-api @@ -891,7 +891,7 @@ name: kubernetes official java client extended license_category: binary module: extensions/druid-kubernetes-extensions license_name: Apache License version 2.0 -version: 11.0.1 +version: 11.0.4 libraries: - io.kubernetes: client-java-extended @@ -4719,7 +4719,7 @@ name: Google Cloud Storage JSON API license_category: binary module: extensions/druid-google-extensions license_name: Apache License version 2.0 -version: v1-rev20190523-1.26.0 +version: v1-rev20220705-1.32.1 libraries: - com.google.apis: google-api-services-storage @@ -4729,7 +4729,7 @@ name: Google Compute Engine API license_category: binary module: extensions/gce-extensions license_name: Apache License version 2.0 -version: v1-rev20190607-1.26.0 +version: v1-rev20220720-1.32.1 libraries: - com.google.apis: google-api-services-compute @@ -4739,7 +4739,7 @@ name: Google APIs Client Library For Java license_category: binary module: java-core license_name: Apache License version 2.0 -version: 1.26.0 +version: 1.32.1 libraries: - com.google.api-client: google-api-client @@ -4749,7 +4749,7 @@ name: Google HTTP Client Library For Java license_category: binary module: java-core license_name: Apache License version 2.0 -version: 1.26.0 +version: 1.35.2 libraries: - com.google.http-client: google-http-client - com.google.http-client: google-http-client-jackson2 diff --git a/pom.xml b/pom.xml index 1daf8c947938..358ddd072427 100644 --- a/pom.xml +++ b/pom.xml @@ -121,9 +121,9 @@ 3.5.10 2.5.7 - 1.26.0 - v1-rev20190607-${com.google.apis.client.version} - v1-rev20190523-${com.google.apis.client.version} + 1.32.1 + v1-rev20220705-${com.google.apis.client.version} + v1-rev20220705-${com.google.apis.client.version} maven.org Maven Central Repository From addfb1197fab051f7514c3a5a4e5405bf19f98b4 Mon Sep 17 00:00:00 2001 From: Jan Werner Date: Thu, 29 Jun 2023 14:42:30 -0400 Subject: [PATCH 04/16] updated notes for snakeyaml --- owasp-dependency-check-suppressions.xml | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml index 076e18762afd..207cafb3bf70 100644 --- a/owasp-dependency-check-suppressions.xml +++ b/owasp-dependency-check-suppressions.xml @@ -258,23 +258,13 @@ CVE-2022-45693 CVE-2023-1436 - - - - ^pkg:maven/org\.yaml/snakeyaml@1.6$ - CVE-2017-18640 - CVE-2022-25857 - CVE-2023-2251 - CVE-2022-3064 - + + - CVE-2022-25857 CVE-2022-1471 CVE-2023-2251 From f746c35232cb77950276f7bad34ce86bb40bf2d8 Mon Sep 17 00:00:00 2001 From: Jan Werner Date: Thu, 29 Jun 2023 22:39:57 -0400 Subject: [PATCH 05/16] update kubernetes libs, revert jackson --- extensions-contrib/kubernetes-overlord-extensions/pom.xml | 8 ++++---- licenses.yaml | 2 +- pom.xml | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/extensions-contrib/kubernetes-overlord-extensions/pom.xml b/extensions-contrib/kubernetes-overlord-extensions/pom.xml index 3ebcbfbf8d75..0c970ab3b671 100644 --- a/extensions-contrib/kubernetes-overlord-extensions/pom.xml +++ b/extensions-contrib/kubernetes-overlord-extensions/pom.xml @@ -104,7 +104,7 @@ io.fabric8 kubernetes-model-core - 6.4.1 + 6.7.2 javax.validation @@ -114,17 +114,17 @@ io.fabric8 kubernetes-model-batch - 6.4.1 + 6.7.2 io.fabric8 kubernetes-client-api - 6.4.1 + 6.7.2 io.fabric8 kubernetes-client - 6.4.1 + 6.7.2 runtime diff --git a/licenses.yaml b/licenses.yaml