From 2f9e8dfcf3a230cc349d08108f9b2994aec7bcc3 Mon Sep 17 00:00:00 2001 From: exceptionfactory Date: Wed, 25 Oct 2023 15:02:47 -0500 Subject: [PATCH] NIFI-12276 Addressed Dependency Check Findings - Added dependency-check GitHub workflow - Upgraded Janino Commons Compiler from 3.1.9 to 3.1.10 - Upgraded Azure SDK BOM from 1.2.16 to 1.2.17 - Upgraded GCP SDK BOM from 26.17.0 to 26.25.0 - Upgraded AWS SDK from 1.12.550 to 1.12.573 - Upgraded Hazelcast from 5.3.2 to 5.3.5 - Upgraded Jersey from 2.40 to 2.41 - Upgraded Camel Salesforce from 3.14.5 to 3.14.9 - Unified ZooKeeper versioning on 3.9.1 - Applied Groovy 2.4.21 to Hive 3 and Iceberg components - Applied gRPC version 1.59.0 to Asana components - Applied Jettison 1.5.4 to Atlas and Hive 3 components - Managed JUnit 4 version to 4.13.2 for MockWebServer - Excluded HBase libraries from Hive 3 following Iceberg approach - Excluded Htrace from HBase components - Upgraded OWASP Dependency Check from 8.4.0 to 8.4.2 - Removed non-applicable dependency check suppressions - Added dependency check suppressions for non-applicable findings --- .github/workflows/dependency-check.yml | 70 ++++ README.md | 1 + minifi/minifi-c2/minifi-c2-assembly/pom.xml | 7 + minifi/pom.xml | 12 + nifi-commons/nifi-calcite-utils/pom.xml | 16 + .../nifi-property-protection-azure/pom.xml | 2 +- .../nifi-property-protection-gcp/pom.xml | 2 +- nifi-dependency-check-maven/suppressions.xml | 345 ++++++++++++++---- nifi-nar-bundles/nifi-accumulo-bundle/pom.xml | 12 - nifi-nar-bundles/nifi-asana-bundle/pom.xml | 6 + nifi-nar-bundles/nifi-atlas-bundle/pom.xml | 6 + nifi-nar-bundles/nifi-azure-bundle/pom.xml | 2 +- nifi-nar-bundles/nifi-box-bundle/pom.xml | 11 + .../nifi-framework-bundle/pom.xml | 5 - nifi-nar-bundles/nifi-gcp-bundle/pom.xml | 2 +- .../nifi-graph-test-clients/pom.xml | 7 + .../nifi-hazelcast-services/pom.xml | 15 +- .../nifi-hive-test-utils/pom.xml | 6 + .../nifi-hive3-processors/pom.xml | 21 ++ nifi-nar-bundles/nifi-hive-bundle/pom.xml | 29 +- .../nifi-iceberg-processors/pom.xml | 8 + nifi-nar-bundles/nifi-iceberg-bundle/pom.xml | 18 +- nifi-nar-bundles/nifi-ranger-bundle/pom.xml | 12 +- .../nifi-salesforce-processors/pom.xml | 2 +- nifi-nar-bundles/nifi-spark-bundle/pom.xml | 12 - .../nifi-sql-reporting-bundle/pom.xml | 11 + nifi-nar-bundles/nifi-standard-bundle/pom.xml | 11 + .../nifi-hbase_2-client-service/pom.xml | 4 + .../pom.xml | 12 - .../nifi-registry-ranger/pom.xml | 6 - pom.xml | 22 +- 31 files changed, 516 insertions(+), 179 deletions(-) create mode 100644 .github/workflows/dependency-check.yml diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml new file mode 100644 index 000000000000..1829c157adea --- /dev/null +++ b/.github/workflows/dependency-check.yml @@ -0,0 +1,70 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +name: dependency-check + +on: + schedule: + - cron: "0 3 * * *" + push: + paths: + - '**/pom.xml' + pull_request: + paths: + - '**/pom.xml' + +env: + DEFAULT_MAVEN_OPTS: >- + -Dorg.slf4j.simpleLogger.defaultLogLevel=WARN + -Daether.connector.http.retryHandler.count=5 + -Daether.connector.http.connectionMaxTtl=30 + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + build: + timeout-minutes: 30 + runs-on: ubuntu-latest + name: Dependency Check + steps: + - name: Checkout Code + uses: actions/checkout@v4 + - name: Set up Java Zulu 21 + uses: actions/setup-java@v3 + with: + distribution: 'zulu' + java-version: 21 + cache: 'maven' + - name: Run Dependency Check + env: + MAVEN_OPTS: >- + ${{ env.DEFAULT_MAVEN_OPTS }} + run: > + ./mvnw + --no-transfer-progress + --activate-profiles dependency-check + validate + - name: Upload Report + uses: actions/upload-artifact@v3 + with: + name: dependency-check-report + path: | + target/dependency-check-report.html + retention-days: 7 diff --git a/README.md b/README.md index 7dd6d2960588..99a82f04499f 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ [![system-tests](https://github.com/apache/nifi/workflows/system-tests/badge.svg)](https://github.com/apache/nifi/actions/workflows/system-tests.yml) [![integration-tests](https://github.com/apache/nifi/actions/workflows/integration-tests.yml/badge.svg)](https://github.com/apache/nifi/actions/workflows/integration-tests.yml) [![docker-tests](https://github.com/apache/nifi/actions/workflows/docker-tests.yml/badge.svg)](https://github.com/apache/nifi/actions/workflows/docker-tests.yml) +[![dependency-check](https://github.com/apache/nifi/workflows/dependency-check/badge.svg)](https://github.com/apache/nifi/actions/workflows/dependency-check.yml) [![Docker pulls](https://img.shields.io/docker/pulls/apache/nifi.svg)](https://hub.docker.com/r/apache/nifi/) [![Version](https://img.shields.io/maven-central/v/org.apache.nifi/nifi-utils.svg)](https://nifi.apache.org/download.html) [![Slack](https://img.shields.io/badge/chat-on%20Slack-brightgreen.svg)](https://s.apache.org/nifi-community-slack) diff --git a/minifi/minifi-c2/minifi-c2-assembly/pom.xml b/minifi/minifi-c2/minifi-c2-assembly/pom.xml index 2e47aeeb87e0..b4da03791536 100644 --- a/minifi/minifi-c2/minifi-c2-assembly/pom.xml +++ b/minifi/minifi-c2/minifi-c2-assembly/pom.xml @@ -155,6 +155,13 @@ limitations under the License. org.glassfish.jersey.containers jersey-container-jetty-http + + + + org.eclipse.jetty + jetty-continuation + + org.glassfish.jersey.containers diff --git a/minifi/pom.xml b/minifi/pom.xml index ad9ff08f71b0..e927eae4d2ce 100644 --- a/minifi/pom.xml +++ b/minifi/pom.xml @@ -451,6 +451,18 @@ limitations under the License. guava 32.1.2-jre + + + + org.codehaus.janino + commons-compiler + 3.1.10 + + + org.codehaus.janino + janino + 3.1.10 + diff --git a/nifi-commons/nifi-calcite-utils/pom.xml b/nifi-commons/nifi-calcite-utils/pom.xml index d0a50f575806..833090ec5857 100644 --- a/nifi-commons/nifi-calcite-utils/pom.xml +++ b/nifi-commons/nifi-calcite-utils/pom.xml @@ -25,6 +25,22 @@ nifi-calcite-utils nifi-calcite-utils + + + + + org.codehaus.janino + commons-compiler + 3.1.10 + + + org.codehaus.janino + janino + 3.1.10 + + + + org.apache.nifi diff --git a/nifi-commons/nifi-property-protection-azure/pom.xml b/nifi-commons/nifi-property-protection-azure/pom.xml index 253526fbf148..664744206413 100644 --- a/nifi-commons/nifi-property-protection-azure/pom.xml +++ b/nifi-commons/nifi-property-protection-azure/pom.xml @@ -26,7 +26,7 @@ com.azure azure-sdk-bom - 1.2.16 + 1.2.17 import pom diff --git a/nifi-commons/nifi-property-protection-gcp/pom.xml b/nifi-commons/nifi-property-protection-gcp/pom.xml index 55c422712f61..cde1db53d733 100644 --- a/nifi-commons/nifi-property-protection-gcp/pom.xml +++ b/nifi-commons/nifi-property-protection-gcp/pom.xml @@ -22,7 +22,7 @@ nifi-property-protection-gcp - 26.17.0 + 26.25.0 32.1.2-jre diff --git a/nifi-dependency-check-maven/suppressions.xml b/nifi-dependency-check-maven/suppressions.xml index e4e0cdac1dad..4aabb50d94cb 100644 --- a/nifi-dependency-check-maven/suppressions.xml +++ b/nifi-dependency-check-maven/suppressions.xml @@ -34,36 +34,6 @@ ^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$ CVE-2020-5408 - - Apache Hive vulnerabilities do not apply to Flume Hive Sink - ^pkg:maven/org\.apache\.flume\.flume\-ng\-sinks/flume\-hive\-sink@.