HADOOP-18496. Upgrade okhttp3 and dependencies due to kotlin CVEs (#5035)

Updates okhttp3 and okio so their transitive dependency on Kotlin
stdlib is free from recent CVEs.

okhttp3:okhttp => 4.10.0
okio:okio => 3.2.0
kotlin stdlib => 1.6.20

kotlin CVEs fixed:
 CVE-2022-24329
 CVE-2020-29582
 
Contributed by PJ Fanning.
This commit is contained in:
PJ Fanning 2022-11-12 15:14:19 +01:00 committed by GitHub
parent 5bb11cecea
commit d340c4a7a1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 43 additions and 6 deletions

View File

@ -241,8 +241,8 @@ com.google.guava:guava:27.0-jre
com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
com.microsoft.azure:azure-storage:7.0.0 com.microsoft.azure:azure-storage:7.0.0
com.nimbusds:nimbus-jose-jwt:9.8.1 com.nimbusds:nimbus-jose-jwt:9.8.1
com.squareup.okhttp3:okhttp:4.9.3 com.squareup.okhttp3:okhttp:4.10.0
com.squareup.okio:okio:1.6.0 com.squareup.okio:okio:3.2.0
com.zaxxer:HikariCP:4.0.3 com.zaxxer:HikariCP:4.0.3
commons-beanutils:commons-beanutils:1.9.3 commons-beanutils:commons-beanutils:1.9.3
commons-cli:commons-cli:1.2 commons-cli:commons-cli:1.2

View File

@ -157,6 +157,8 @@
<exclude>org.bouncycastle:*</exclude> <exclude>org.bouncycastle:*</exclude>
<!-- Leave snappy that includes native methods which cannot be relocated. --> <!-- Leave snappy that includes native methods which cannot be relocated. -->
<exclude>org.xerial.snappy:*</exclude> <exclude>org.xerial.snappy:*</exclude>
<!-- leave out kotlin classes -->
<exclude>org.jetbrains.kotlin:*</exclude>
</excludes> </excludes>
</artifactSet> </artifactSet>
<filters> <filters>

View File

@ -383,6 +383,11 @@
<artifactId>mockwebserver</artifactId> <artifactId>mockwebserver</artifactId>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency>
<groupId>com.squareup.okio</groupId>
<artifactId>okio-jvm</artifactId>
<scope>test</scope>
</dependency>
<dependency> <dependency>
<groupId>dnsjava</groupId> <groupId>dnsjava</groupId>
<artifactId>dnsjava</artifactId> <artifactId>dnsjava</artifactId>

View File

@ -37,6 +37,16 @@ https://maven.apache.org/xsd/maven-4.0.0.xsd">
<dependency> <dependency>
<groupId>com.squareup.okhttp3</groupId> <groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId> <artifactId>okhttp</artifactId>
<exclusions>
<exclusion>
<groupId>com.squareup.okio</groupId>
<artifactId>okio-jvm</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.squareup.okio</groupId>
<artifactId>okio-jvm</artifactId>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.jetbrains.kotlin</groupId> <groupId>org.jetbrains.kotlin</groupId>

View File

@ -132,9 +132,10 @@
<hikari.version>4.0.3</hikari.version> <hikari.version>4.0.3</hikari.version>
<mssql.version>6.2.1.jre7</mssql.version> <mssql.version>6.2.1.jre7</mssql.version>
<okhttp.version>2.7.5</okhttp.version> <okhttp.version>2.7.5</okhttp.version>
<okhttp3.version>4.9.3</okhttp3.version> <okhttp3.version>4.10.0</okhttp3.version>
<kotlin-stdlib.verion>1.4.10</kotlin-stdlib.verion> <okio.version>3.2.0</okio.version>
<kotlin-stdlib-common.version>1.4.10</kotlin-stdlib-common.version> <kotlin-stdlib.verion>1.6.20</kotlin-stdlib.verion>
<kotlin-stdlib-common.version>1.6.20</kotlin-stdlib-common.version>
<jdom2.version>2.0.6.1</jdom2.version> <jdom2.version>2.0.6.1</jdom2.version>
<jna.version>5.2.0</jna.version> <jna.version>5.2.0</jna.version>
<grizzly.version>2.2.21</grizzly.version> <grizzly.version>2.2.21</grizzly.version>
@ -234,8 +235,17 @@
<groupId>org.jetbrains.kotlin</groupId> <groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-stdlib-common</artifactId> <artifactId>kotlin-stdlib-common</artifactId>
</exclusion> </exclusion>
<exclusion>
<groupId>com.squareup.okio</groupId>
<artifactId>okio-jvm</artifactId>
</exclusion>
</exclusions> </exclusions>
</dependency> </dependency>
<dependency>
<groupId>com.squareup.okio</groupId>
<artifactId>okio-jvm</artifactId>
<version>${okio.version}</version>
</dependency>
<dependency> <dependency>
<groupId>org.jetbrains.kotlin</groupId> <groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-stdlib</artifactId> <artifactId>kotlin-stdlib</artifactId>
@ -255,8 +265,18 @@
<dependency> <dependency>
<groupId>com.squareup.okhttp3</groupId> <groupId>com.squareup.okhttp3</groupId>
<artifactId>mockwebserver</artifactId> <artifactId>mockwebserver</artifactId>
<version>4.9.3</version> <version>${okhttp3.version}</version>
<scope>test</scope> <scope>test</scope>
<exclusions>
<exclusion>
<groupId>com.squareup.okio</groupId>
<artifactId>okio-jvm</artifactId>
</exclusion>
<exclusion>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-stdlib-jdk8</artifactId>
</exclusion>
</exclusions>
</dependency> </dependency>
<dependency> <dependency>
<groupId>jdiff</groupId> <groupId>jdiff</groupId>