From b1d4e22d15dec9889a543c1ad214bb8075b00c43 Mon Sep 17 00:00:00 2001
From: Denodo Research Labs
<65558872+denodo-research-labs@users.noreply.github.com>
Date: Thu, 23 Jan 2025 17:43:53 +0100
Subject: [PATCH] Use alluxio-core instead of shaded deps to get rid of CVEs
(#24231)
---
pom.xml | 196 +++++++++++++++++-
presto-accumulo/pom.xml | 1 -
presto-bigquery/pom.xml | 24 ---
presto-cache/pom.xml | 30 ++-
.../facebook/presto/cache/CacheFactory.java | 2 +-
.../alluxio/TestAlluxioCachingFileSystem.java | 5 +-
presto-elasticsearch/pom.xml | 2 -
presto-function-namespace-managers/pom.xml | 12 +-
presto-hive-hadoop2/pom.xml | 6 -
presto-hive/pom.xml | 4 -
presto-iceberg/pom.xml | 1 -
presto-native-execution/pom.xml | 6 +-
presto-native-sidecar-plugin/pom.xml | 1 -
presto-parquet/pom.xml | 1 -
presto-product-tests/pom.xml | 10 -
15 files changed, 225 insertions(+), 76 deletions(-)
diff --git a/pom.xml b/pom.xml
index 4b0659f2054f7..71f06f215e620 100644
--- a/pom.xml
+++ b/pom.xml
@@ -76,7 +76,7 @@
3.3.0
2.9.0
2.2.0
- 2.18.0
+ 2.28.0
32.1.0-jre
2.15.4
2.8
@@ -86,6 +86,9 @@
4.1.115.Final
2.0
9.4.56.v20240826
+ 2.11.0
+ 3.14.0
+ 5.1.0
- org.alluxio:alluxio-shaded-client
org.codehaus.plexus:plexus-utils
com.google.guava:guava
com.fasterxml.jackson.core:jackson-annotations
@@ -2363,6 +2539,7 @@
duplicate-finder-maven-plugin
+ com.github.benmanes.caffeine.*
META-INF.versions.9.module-info
@@ -2370,6 +2547,9 @@
META-INF.versions.9.org.apache.lucene.*
+
+ git.properties
+
diff --git a/presto-accumulo/pom.xml b/presto-accumulo/pom.xml
index 86a7e17f8062e..731a77f383a5b 100644
--- a/presto-accumulo/pom.xml
+++ b/presto-accumulo/pom.xml
@@ -232,7 +232,6 @@
org.apache.commons
commons-lang3
- 3.4
diff --git a/presto-bigquery/pom.xml b/presto-bigquery/pom.xml
index ae3a31e4d7416..782f5b89caaa9 100644
--- a/presto-bigquery/pom.xml
+++ b/presto-bigquery/pom.xml
@@ -27,12 +27,6 @@
import
-
- com.google.code.gson
- gson
- 2.10.1
-
-
org.threeten
threetenbp
@@ -45,24 +39,6 @@
0.31.1
-
- org.apache.commons
- commons-lang3
- 3.14.0
-
-
-
- org.apache.httpcomponents
- httpcore
- 4.4.16
-
-
-
- org.apache.httpcomponents
- httpclient
- 4.5.14
-
-
com.google.api-client
google-api-client
diff --git a/presto-cache/pom.xml b/presto-cache/pom.xml
index 34c255628b78d..43b4cd514f87e 100644
--- a/presto-cache/pom.xml
+++ b/presto-cache/pom.xml
@@ -79,7 +79,17 @@
org.alluxio
- alluxio-shaded-client
+ alluxio-core-client-hdfs
+
+
+
+ org.alluxio
+ alluxio-core-client-fs
+
+
+
+ org.alluxio
+ alluxio-core-common
@@ -139,4 +149,22 @@
test
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-dependency-plugin
+
+
+
+ io.dropwizard.metrics:metrics-core
+
+
+
+
+
+
+
diff --git a/presto-cache/src/main/java/com/facebook/presto/cache/CacheFactory.java b/presto-cache/src/main/java/com/facebook/presto/cache/CacheFactory.java
index 5e5a2018bdca2..b517a8132ce29 100644
--- a/presto-cache/src/main/java/com/facebook/presto/cache/CacheFactory.java
+++ b/presto-cache/src/main/java/com/facebook/presto/cache/CacheFactory.java
@@ -21,7 +21,7 @@
import java.io.IOException;
import java.net.URI;
-import static alluxio.shaded.client.com.google.common.base.Preconditions.checkState;
+import static com.google.common.base.Preconditions.checkState;
public class CacheFactory
{
diff --git a/presto-cache/src/test/java/com/facebook/presto/cache/alluxio/TestAlluxioCachingFileSystem.java b/presto-cache/src/test/java/com/facebook/presto/cache/alluxio/TestAlluxioCachingFileSystem.java
index 8285e436178f8..23230af340be8 100644
--- a/presto-cache/src/test/java/com/facebook/presto/cache/alluxio/TestAlluxioCachingFileSystem.java