*$ - cpe:/a:apache:hive - - - Apache Kafka vulnerabilities do not apply to Flume Kafka Sink - ^pkg:maven/org\.apache\.flume\.flume\-ng\-sinks/flume\-ng\-kafka\-sink@.*$ - cpe:/a:apache:kafka - - - Apache Kafka vulnerabilities do not apply to Flume Kafka Source - ^pkg:maven/org\.apache\.flume\.flume\-ng\-sources/flume\-kafka\-source@.*$ - cpe:/a:apache:kafka - - - Apache Kafka vulnerabilities do not apply to Flume Shared Kafka - ^pkg:maven/org\.apache\.flume\.flume\-shared/flume\-shared\-kafka@.*$ - cpe:/a:apache:kafka - - - Apache HBase vulnerabilities do not apply to Flume HBase Sink - ^pkg:maven/org\.apache\.flume\.flume\-ng\-sinks/flume\-ng\-hbase\-sink@.*$ - cpe:/a:apache:hbase - - - Apache Solr vulnerabilities do not apply to Flume Solr Sink - ^pkg:maven/org\.apache\.flume\.flume\-ng\-sinks/flume\-ng\-morphline\-solr\-sink@.*$ - cpe:/a:apache:solr - CVE-2017-10355 does not apply to Xerces 2.12.2 ^pkg:maven/xerces/xercesImpl@.*$ @@ -74,26 +44,11 @@ ^pkg:maven/org\.apache\.calcite\/calcite-druid@.*$ CVE-2020-13955 - - CVE-2018-8025 applies to HBase Server not HBase Client - ^pkg:maven/org\.apache\.hbase/hbase\-client@.*$ - CVE-2018-8025 - - - CVE-2019-0212 applies to HBase Server not HBase Client - ^pkg:maven/org\.apache\.hbase/hbase\-client@.*$ - CVE-2019-0212 - CVE-2007-6465 applies to Ganglia Server not Ganglia client libraries ^pkg:maven/com\.yammer\.metrics/metrics\-ganglia@.*$ CVE-2007-6465 - - CVE-2021-43045 applies to the Apache Avro .NET SDK and not to the Java SDK - ^pkg:maven/org\.apache\.avro/avro@.*$ - CVE-2021-43045 - CVE-2022-31159 applies to AWS S3 library not the SWF libraries ^pkg:maven/com\.amazonaws/aws\-java\-sdk\-swf\-libraries@.*$ @@ -114,16 +69,6 @@ ^pkg:maven/org\.elasticsearch/elasticsearch@7.*$ ^cpe:/a:elastic.*$ - - Elasticsearch Server CVE-2020-7009 does not apply to elasticsearch client libraries - ^pkg:maven/org\.elasticsearch/elasticsearch.*$ - CVE-2020-7009 - - - Elasticsearch Server CVE-2020-7014 does not apply to elasticsearch client libraries - ^pkg:maven/org\.elasticsearch/elasticsearch.*$ - CVE-2020-7014 - CVE-2021-22145 applies to Elasticsearch Server not client libraries ^pkg:maven/org\.elasticsearch/elasticsearch@.*$ @@ -154,11 +99,6 @@ ^pkg:maven/org\.apache\.calcite/calcite\-druid@.*$ CVE-2022-39135 - - CVE-2018-1000873 applies to Jackson Java 8 Time modules not Jackson Annotations - ^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-annotations@.*$ - CVE-2018-1000873 - CVE-2010-1151 applies to mod_auth_shadow in Apache HTTP Server not the FTP server library ^pkg:maven/org\.apache\.ftpserver/.*$ @@ -204,31 +144,11 @@ ^pkg:maven/org\.apache\.hive/hive\-storage\-api@.*$ CVE-2021-34538 - - CVE-2018-8025 applies to HBase server not the shaded libraries - ^pkg:maven/org\.apache\.hbase\.thirdparty/hbase\-shaded\-.*$ - CVE-2018-8025 - - - CVE-2018-8025 applies to HBase Server not HBase libraries - ^pkg:maven/org\.apache\.hbase/hbase\-.*$ - CVE-2018-8025 - - - CVE-2019-0212 applies to HBase Server not HBase libraries - ^pkg:maven/org\.apache\.hbase/hbase\-.*$ - CVE-2019-0212 - Hadoop vulnerabilities do not apply to HBase Hadoop2 compatibility library ^pkg:maven/org\.apache\.hbase/hbase\-hadoop2\-compat@.*$ cpe:/a:apache:hadoop - - CVE-2022-45688 applies to hutools-json not org.json - ^pkg:maven/org\.json/json@.