HADOOP-18949. upgrade maven dependency plugin due to CVE-2021-26291. (#6219)

Addresses CVE-2021-26291. "Origin Validation Error in Apache Maven"

Contributed by PJ Fanning.
This commit is contained in:
PJ Fanning 2023-10-24 12:28:40 +01:00 committed by GitHub
parent 9c7e5b66fa
commit 0042544bf2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -26,26 +26,56 @@
<packaging>maven-plugin</packaging> <packaging>maven-plugin</packaging>
<name>Apache Hadoop Maven Plugins</name> <name>Apache Hadoop Maven Plugins</name>
<properties> <properties>
<maven.dependency.version>3.0.5</maven.dependency.version> <maven.dependency.version>3.9.5</maven.dependency.version>
<maven.plugin-tools.version>3.6.0</maven.plugin-tools.version> <maven.plugin-tools.version>3.10.1</maven.plugin-tools.version>
<plexus.classworlds.version>2.7.0</plexus.classworlds.version>
<sisu.inject.version>0.3.5</sisu.inject.version>
</properties> </properties>
<dependencies> <dependencies>
<dependency> <dependency>
<groupId>org.apache.maven</groupId> <groupId>org.apache.maven</groupId>
<artifactId>maven-plugin-api</artifactId> <artifactId>maven-plugin-api</artifactId>
<version>${maven.dependency.version}</version> <version>${maven.dependency.version}</version>
<exclusions>
<exclusion>
<groupId>org.eclipse.sisu</groupId>
<artifactId>org.eclipse.sisu.inject</artifactId>
</exclusion>
<exclusion>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-classworlds</artifactId>
</exclusion>
</exclusions>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.apache.maven</groupId> <groupId>org.apache.maven</groupId>
<artifactId>maven-core</artifactId> <artifactId>maven-core</artifactId>
<version>${maven.dependency.version}</version> <version>${maven.dependency.version}</version>
<exclusions> <exclusions>
<exclusion>
<groupId>org.eclipse.sisu</groupId>
<artifactId>org.eclipse.sisu.inject</artifactId>
</exclusion>
<exclusion> <exclusion>
<groupId>org.sonatype.sisu</groupId> <groupId>org.sonatype.sisu</groupId>
<artifactId>sisu-inject-plexus</artifactId> <artifactId>sisu-inject-plexus</artifactId>
</exclusion> </exclusion>
<exclusion>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-classworlds</artifactId>
</exclusion>
</exclusions> </exclusions>
</dependency> </dependency>
<dependency>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-classworlds</artifactId>
<version>${plexus.classworlds.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.sisu</groupId>
<artifactId>org.eclipse.sisu.inject</artifactId>
<version>${sisu.inject.version}</version>
</dependency>
<dependency> <dependency>
<groupId>org.apache.maven.plugin-tools</groupId> <groupId>org.apache.maven.plugin-tools</groupId>
<artifactId>maven-plugin-annotations</artifactId> <artifactId>maven-plugin-annotations</artifactId>