From 9f490e75e905e8d107b3e469cc146dace034ae7c Mon Sep 17 00:00:00 2001 From: Deepak Mehra Date: Mon, 18 Nov 2024 11:12:06 +0530 Subject: [PATCH] Upgrade Druid version to resolve CVEs --- pom.xml | 86 +------------------ presto-druid/pom.xml | 75 ++++------------ .../druid/segment/V9SegmentIndexSource.java | 3 +- 3 files changed, 21 insertions(+), 143 deletions(-) diff --git a/pom.xml b/pom.xml index 939b7dda2019d..50fe602c7064a 100644 --- a/pom.xml +++ b/pom.xml @@ -68,7 +68,7 @@ 1.7.32 2.3.1 0.11.0 - 0.19.0 + 30.0.1 2.3.1 0.14.0 1.18.3 @@ -1247,7 +1247,7 @@ net.java.dev.jna jna - 5.12.1 + 5.13.0 @@ -1647,86 +1647,6 @@ - - org.apache.druid - druid-core - ${dep.druid.version} - - - commons-logging - commons-logging - - - com.fasterxml.jackson.core - jackson-annotations - - - com.fasterxml.jackson.core - jackson-core - - - com.fasterxml.jackson.core - jackson-databind - - - com.fasterxml.jackson.datatype - jackson-datatype-guava - - - com.fasterxml.jackson.datatype - jackson-datatype-joda - - - com.fasterxml.jackson.dataformat - jackson-dataformat-smile - - - it.unimi.dsi - fastutil - - - joda-time - joda-time - - - org.apache.commons - commons-lang3 - - - org.apache.logging.log4j - log4j-slf4j-impl - - - org.apache.logging.log4j - log4j-1.2-api - - - org.checkerframework - checker-qual - - - org.glassfish - javax.el - - - org.objenesis - objenesis - - - org.ow2.asm - asm-commons - - - org.slf4j - slf4j-api - - - org.roaringbitmap - RoaringBitmap - - - - org.apache.httpcomponents httpclient @@ -1954,7 +1874,7 @@ com.github.luben zstd-jni - 1.5.2-2 + 1.5.2-3 diff --git a/presto-druid/pom.xml b/presto-druid/pom.xml index f3882ee91352e..56fbfcec0b426 100644 --- a/presto-druid/pom.xml +++ b/presto-druid/pom.xml @@ -99,80 +99,37 @@ commons-lang commons-lang - - - - - org.apache.druid - druid-core - - - io.netty - * - - - com.fasterxml.jackson.core - jackson-annotations - - - com.fasterxml.jackson.core - jackson-core - - - com.fasterxml.jackson.core - jackson-databind - - - com.fasterxml.jackson.datatype - jackson-datatype-guava - - - com.fasterxml.jackson.datatype - jackson-datatype-joda + + org.apache.logging.log4j + log4j-api - com.fasterxml.jackson.dataformat - jackson-dataformat-smile - - - javax.activation - javax.activation-api + org.apache.logging.log4j + log4j-core - joda-time - joda-time + org.apache.logging.log4j + log4j-jul org.slf4j - slf4j-api + jcl-over-slf4j - org.glassfish - javax.el + jakarta.inject + jakarta.inject-api - org.jruby.jcodings - jcodings + jakarta.validation + jakarta.validation-api - com.google.errorprone - error_prone_annotations + javax.el + javax.el-api - org.ow2.asm - asm - - - org.apache.maven - maven-artifact - - - commons-io - commons-io - - - commons-lang - commons-lang + it.unimi.dsi + fastutil-core diff --git a/presto-druid/src/main/java/com/facebook/presto/druid/segment/V9SegmentIndexSource.java b/presto-druid/src/main/java/com/facebook/presto/druid/segment/V9SegmentIndexSource.java index 78e2b366459a1..23c1b5dcc4afd 100644 --- a/presto-druid/src/main/java/com/facebook/presto/druid/segment/V9SegmentIndexSource.java +++ b/presto-druid/src/main/java/com/facebook/presto/druid/segment/V9SegmentIndexSource.java @@ -29,6 +29,7 @@ import org.apache.druid.segment.Metadata; import org.apache.druid.segment.QueryableIndex; import org.apache.druid.segment.SimpleQueryableIndex; +import org.apache.druid.segment.column.ColumnConfig; import org.apache.druid.segment.column.ColumnDescriptor; import org.apache.druid.segment.column.ColumnHolder; import org.apache.druid.segment.data.BitmapSerde; @@ -135,7 +136,7 @@ private ColumnHolder createColumnHolder(String columnName) try { ByteBuffer columnData = ByteBuffer.wrap(segmentColumnSource.getColumnData(columnName)); ColumnDescriptor columnDescriptor = readColumnDescriptor(columnData); - return columnDescriptor.read(columnData, () -> 0, null); + return columnDescriptor.read(columnData, ColumnConfig.DEFAULT, null); } catch (IOException e) { throw new PrestoException(DRUID_SEGMENT_LOAD_ERROR, e);