*$ - CVE-2022-45688 - The Jackson maintainers dispute the applicability of CVE-2023-35116 based on cyclic nature of reported concern ^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$ @@ -259,4 +179,269 @@ ^pkg:maven/io\.netty/netty.*?@.*$ CVE-2022-41915 + + CVE-2023-34462 applies to Netty servers using SniHandler not Netty 4.1 shaded for Couchbase and HBase 2 + ^pkg:maven/io\.netty/netty.*$ + CVE-2023-34462 + + + The Square Wire framework is not the same as the Wire secure communication application + ^pkg:maven/com\.squareup\.wire/.*$ + cpe:/a:wire:wire + + + CVE-2023-44487 applies to Solr Server not Solr client libraries + ^pkg:maven/org\.apache\.solr/solr\-solrj@.*$ + CVE-2023-44487 + + + Quartz maintainers dispute CVE-2023-39017 because it requires code injection from external users + ^pkg:maven/org\.quartz\-scheduler/quartz@.*$ + CVE-2023-39017 + + + Avro project vulnerabilities do not apply to Parquet Avro + ^pkg:maven/org\.apache\.parquet/parquet\-avro@.*$ + cpe:/a:avro_project:avro + + + CVE-2023-4759 is resolved in 6.7.0 which is already upgraded in nifi-registry + ^pkg:maven/org\.eclipse\.jgit/.*$ + CVE-2023-4759 + + + CVE-2023-4586 is resolved in Netty 4.1.100 which is already upgraded + ^pkg:maven/io\.netty/netty.*$ + CVE-2023-4586 + + + CVE-2023-35887 applies to MINA SSHD not MINA core libraries + ^pkg:maven/org\.apache\.mina/mina\-core@.*$ + CVE-2023-35887 + + + CVE-2016-5397 applies to Apache Thrift Go not Java + ^pkg:maven/org\.apache\.thrift/libthrift@.*$ + CVE-2016-5397 + + + CVE-2019-0210 applies to Apache Thrift Go server not Java + ^pkg:maven/org\.apache\.thrift/libthrift@.*$ + CVE-2019-0210 + + + CVE-2018-11798 applies Apache Thrift Node.js not Java + ^pkg:maven/org\.apache\.thrift/libthrift@.*$ + CVE-2018-11798 + + + CVE-2019-11939 applies to Thrift Servers in Go not Java + ^pkg:maven/org\.apache\.thrift/libfb303@.*$ + CVE-2019-11939 + + + CVE-2019-3552 applies to Thrift Servers in CPP not Java + ^pkg:maven/org\.apache\.thrift/libfb303@.*$ + CVE-2019-3552 + + + CVE-2019-3553 applies to Thrift Servers in CPP not Java + ^pkg:maven/org\.apache\.thrift/libfb303@.*$ + CVE-2019-3553 + + + CVE-2019-3558 applies to Thrift Servers in Python not Java + ^pkg:maven/org\.apache\.thrift/libfb303@.*$ + CVE-2019-3558 + + + CVE-2019-3564 applies to Thrift Servers in Go not Java + ^pkg:maven/org\.apache\.thrift/libfb303@.*$ + CVE-2019-3564 + + + CVE-2019-3565 applies to Thrift Servers in CPP not Java + ^pkg:maven/org\.apache\.thrift/libfb303@.*$ + CVE-2019-3565 + + + CVE-2021-24028 applies to Facebook Thrift CPP + ^pkg:maven/org\.apache\.thrift/libfb303@.*$ + CVE-2021-24028 + + + CVE-2019-11938 applies to Facebook Thrift Servers + ^pkg:maven/org\.apache\.thrift/libfb303@.*$ + CVE-2019-11938 + + + CVE-2019-3559 applies to Facebook Thrift Servers + ^pkg:maven/org\.apache\.thrift/libfb303@.*$ + CVE-2019-3559 + + + CVE-2023-36479 was resolved in Jetty 10.0.16 + ^pkg:maven/org\.eclipse\.jetty/jetty\-servlets@.*$ + CVE-2023-36479 + + + The jetty-servlet-api is versioned according to the Java Servlet API version not the Jetty version + ^pkg:maven/org\.eclipse\.jetty\.toolchain/jetty\-servlet\-api@.*$ + cpe:/a:eclipse:jetty + + + CVE-2023-31419 applies to Elasticsearch Server not client libraries + ^pkg:maven/org\.elasticsearch/elasticsearch@.*$ + CVE-2023-31419 + + + CVE-2023-37475 applies to Hamba Avro in Go not Apache Avro for Java + ^pkg:maven/org\.apache\.avro/.*$ + CVE-2023-37475 + + + CVE-2023-45860 is resolved in Hazelcast 5.3.5 + ^pkg:maven/com\.hazelcast/hazelcast@.