index fe96892b58cb..0796bbef8508 100644 --- a/licenses.yaml +++ b/licenses.yaml @@ -901,7 +901,7 @@ name: kubernetes fabric java client license_category: binary module: extensions-contrib/kubernetes-overlord-extensions license_name: Apache License version 2.0 -version: 6.4.1 +version: 6.7.2 libraries: - io.fabric8: kubernetes-client diff --git a/pom.xml b/pom.xml index 358ddd072427..1daf8c947938 100644 --- a/pom.xml +++ b/pom.xml @@ -121,9 +121,9 @@ 3.5.10 2.5.7 - 1.32.1 - v1-rev20220705-${com.google.apis.client.version} - v1-rev20220705-${com.google.apis.client.version} + 1.26.0 + v1-rev20190607-${com.google.apis.client.version} + v1-rev20190523-${com.google.apis.client.version} maven.org Maven Central Repository From bc923e8f8017bf23cfef27d7f571f0ecbf8a7b42 Mon Sep 17 00:00:00 2001 From: Jan Werner Date: Fri, 30 Jun 2023 13:06:11 -0400 Subject: [PATCH 06/16] update snappy json-smart testng --- licenses.yaml | 4 ++-- pom.xml | 9 +++++++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/licenses.yaml b/licenses.yaml index 0796bbef8508..1940bae4e83a 100644 --- a/licenses.yaml +++ b/licenses.yaml @@ -1611,7 +1611,7 @@ name: JSON Small and Fast Parser license_category: binary module: java-core license_name: Apache License version 2.0 -version: 2.3 +version: 2.4.11 libraries: - net.minidev: json-smart @@ -3304,7 +3304,7 @@ name: JSON Small and Fast Parser license_category: binary module: hadoop-client license_name: Apache License version 2.0 -version: 1.1.1 +version: 2.4.11 libraries: - net.minidev: json-smart diff --git a/pom.xml b/pom.xml index 1daf8c947938..f7773279f484 100644 --- a/pom.xml +++ b/pom.xml @@ -342,6 +342,11 @@ + + net.minidev + json-smart + 2.4.11 + org.yaml snakeyaml @@ -761,7 +766,7 @@ org.xerial.snappy snappy-java - 1.1.8.4 + 1.1.10.1 com.google.protobuf @@ -1151,7 +1156,7 @@ org.testng testng - 7.3.0 + 7.5.1 From 4cc121393efd9315127b06d7bf6950fc8bd97c79 Mon Sep 17 00:00:00 2001 From: Jan Werner Date: Fri, 30 Jun 2023 13:20:44 -0400 Subject: [PATCH 07/16] update guice and guava --- extensions-contrib/opentelemetry-emitter/pom.xml | 4 ++-- pom.xml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/extensions-contrib/opentelemetry-emitter/pom.xml b/extensions-contrib/opentelemetry-emitter/pom.xml index d988333d9a56..da75b6c59998 100644 --- a/extensions-contrib/opentelemetry-emitter/pom.xml +++ b/extensions-contrib/opentelemetry-emitter/pom.xml @@ -38,8 +38,8 @@ 1.14.0-alpha - 30.1.1-jre - 1.41.0 + 32.0.1-jre + 1.41.3 diff --git a/pom.xml b/pom.xml index f7773279f484..a8edc1460ee1 100644 --- a/pom.xml +++ b/pom.xml @@ -94,7 +94,7 @@ 2.11.0 8.5.4 16.0.1 - 4.1.0 + 4.2.3 1.3 9.4.51.v20230217 1.19.4 @@ -104,7 +104,7 @@ 5.1.49 2.7.3 3.10.6.Final - 4.1.86.Final + 4.1.94.Final 42.4.3 3.21.7 1.3.1 From d32b56924125fbf4be3b7a502507f7c7df61cf83 Mon Sep 17 00:00:00 2001 From: Jan Werner Date: Fri, 30 Jun 2023 13:51:11 -0400 Subject: [PATCH 08/16] revert guice update --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a8edc1460ee1..ab9cee28e5c4 100644 --- a/pom.xml +++ b/pom.xml @@ -94,7 +94,7 @@ 2.11.0 8.5.4 16.0.1 - 4.2.3 + 4.1.0 1.3 9.4.51.v20230217 1.19.4 From c71197484374db2351150014a0c3ea014f180348 Mon Sep 17 00:00:00 2001 From: Jan Werner Date: Mon, 3 Jul 2023 14:48:45 -0400 Subject: [PATCH 09/16] revert testng update --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ab9cee28e5c4..6b91d151be09 100644 --- a/pom.xml +++ b/pom.xml @@ -1156,7 +1156,7 @@ org.testng testng - 7.5.1 + 7.3.0 From 8b3a46447a556be8138a8966cc1f36af45e78a76 Mon Sep 17 00:00:00 2001 From: Jan Werner Date: Mon, 3 Jul 2023 14:56:29 -0400 Subject: [PATCH 10/16] update licenses file --- licenses.