From 81531367aafcbedc3bab9d588d1324f81b7e06bd Mon Sep 17 00:00:00 2001 From: David Cui Date: Tue, 12 Jan 2021 11:26:53 -0800 Subject: [PATCH 1/3] initial commit, save progress --- elasticsearch/build.gradle | 4 ++-- integ-test/build.gradle | 1 + plugin/build.gradle | 1 + protocol/build.gradle | 4 ++-- sql-jdbc/build.gradle | 2 +- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/elasticsearch/build.gradle b/elasticsearch/build.gradle index 00bfdfbfe4..fc499124f6 100644 --- a/elasticsearch/build.gradle +++ b/elasticsearch/build.gradle @@ -12,8 +12,8 @@ dependencies { compile project(':core') compile group: 'org.elasticsearch', name: 'elasticsearch', version: "${es_version}" compile "io.github.resilience4j:resilience4j-retry:1.5.0" - compile group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.10.4' - compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.10.4' + compile group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.10.5' + compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.10.5.1' compile group: 'org.json', name: 'json', version:'20180813' compileOnly group: 'org.elasticsearch.client', name: 'elasticsearch-rest-high-level-client', version: "${es_version}" diff --git a/integ-test/build.gradle b/integ-test/build.gradle index 41f5f51b9c..7b462af50e 100644 --- a/integ-test/build.gradle +++ b/integ-test/build.gradle @@ -25,6 +25,7 @@ repositories { configurations.all { exclude group: "commons-logging", module: "commons-logging" + exclude group: 'com.fasterxml.jackson.core', module: 'jackson-core' // enforce 1.1.3, https://www.whitesourcesoftware.com/vulnerability-database/WS-2019-0379 resolutionStrategy.force 'commons-codec:commons-codec:1.13' resolutionStrategy.force 'com.google.guava:guava:29.0-jre' diff --git a/plugin/build.gradle b/plugin/build.gradle index 1fb0bf9cfc..6d33ef5935 100644 --- a/plugin/build.gradle +++ b/plugin/build.gradle @@ -31,6 +31,7 @@ thirdPartyAudit.enabled = false configurations.all { // conflict with spring-jcl exclude group: "commons-logging", module: "commons-logging" + exclude group: 'com.fasterxml.jackson.core', module: 'jackson-core' // enforce 1.1.3, https://www.whitesourcesoftware.com/vulnerability-database/WS-2019-0379 resolutionStrategy.force 'commons-codec:commons-codec:1.13' resolutionStrategy.force 'com.google.guava:guava:29.0-jre' diff --git a/protocol/build.gradle b/protocol/build.gradle index fb311bcc4b..8259d13217 100644 --- a/protocol/build.gradle +++ b/protocol/build.gradle @@ -11,8 +11,8 @@ repositories { dependencies { // https://github.com/google/guava/wiki/CVE-2018-10237 compile group: 'com.google.guava', name: 'guava', version: '29.0-jre' - compile group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.10.4' - compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.10.4' + compile group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.10.5' + compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.10.5.1' implementation 'com.google.code.gson:gson:2.8.6' compile project(':core') compile project(':elasticsearch') diff --git a/sql-jdbc/build.gradle b/sql-jdbc/build.gradle index 7457c9ef71..a72c310804 100644 --- a/sql-jdbc/build.gradle +++ b/sql-jdbc/build.gradle @@ -52,7 +52,7 @@ repositories { dependencies { implementation group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.6' - implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.9.7' + implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.10.5' implementation group: 'com.amazonaws', name: 'aws-java-sdk-core', version: '1.11.452' testImplementation('org.junit.jupiter:junit-jupiter-api:5.3.1') From 0adc6b0130e6370817449c4e464733e9cc9c683e Mon Sep 17 00:00:00 2001 From: David Cui Date: Tue, 12 Jan 2021 13:07:33 -0800 Subject: [PATCH 2/3] forcing jackson core to use v2.10.5 --- integ-test/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integ-test/build.gradle b/integ-test/build.gradle index 7b462af50e..9c073e7bbc 100644 --- a/integ-test/build.gradle +++ b/integ-test/build.gradle @@ -25,10 +25,10 @@ repositories { configurations.all { exclude group: "commons-logging", module: "commons-logging" - exclude group: 'com.fasterxml.jackson.core', module: 'jackson-core' // enforce 1.1.3, https://www.whitesourcesoftware.com/vulnerability-database/WS-2019-0379 resolutionStrategy.force 'commons-codec:commons-codec:1.13' resolutionStrategy.force 'com.google.guava:guava:29.0-jre' + resolutionStrategy.force 'com.fasterxml.jackson.core:jackson-core:2.10.5' } dependencies { From e0d06277339da60a77073dd2453856db8b1bd4d2 Mon Sep 17 00:00:00 2001 From: David Cui Date: Tue, 12 Jan 2021 16:44:18 -0800 Subject: [PATCH 3/3] forcing updated version of jackson-core vs excluding --- plugin/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugin/build.gradle b/plugin/build.gradle index 6d33ef5935..dde16120ab 100644 --- a/plugin/build.gradle +++ b/plugin/build.gradle @@ -31,7 +31,7 @@ thirdPartyAudit.enabled = false configurations.all { // conflict with spring-jcl exclude group: "commons-logging", module: "commons-logging" - exclude group: 'com.fasterxml.jackson.core', module: 'jackson-core' + resolutionStrategy.force 'com.fasterxml.jackson.core:jackson-core:2.10.5' // enforce 1.1.3, https://www.whitesourcesoftware.com/vulnerability-database/WS-2019-0379 resolutionStrategy.force 'commons-codec:commons-codec:1.13' resolutionStrategy.force 'com.google.guava:guava:29.0-jre'