*$ + CVE-2023-45860 + + + CVE-2023-36414 applies to Azure Identity for .NET not Java + ^pkg:maven/com\.azure/azure\-identity@.*$ + CVE-2023-36414 + + + CVE-2023-36415 applies to Azure Identity for Python not Java + ^pkg:maven/com\.azure/azure\-identity@.*$ + CVE-2023-36415 + + + CVE-2020-13949 applies to Thrift and not to Hive + ^pkg:maven/org\.apache\.hive.*$ + CVE-2020-13949 + + + CVE-2023-44487 applies to netty-codec-http2 as a Server + ^pkg:maven/io\.netty/netty.*$ + CVE-2023-44487 + + + Parquet MR vulnerabilities do not apply to other Parquet libraries + ^pkg:maven/org\.apache\.parquet/parquet\-(?!mr).*$ + cpe:/a:apache:parquet-mr + + + Apache Hadoop vulnerabilities do not apply to Parquet Hadoop Bundle library + ^pkg:maven/org\.apache\.parquet/parquet\-hadoop\-bundle@.*$ + cpe:/a:apache:hadoop + + + CVE-2017-7525 applies to Jackson 2 not Jackson 1 + ^pkg:maven/org\.codehaus\.jackson/jackson\-mapper\-asl@.*$ + CVE-2017-7525 + + + CVE-2019-11358 applies to bundled copies of jQuery not used in the project + ^pkg:javascript/jquery@.*$ + CVE-2019-11358 + + + CVE-2020-11022 applies to bundled copies of jQuery not used in the project + ^pkg:javascript/jquery@.*$ + CVE-2020-11022 + + + CVE-2020-11023 applies to bundled copies of jQuery not used in the project + ^pkg:javascript/jquery@.*$ + CVE-2020-11023 + + + CVE-2020-23064 applies to bundled copies of jQuery not used in the project + ^pkg:javascript/jquery@.*$ + CVE-2020-23064 + + + CVE-2011-4969 applies to bundled copies of jQUery not used in the project + ^pkg:javascript/jquery@.*$ + CVE-2011-4969 + + + CVE-2012-6708 applies to bundled copies of jQUery not used in the project + ^pkg:javascript/jquery@.*$ + CVE-2012-6708 + + + CVE-2015-9251 applies to bundled copies of jQUery not used in the project + ^pkg:javascript/jquery@.*$ + CVE-2015-9251 + + + CVE-2020-7656 applies to bundled copies of jQUery not used in the project + ^pkg:javascript/jquery@.*$ + CVE-2020-7656 + + + jQuery vulnerability warning for historical versions + ^pkg:javascript/jquery@.*$ + jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates + + + CVE-2020-28458 applies to bundled copies of jQuery datatables not used in the project + ^pkg:javascript/jquery\.datatables@.*$ + CVE-2020-28458 + + + CVE-2021-23445 applies to bundled copies of jQuery datatables not used in the project + ^pkg:javascript/jquery\.datatables@.*$ + CVE-2021-23445 + + + CVE-2023-44487 references gRPC for Go + ^pkg:maven/io\.grpc/grpc.*$ + CVE-2023-44487 + + + Guava temporary directory file creation is not used + ^pkg:maven/com\.google\.guava/guava@.*$ + CVE-2023-2976 + + + Guava temporary directory file creation is not used + ^pkg:maven/com\.google\.guava/guava@.*$ + CVE-2020-8908 + + + CVE-2021-44521 applies to Apache Cassandra Server + ^pkg:maven/com\.datastax\.cassandra/cassandra\-driver\-extras@.*$ + CVE-2021-44521 + + + CVE-2020-17516 applies to Apache Cassandra Server + ^pkg:maven/com\.datastax\.cassandra/cassandra\-driver\-extras@.*$ + CVE-2020-17516 + + + CVE-2019-2684 applies to Apache Cassandra Server + ^pkg:maven/com\.datastax\.cassandra/cassandra\-driver\-extras@.*$ + CVE-2019-2684 + + + CVE-2020-13946 applies to Apache Cassandra Server + ^pkg:maven/com\.datastax\.cassandra/cassandra\-driver\-extras@.*$ + CVE-2020-13946 + + + CVE-2019-10172 applies to Jackson 1 XmlMapper not JSON mapper used in Ranger plugins + ^pkg:maven/org\.codehaus\.jackson/jackson\-mapper\-asl@.