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/licenses.yaml b/licenses.yaml index 1940bae4e83a..6bc6b6029de8 100644 --- a/licenses.yaml +++ b/licenses.yaml @@ -1031,7 +1031,7 @@ name: io.kubernetes client-java-proto license_category: binary module: extensions/druid-kubernetes-extensions license_name: Apache License version 2.0 -version: 11.0.1 +version: 11.0.4 libraries: - io.kubernetes: client-java-proto @@ -1061,7 +1061,7 @@ name: org.bouncycastle bcprov-jdk15on license_category: binary module: extensions/druid-kubernetes-extensions license_name: MIT License -version: 1.68 +version: 1.70 libraries: - org.bouncycastle: bcprov-jdk15on @@ -1091,7 +1091,7 @@ name: org.bouncycastle bcprov-ext-jdk15on license_category: binary module: extensions/druid-kubernetes-extensions license_name: MIT License -version: 1.68 +version: 1.70 libraries: - org.bouncycastle: bcprov-ext-jdk15on @@ -1121,7 +1121,7 @@ name: org.bouncycastle bcpkix-jdk15on license_category: binary module: extensions/druid-kubernetes-extensions license_name: MIT License -version: 1.66 +version: 1.70 libraries: - org.bouncycastle: bcpkix-jdk15on @@ -1269,7 +1269,7 @@ name: Netty license_category: binary module: java-core license_name: Apache License version 2.0 -version: 4.1.86.Final +version: 4.1.94.Final libraries: - io.netty: netty-buffer - io.netty: netty-codec @@ -3089,7 +3089,7 @@ name: Apache Commons Net license_category: binary module: hadoop-client license_name: Apache License version 2.0 -version: 3.1 +version: 3.9 libraries: - commons-net: commons-net notices: From a65be6e837378144e0f87ba96f48af36ebbcab6e Mon Sep 17 00:00:00 2001 From: Jan Werner Date: Tue, 4 Jul 2023 10:40:33 -0400 Subject: [PATCH 11/16] add additional versions clean up license file --- extensions-core/avro-extensions/pom.xml | 2 +- extensions-core/kubernetes-extensions/pom.xml | 2 -- licenses.yaml | 19 ++++++++++++++++--- pom.xml | 10 ++++++++++ 4 files changed, 27 insertions(+), 6 deletions(-) diff --git a/extensions-core/avro-extensions/pom.xml b/extensions-core/avro-extensions/pom.xml index ebaccea34104..1643ebcd18fa 100644 --- a/extensions-core/avro-extensions/pom.xml +++ b/extensions-core/avro-extensions/pom.xml @@ -35,7 +35,7 @@ 0.1.3 - 5.5.1 + 5.5.12 diff --git a/extensions-core/kubernetes-extensions/pom.xml b/extensions-core/kubernetes-extensions/pom.xml index 1ac2f7e44a1c..4a2149072db4 100644 --- a/extensions-core/kubernetes-extensions/pom.xml +++ b/extensions-core/kubernetes-extensions/pom.xml @@ -84,13 +84,11 @@ org.bouncycastle bcprov-jdk15on - 1.70 runtime org.bouncycastle bcprov-ext-jdk15on - 1.70 runtime diff --git a/licenses.yaml b/licenses.yaml index 6bc6b6029de8..efa068b15042 100644 --- a/licenses.yaml +++ b/licenses.yaml @@ -3300,6 +3300,19 @@ notices: Copyright 2007 The Apache Software Foundation --- +name: Apache Log4j +license_category: binary +module: druid-pac4j +license_name: Apache License version 2.0 +version: 1.2.17 +libraries: + - log4j: log4j +notices: + - log4j: | + Apache log4j + Copyright 2007 The Apache Software Foundation +--- + name: JSON Small and Fast Parser license_category: binary module: hadoop-client @@ -3522,7 +3535,7 @@ libraries: --- name: Kafka Schema Registry Client -version: 5.5.1 +version: 5.5.15 license_category: binary module: extensions/druid-avro-extensions license_name: Apache License version 2.0 @@ -4719,7 +4732,7 @@ name: Google Cloud Storage JSON API license_category: binary module: extensions/druid-google-extensions license_name: Apache License version 2.0 -version: v1-rev20220705-1.32.1 +version: v1-rev20190523-1.26.0 libraries: - com.google.apis: google-api-services-storage @@ -4729,7 +4742,7 @@ name: Google Compute Engine API license_category: binary module: extensions/gce-extensions license_name: Apache License version 2.0 -version: v1-rev20220720-1.32.1 +version: v1-rev20190523-1.26.0 libraries: - com.google.apis: google-api-services-compute diff --git a/pom.xml b/pom.xml index 6b91d151be09..f44c1dd03660 100644 --- a/pom.xml +++ b/pom.xml @@ -352,6 +352,16 @@ snakeyaml 1.33 + + org.bouncycastle + bcprov-jdk15on + 1.70 + + + org.bouncycastle + bcprov-ext-jdk15on + 1.70 + org.apache.zookeeper zookeeper From a8b19179557dc0ed636ed8a634818bc2c1ae3fff Mon Sep 17 00:00:00 2001 From: Jan Werner Date: Tue, 4 Jul 2023 10:49:59 -0400 Subject: [PATCH 12/16] updataed confluent dependency, fixed the dependency license info --- integration-tests/pom.xml | 4 ++-- licenses.yaml | 10 +++------- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/integration-tests/pom.xml b/integration-tests/pom.xml index 18fd9958775c..df21c25e2f32 100644 --- a/integration-tests/pom.xml +++ b/integration-tests/pom.xml @@ -363,7 +363,7 @@ io.confluent kafka-schema-registry-client - 5.5.1 + 5.5.12 org.slf4j @@ -398,7 +398,7 @@ io.confluent kafka-protobuf-provider - 5.5.1 + 5.5.12 provided diff --git a/licenses.yaml b/licenses.yaml index efa068b15042..f02493a5b20e 100644 --- a/licenses.yaml +++ b/licenses.yaml @@ -3300,17 +3300,13 @@ notices: Copyright 2007 The Apache Software Foundation --- -name: Apache Log4j +name: JSON Small and Fast Parser license_category: binary module: druid-pac4j license_name: Apache License version 2.0 -version: 1.2.17 +version: 2.4.11 libraries: - - log4j: log4j -notices: - - log4j: | - Apache log4j - Copyright 2007 The Apache Software Foundation + - net.minidev: json-smart --- name: JSON Small and Fast Parser From 4292678502de88770bdc56c91e374f0aa029c718 Mon Sep 17 00:00:00 2001 From: Jan Werner Date: Tue, 4 Jul 2023 23:56:29 -0400 Subject: [PATCH 13/16] cleaning up licenses and dependency versions --- licenses.yaml | 50 +++++++++++++++++++++++++++++++++++++++++++++++++- pom.xml | 10 ++++++++++ 2 files changed, 59 insertions(+), 1 deletion(-) diff --git a/licenses.yaml b/licenses.yaml index f02493a5b20e..8167a36732a4 100644 --- a/licenses.yaml +++ b/licenses.yaml @@ -1127,6 +1127,16 @@ libraries: --- +name: org.bouncycastle bcutil-jdk15on +license_category: binary +module: extensions/druid-kubernetes-extensions +license_name: MIT License +version: 1.70 +libraries: + - org.bouncycastle: bcutil-jdk15on + +--- + name: com.github.vladimir-bukhtoyarov bucket4j-core license_category: binary module: extensions/druid-kubernetes-extensions @@ -3309,6 +3319,14 @@ libraries: - net.minidev: json-smart --- +name: JSON Small and Fast Parser +license_category: binary +module: druid-pac4j +license_name: Apache License version 2.0 +version: 2.4.11 +libraries: + - net.minidev: accessors-smart +--- name: JSON Small and Fast Parser license_category: binary module: hadoop-client @@ -3531,7 +3549,16 @@ libraries: --- name: Kafka Schema Registry Client -version: 5.5.15 +version: 5.5.12 +license_category: binary +module: extensions/druid-avro-extensions +license_name: Apache License version 2.0 +libraries: + - org.apache.kafka: kafka-clients + +--- +name: Kafka Clients +version: 5.5.12-ccs license_category: binary module: extensions/druid-avro-extensions license_name: Apache License version 2.0 @@ -3542,6 +3569,27 @@ libraries: --- +name: Swagger +version: 1.6.2 +license_category: binary +module: extensions/druid-avro-extensions +license_name: Apache License version 2.0 +libraries: + - io.swagger: swagger-core + - io.swagger: swagger-models + +--- + +name: Jackson Dataformat Yaml +version: 2.10.5 +license_category: binary +module: extensions/druid-avro-extensions +license_name: Apache License version 2.0 +libraries: + - com.fasterxml.jackson.dataformat, artifactId : jackson-dataformat-yaml + +--- + name: Kinesis Client license_category: binary version: 1.14.4 diff --git a/pom.xml b/pom.xml index f44c1dd03660..42b98e7bd2a3 100644 --- a/pom.xml +++ b/pom.xml @@ -362,6 +362,16 @@ bcprov-ext-jdk15on 1.70 + + org.bouncycastle + bcpkix-jdk15on + 1.70 + + + org.bouncycastle + bcutil-jdk15on + 1.70 + org.apache.zookeeper zookeeper From 2d67e09bed0ce3933d0a8c74a11afbc81dca93e5 Mon Sep 17 00:00:00 2001 From: Jan Werner Date: Wed, 5 Jul 2023 22:45:57 -0400 Subject: [PATCH 14/16] sort bouncycastle licenses, fix kafka / confluent package names --- licenses.yaml | 62 +++++++++++++++++++++++++-------------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/licenses.yaml b/licenses.yaml index 8167a36732a4..11652a690649 100644 --- a/licenses.yaml +++ b/licenses.yaml @@ -1057,16 +1057,6 @@ libraries: --- -name: org.bouncycastle bcprov-jdk15on -license_category: binary -module: extensions/druid-kubernetes-extensions -license_name: MIT License -version: 1.70 -libraries: - - org.bouncycastle: bcprov-jdk15on - ---- - name: io.sundr resourcecify-annotations license_category: binary module: extensions/druid-kubernetes-extensions @@ -1087,33 +1077,23 @@ libraries: --- -name: org.bouncycastle bcprov-ext-jdk15on +name: org.bouncycastle bcprov-jdk15on license_category: binary module: extensions/druid-kubernetes-extensions license_name: MIT License version: 1.70 libraries: - - org.bouncycastle: bcprov-ext-jdk15on - ---- - -name: io.sundr sundr-core -license_category: binary -module: extensions/druid-kubernetes-extensions -license_name: Apache License version 2.0 -version: 0.22.0 -libraries: - - io.sundr: sundr-core + - org.bouncycastle: bcprov-jdk15on --- -name: com.squareup.okhttp3 logging-interceptor +name: org.bouncycastle bcprov-ext-jdk15on license_category: binary module: extensions/druid-kubernetes-extensions -license_name: Apache License version 2.0 -version: 3.14.9 +license_name: MIT License +version: 1.70 libraries: - - com.squareup.okhttp3: logging-interceptor + - org.bouncycastle: bcprov-ext-jdk15on --- @@ -1137,6 +1117,26 @@ libraries: --- +name: io.sundr sundr-core +license_category: binary +module: extensions/druid-kubernetes-extensions +license_name: Apache License version 2.0 +version: 0.22.0 +libraries: + - io.sundr: sundr-core + +--- + +name: com.squareup.okhttp3 logging-interceptor +license_category: binary +module: extensions/druid-kubernetes-extensions +license_name: Apache License version 2.0 +version: 3.14.9 +libraries: + - com.squareup.okhttp3: logging-interceptor + +--- + name: com.github.vladimir-bukhtoyarov bucket4j-core license_category: binary module: extensions/druid-kubernetes-extensions @@ -3548,8 +3548,8 @@ libraries: --- -name: Kafka Schema Registry Client -version: 5.5.12 +name: Kafka clients +version: 5.5.12-ccs license_category: binary module: extensions/druid-avro-extensions license_name: Apache License version 2.0 @@ -3557,8 +3557,8 @@ libraries: - org.apache.kafka: kafka-clients --- -name: Kafka Clients -version: 5.5.12-ccs +name: Kafka-schema-registry-client +version: 5.5.12 license_category: binary module: extensions/druid-avro-extensions license_name: Apache License version 2.0 @@ -3586,7 +3586,7 @@ license_category: binary module: extensions/druid-avro-extensions license_name: Apache License version 2.0 libraries: - - com.fasterxml.jackson.dataformat, artifactId : jackson-dataformat-yaml + - com.fasterxml.jackson.dataformat: jackson-dataformat-yaml --- From 8a9b55e04b670220096af07f3d57a08b8165ace1 Mon Sep 17 00:00:00 2001 From: Jan Werner Date: Thu, 6 Jul 2023 09:51:07 -0400 Subject: [PATCH 15/16] enclose versions in quotes --- licenses.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/licenses.yaml b/licenses.yaml index 11652a690649..2a78cbb1e145 100644 --- a/licenses.yaml +++ b/licenses.yaml @@ -1081,7 +1081,7 @@ name: org.bouncycastle bcprov-jdk15on license_category: binary module: extensions/druid-kubernetes-extensions license_name: MIT License -version: 1.70 +version: "1.70" libraries: - org.bouncycastle: bcprov-jdk15on @@ -1091,7 +1091,7 @@ name: org.bouncycastle bcprov-ext-jdk15on license_category: binary module: extensions/druid-kubernetes-extensions license_name: MIT License -version: 1.70 +version: "1.70" libraries: - org.bouncycastle: bcprov-ext-jdk15on @@ -1101,7 +1101,7 @@ name: org.bouncycastle bcpkix-jdk15on license_category: binary module: extensions/druid-kubernetes-extensions license_name: MIT License -version: 1.70 +version: "1.70" libraries: - org.bouncycastle: bcpkix-jdk15on @@ -1111,7 +1111,7 @@ name: org.bouncycastle bcutil-jdk15on license_category: binary module: extensions/druid-kubernetes-extensions license_name: MIT License -version: 1.70 +version: "1.70" libraries: - org.bouncycastle: bcutil-jdk15on From bf8034e40f1726eede3a4c2c0db477af933ee767 Mon Sep 17 00:00:00 2001 From: Jan Werner Date: Thu, 6 Jul 2023 12:54:22 -0400 Subject: [PATCH 16/16] adding another jakarta library to dependency analysis exclusion --- integration-tests-ex/cases/pom.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/integration-tests-ex/cases/pom.xml b/integration-tests-ex/cases/pom.xml index 4997427e3cbc..a74f2ccc86ef 100644 --- a/integration-tests-ex/cases/pom.xml +++ b/integration-tests-ex/cases/pom.xml @@ -316,6 +316,7 @@ curator-client 5.4.0 + @@ -340,6 +341,7 @@ --> org.glassfish.hk2.external:jakarta.inject + jakarta.inject:jakarta.inject-api