Skip to content

Commit 8d2bba8

Browse files
Merge pull request #14 from maxbettercloud/deps-update
More security updates
2 parents 61e7490 + a9a18ea commit 8d2bba8

File tree

4 files changed

+56
-9
lines changed

4 files changed

+56
-9
lines changed

CHANGELOG.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
History
22
-------
33

4+
* **3.2.0**: Updating dependencies to fix Snyk issues
5+
46
* **3.1.0**: Bumps hbase-client version to 2.4.13
57

68
* **3.0.0**: Bumps jacksonVersion and bigtableVersion to address security vulnerabilities, removes hbase-shaded-client and pulls in the standard hbase-client

build.gradle

Lines changed: 31 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
group = 'com.bettercloud'
2-
version = '3.1.0'
2+
version = '3.2.0'
33

44
ext.isReleaseVersion = !version.endsWith('SNAPSHOT')
55

@@ -19,16 +19,28 @@ if (!hasProperty('nexusPassword')) {
1919
ext.nexusPassword = ''
2020
}
2121

22+
repositories {
23+
mavenLocal()
24+
}
25+
2226
allprojects {
23-
apply plugin: 'maven'
2427
apply plugin: 'java-library'
28+
apply plugin: 'maven'
29+
apply plugin: 'maven-publish'
2530

2631
sourceCompatibility = JavaVersion.VERSION_1_8
2732
targetCompatibility = JavaVersion.VERSION_1_8
2833

2934
repositories {
3035
mavenCentral()
3136
}
37+
38+
configurations.all {
39+
exclude group: 'log4j'
40+
// see https://www.slf4j.org/codes.html#log4jDelegationLoop
41+
exclude group: 'org.slf4j', module: 'slf4j-log4j12'
42+
exclude group: 'org.slf4j', module: 'slf4j-reload4j'
43+
}
3244
}
3345

3446
subprojects {
@@ -39,6 +51,15 @@ subprojects {
3951
version = rootProject.version
4052

4153
dependencies {
54+
constraints {
55+
implementation('net.minidev:json-smart:2.4.8') {
56+
because('CWE-400, CVE-2021-27568 - Denial of Service')
57+
}
58+
}
59+
60+
// see https://www.slf4j.org/legacy.html
61+
implementation "org.slf4j:log4j-over-slf4j:$log4jOverSlf4jVersion"
62+
4263
testImplementation "junit:junit:$junitVersion"
4364
testImplementation "org.mockito:mockito-core:$mockitoVersion"
4465
}
@@ -62,6 +83,14 @@ subprojects {
6283
sign configurations.archives
6384
}
6485

86+
publishing {
87+
publications {
88+
maven(MavenPublication) {
89+
from components.java
90+
}
91+
}
92+
}
93+
6594
uploadArchives {
6695
repositories {
6796
mavenDeployer {

core/build.gradle

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,5 +3,15 @@ dependencies {
33
exclude group: 'org.apache.hbase', module: 'hbase-shaded-client'
44
}
55
api "com.fasterxml.jackson.core:jackson-databind:$jacksonVersion"
6-
api "org.apache.hbase:hbase-client:$hbaseClientVersion"
6+
api ("org.apache.hbase:hbase-client:$hbaseClientVersion") {
7+
exclude group: 'org.apache.hadoop', module: 'hadoop-common'
8+
exclude group: 'org.apache.zookeeper', module: 'zookeeper'
9+
}
10+
api ("org.apache.hadoop:hadoop-common:$hadoopCommonVersion") {
11+
exclude group: 'org.apache.zookeeper', module: 'zookeeper'
12+
}
13+
implementation ("org.apache.zookeeper:zookeeper:$zookeeperVersion") {
14+
exclude group: 'io.netty', module: 'netty-handler'
15+
}
16+
implementation "io.netty:netty-handler:$nettyVersion"
717
}

gradle.properties

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,14 @@
1-
bigtableVersion=2.4.0
1+
autoServiceVersion=1.0.1
2+
bigtableVersion=2.5.0
23
jacksonVersion=2.13.3
3-
autoServiceVersion=1.0-rc4
4-
hbaseClientVersion=2.4.13
54
javaPoetVersion=1.11.1
6-
junitVersion=4.12
7-
mockitoVersion=2.24.0
8-
compileTestingVersion=0.15
5+
hadoopCommonVersion=2.10.2
6+
hbaseClientVersion=2.4.13
7+
log4jOverSlf4jVersion=1.7.36
8+
nettyVersion=4.1.79.Final
9+
zookeeperVersion=3.5.10
10+
11+
# Tests
12+
compileTestingVersion=0.19
13+
junitVersion=4.13.2
14+
mockitoVersion=2.24.0

0 commit comments

Comments
 (0)