*$ + CVE-2019-10172 + + + Bundled versions of jQuery DataTables are not used + ^pkg:javascript/jquery\.datatables@.*$ + prototype pollution + + + Bundled versions of jQuery DataTables are not used + ^pkg:javascript/jquery\.datatables@.*$ + possible XSS + diff --git a/nifi-nar-bundles/nifi-accumulo-bundle/pom.xml b/nifi-nar-bundles/nifi-accumulo-bundle/pom.xml index 2e77646a81b7..9183e65560f4 100644 --- a/nifi-nar-bundles/nifi-accumulo-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-accumulo-bundle/pom.xml @@ -59,18 +59,6 @@ hadoop-client-runtime ${hadoop.version} - - - org.apache.zookeeper - zookeeper - ${zookeeper.version} - - - ch.qos.logback - logback-classic - - - org.apache.accumulo accumulo-core diff --git a/nifi-nar-bundles/nifi-asana-bundle/pom.xml b/nifi-nar-bundles/nifi-asana-bundle/pom.xml index 2bb6bf792cf6..33a62e8d030c 100644 --- a/nifi-nar-bundles/nifi-asana-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-asana-bundle/pom.xml @@ -67,6 +67,12 @@ + + + io.grpc + grpc-context + 1.59.0 + diff --git a/nifi-nar-bundles/nifi-atlas-bundle/pom.xml b/nifi-nar-bundles/nifi-atlas-bundle/pom.xml index a85cd1cf83c9..0fcc26de40a7 100644 --- a/nifi-nar-bundles/nifi-atlas-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-atlas-bundle/pom.xml @@ -117,6 +117,12 @@ guava ${guava.version} + + + org.codehaus.jettison + jettison + 1.5.4 + diff --git a/nifi-nar-bundles/nifi-azure-bundle/pom.xml b/nifi-nar-bundles/nifi-azure-bundle/pom.xml index 1a4a497285d1..7edc596db14b 100644 --- a/nifi-nar-bundles/nifi-azure-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-azure-bundle/pom.xml @@ -27,7 +27,7 @@ pom - 1.2.16 + 1.2.17 1.13.10 0.34.1 diff --git a/nifi-nar-bundles/nifi-box-bundle/pom.xml b/nifi-nar-bundles/nifi-box-bundle/pom.xml index c4d161b4f150..9a9378082f9b 100644 --- a/nifi-nar-bundles/nifi-box-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-box-bundle/pom.xml @@ -34,4 +34,15 @@ nifi-box-services-api nifi-box-services-nar + + + + + + org.bitbucket.b_c + jose4j + 0.9.3 + + + diff --git a/nifi-nar-bundles/nifi-framework-bundle/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/pom.xml index 97fbd03c19f9..6f29f7117bf6 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-framework-bundle/pom.xml @@ -475,11 +475,6 @@ metrics-core 4.2.19 - - org.apache.zookeeper - zookeeper - ${zookeeper.version} - org.apache.curator curator-framework diff --git a/nifi-nar-bundles/nifi-gcp-bundle/pom.xml b/nifi-nar-bundles/nifi-gcp-bundle/pom.xml index aa6366fe2595..5ef800b8ffe6 100644 --- a/nifi-nar-bundles/nifi-gcp-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-gcp-bundle/pom.xml @@ -27,7 +27,7 @@ pom - 26.22.0 + 26.25.0 diff --git a/nifi-nar-bundles/nifi-graph-bundle/nifi-graph-test-clients/pom.xml b/nifi-nar-bundles/nifi-graph-bundle/nifi-graph-test-clients/pom.xml index 73f9e392a651..b486344678ec 100644 --- a/nifi-nar-bundles/nifi-graph-bundle/nifi-graph-test-clients/pom.xml +++ b/nifi-nar-bundles/nifi-graph-bundle/nifi-graph-test-clients/pom.xml @@ -28,6 +28,7 @@ 3.7.0 0.6.3 32.1.2-jre + 5.19.0 @@ -54,6 +55,12 @@ guava ${guava.version} + + + com.rabbitmq + amqp-client + ${amqp-client.version} + diff --git a/nifi-nar-bundles/nifi-hazelcast-bundle/nifi-hazelcast-services/pom.xml b/nifi-nar-bundles/nifi-hazelcast-bundle/nifi-hazelcast-services/pom.xml index e44d3e3e029a..3aa75f404f90 100644 --- a/nifi-nar-bundles/nifi-hazelcast-bundle/nifi-hazelcast-services/pom.xml +++ b/nifi-nar-bundles/nifi-hazelcast-bundle/nifi-hazelcast-services/pom.xml @@ -26,41 +26,28 @@ jar - - org.apache.nifi nifi-hazelcast-services-api 2.0.0-SNAPSHOT provided - org.apache.nifi nifi-utils - 2.0.0-SNAPSHOT - org.apache.nifi nifi-distributed-cache-client-service-api - - - com.hazelcast hazelcast - 5.3.2 + 5.3.5 - - - org.apache.nifi nifi-mock - 2.0.0-SNAPSHOT - test diff --git a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive-test-utils/pom.xml b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive-test-utils/pom.xml index a3d7014abc76..677498bc8de6 100644 --- a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive-test-utils/pom.xml +++ b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive-test-utils/pom.xml @@ -99,6 +99,12 @@ guava 32.1.2-jre + + + org.codehaus.jettison + jettison + 1.5.4 + diff --git a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml index d142166ff35f..e65295356fbc 100644 --- a/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml +++ b/nifi-nar-bundles/nifi-hive-bundle/nifi-hive3-processors/pom.xml @@ -144,6 +144,27 @@ org.eclipse.jetty.websocket websocket-client + + + org.apache.hbase + hbase-common + + + org.apache.hbase + hbase-client + + + org.apache.hbase + hbase-mapreduce + + + org.apache.hbase + hbase-hadoop2-compat + + + org.apache.hbase + hbase-hadoop-compat + diff --git a/nifi-nar-bundles/nifi-hive-bundle/pom.xml b/nifi-nar-bundles/nifi-hive-bundle/pom.xml index eec3bc6f3117..a365a7715705 100644 --- a/nifi-nar-bundles/nifi-hive-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-hive-bundle/pom.xml @@ -58,6 +58,17 @@ calcite-core ${calcite.version} + + + org.codehaus.janino + commons-compiler + 3.1.10 + + + org.codehaus.janino + janino + 3.1.10 + org.apache.calcite.avatica @@ -76,18 +87,6 @@ derby ${derby.version} - - - org.apache.zookeeper - zookeeper - ${zookeeper.version} - - - ch.qos.logback - logback-classic - - - org.apache.ant @@ -105,6 +104,12 @@ nimbus-jose-jwt 9.33 + + + org.codehaus.groovy + groovy-all + 2.4.21 + diff --git a/nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/pom.xml b/nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/pom.xml index 522d9f1b795f..26dc70ff81cf 100644 --- a/nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/pom.xml +++ b/nifi-nar-bundles/nifi-iceberg-bundle/nifi-iceberg-processors/pom.xml @@ -186,6 +186,14 @@ org.apache.hbase hbase-client + + org.apache.hbase + hbase-mapreduce + + + org.apache.hbase + hbase-hadoop2-compat + co.cask.tephra tephra-api diff --git a/nifi-nar-bundles/nifi-iceberg-bundle/pom.xml b/nifi-nar-bundles/nifi-iceberg-bundle/pom.xml index feb62c3e26e6..39840a4d8202 100644 --- a/nifi-nar-bundles/nifi-iceberg-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-iceberg-bundle/pom.xml @@ -64,18 +64,6 @@ derby ${derby.version} - - - org.apache.zookeeper - zookeeper - ${zookeeper.version} - - - ch.qos.logback - logback-classic - - - org.apache.ant @@ -116,6 +104,12 @@ guava 32.1.2-jre + + + org.codehaus.groovy + groovy-all + 2.4.21 + diff --git a/nifi-nar-bundles/nifi-ranger-bundle/pom.xml b/nifi-nar-bundles/nifi-ranger-bundle/pom.xml index 7298a5458d9c..1cc559785f32 100644 --- a/nifi-nar-bundles/nifi-ranger-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-ranger-bundle/pom.xml @@ -37,12 +37,6 @@ - - - org.apache.zookeeper - zookeeper - ${zookeeper.version} - commons-beanutils @@ -96,6 +90,12 @@ guava 32.1.2-jre + + + org.codehaus.jettison + jettison + 1.5.4 + diff --git a/nifi-nar-bundles/nifi-salesforce-bundle/nifi-salesforce-processors/pom.xml b/nifi-nar-bundles/nifi-salesforce-bundle/nifi-salesforce-processors/pom.xml index ac1210211b1e..d239568355b4 100644 --- a/nifi-nar-bundles/nifi-salesforce-bundle/nifi-salesforce-processors/pom.xml +++ b/nifi-nar-bundles/nifi-salesforce-bundle/nifi-salesforce-processors/pom.xml @@ -49,7 +49,7 @@ org.apache.camel camel-salesforce - 3.14.5 + 3.14.9 * diff --git a/nifi-nar-bundles/nifi-spark-bundle/pom.xml b/nifi-nar-bundles/nifi-spark-bundle/pom.xml index 324214b04b48..1c2cf7089b4b 100644 --- a/nifi-nar-bundles/nifi-spark-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-spark-bundle/pom.xml @@ -65,18 +65,6 @@ nimbus-jose-jwt 9.33 - - - org.apache.zookeeper - zookeeper - ${zookeeper.version} - - - ch.qos.logback - logback-classic - - - diff --git a/nifi-nar-bundles/nifi-sql-reporting-bundle/pom.xml b/nifi-nar-bundles/nifi-sql-reporting-bundle/pom.xml index 08360e830fa7..f405f42bc690 100644 --- a/nifi-nar-bundles/nifi-sql-reporting-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-sql-reporting-bundle/pom.xml @@ -41,6 +41,17 @@ guava ${guava.version} + + + org.codehaus.janino + commons-compiler + 3.1.10 + + + org.codehaus.janino + janino + 3.1.10 + diff --git a/nifi-nar-bundles/nifi-standard-bundle/pom.xml b/nifi-nar-bundles/nifi-standard-bundle/pom.xml index 9dcbcf2f6492..bc090c6efe20 100644 --- a/nifi-nar-bundles/nifi-standard-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-standard-bundle/pom.xml @@ -274,6 +274,17 @@ + + + org.codehaus.janino + commons-compiler + 3.1.10 + + + org.codehaus.janino + janino + 3.1.10 + org.apache.sshd sshd-core diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/nifi-hbase_2-client-service/pom.xml b/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/nifi-hbase_2-client-service/pom.xml index 256164380b4d..ae1dae946a95 100644 --- a/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/nifi-hbase_2-client-service/pom.xml +++ b/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/nifi-hbase_2-client-service/pom.xml @@ -113,6 +113,10 @@ jdk.tools jdk.tools + + org.apache.htrace + htrace-core4 + diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/pom.xml b/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/pom.xml index b9fa810df4ed..3dae76fc5a7b 100644 --- a/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/pom.xml +++ b/nifi-nar-bundles/nifi-standard-services/nifi-hbase_2-client-service-bundle/pom.xml @@ -62,18 +62,6 @@ commons-beanutils 1.9.4 - - - org.apache.zookeeper - zookeeper - ${zookeeper.version} - - - ch.qos.logback - logback-classic - - - com.nimbusds diff --git a/nifi-registry/nifi-registry-extensions/nifi-registry-ranger/pom.xml b/nifi-registry/nifi-registry-extensions/nifi-registry-ranger/pom.xml index 9f3351e69644..8f5b87224303 100644 --- a/nifi-registry/nifi-registry-extensions/nifi-registry-ranger/pom.xml +++ b/nifi-registry/nifi-registry-extensions/nifi-registry-ranger/pom.xml @@ -48,12 +48,6 @@ jetty-webapp ${jetty.version} - - - org.apache.zookeeper - zookeeper - ${zookeeper.version} - org.apache.solr diff --git a/pom.xml b/pom.xml index d94db28270ed..6b0f25eebb15 100644 --- a/pom.xml +++ b/pom.xml @@ -106,7 +106,7 @@ UTF-8 UTF-8 2014 - 1.12.550 + 1.12.573 2.20.148 2.10.1 6.8.1 @@ -140,7 +140,7 @@ 1.2.1 2.1.5 1.9.20.1 - 2.40 + 2.41 2.20.0 1.3.11 5.5.0 @@ -706,6 +706,22 @@ caffeine ${caffeine.version} + + org.apache.zookeeper + zookeeper + ${zookeeper.version} + + + org.apache.zookeeper + zookeeper-jute + ${zookeeper.version} + + + + junit + junit + 4.13.2 + @@ -1227,7 +1243,7 @@ org.owasp dependency-check-maven - 8.4.0 + 8.4.2 false