+++ b/presto-cache/src/test/java/com/facebook/presto/cache/alluxio/TestAlluxioCachingFileSystem.java
@@ -16,7 +16,6 @@
import alluxio.client.file.cache.CacheManager;
import alluxio.metrics.MetricKey;
import alluxio.metrics.MetricsSystem;
-import alluxio.shaded.client.org.apache.commons.lang3.NotImplementedException;
import alluxio.util.io.FileUtils;
import com.facebook.presto.cache.CacheConfig;
import com.facebook.presto.hive.CacheQuota;
@@ -665,7 +664,7 @@ public boolean mkdirs(Path path, FsPermission permission)
@Override
public short getDefaultReplication()
{
- throw new NotImplementedException("getDefaultReplication not implemented");
+ throw new UnsupportedOperationException("getDefaultReplication not implemented");
}
@Override
@@ -677,7 +676,7 @@ public short getDefaultReplication(Path path)
@Override
public long getDefaultBlockSize()
{
- throw new NotImplementedException("getDefaultBlockSize not implemented");
+ throw new UnsupportedOperationException("getDefaultBlockSize not implemented");
}
@Override
diff --git a/presto-elasticsearch/pom.xml b/presto-elasticsearch/pom.xml
index 073f3c5518aa2..bf0064e08e76b 100644
--- a/presto-elasticsearch/pom.xml
+++ b/presto-elasticsearch/pom.xml
@@ -127,7 +127,6 @@
org.apache.httpcomponents
httpclient
- 4.5.2
@@ -151,7 +150,6 @@
org.apache.httpcomponents
httpcore
- 4.4.5
diff --git a/presto-function-namespace-managers/pom.xml b/presto-function-namespace-managers/pom.xml
index 4a467a77340a7..5be1f141fad0d 100644
--- a/presto-function-namespace-managers/pom.xml
+++ b/presto-function-namespace-managers/pom.xml
@@ -14,17 +14,7 @@
${project.parent.basedir}
-
-
-
-
- com.google.code.gson
- gson
- 2.11.0
-
-
-
-
+
com.facebook.airlift
diff --git a/presto-hive-hadoop2/pom.xml b/presto-hive-hadoop2/pom.xml
index a8624e4a9077f..89c1559786f80 100644
--- a/presto-hive-hadoop2/pom.xml
+++ b/presto-hive-hadoop2/pom.xml
@@ -80,12 +80,6 @@
provided
-
- org.alluxio
- alluxio-shaded-client
- runtime
-
-
org.openjdk.jol
jol-core
diff --git a/presto-hive/pom.xml b/presto-hive/pom.xml
index 8a756083122a9..6d32d37dfe7e3 100644
--- a/presto-hive/pom.xml
+++ b/presto-hive/pom.xml
@@ -499,10 +499,6 @@
net.bytebuddy
byte-buddy
-
- org.alluxio
- alluxio-shaded-client
-
diff --git a/presto-iceberg/pom.xml b/presto-iceberg/pom.xml
index 36cbe08db3b03..62cbbca65b4cf 100644
--- a/presto-iceberg/pom.xml
+++ b/presto-iceberg/pom.xml
@@ -672,7 +672,6 @@
module-info
org.apache.avro.*
org.apache.parquet.*
- com.github.benmanes.caffeine.*
META-INF.versions.9.module-info
diff --git a/presto-native-execution/pom.xml b/presto-native-execution/pom.xml
index 79271d2bb3cad..146f69ba787ca 100644
--- a/presto-native-execution/pom.xml
+++ b/presto-native-execution/pom.xml
@@ -112,6 +112,10 @@
org.apache.parquet
parquet-format-structures
+
+ org.apache.commons
+ commons-lang3
+
@@ -247,7 +251,6 @@
org.apache.commons
commons-lang3
- 3.14.0
test
@@ -281,7 +284,6 @@
module-info
META-INF.versions.9.module-info
org.apache.avro.*
- com.github.benmanes.caffeine.*
org.roaringbitmap.*
diff --git a/presto-native-sidecar-plugin/pom.xml b/presto-native-sidecar-plugin/pom.xml
index f3e82500967e5..19312b6c29eb2 100644
--- a/presto-native-sidecar-plugin/pom.xml
+++ b/presto-native-sidecar-plugin/pom.xml
@@ -232,7 +232,6 @@
module-info
META-INF.versions.9.module-info
org.apache.avro.*
- com.github.benmanes.caffeine.*
org.roaringbitmap.*
diff --git a/presto-parquet/pom.xml b/presto-parquet/pom.xml
index cb74c789f4c75..9cb0c7ec8d6a5 100644
--- a/presto-parquet/pom.xml
+++ b/presto-parquet/pom.xml
@@ -121,7 +121,6 @@
org.apache.commons
commons-lang3
- 3.4
test
diff --git a/presto-product-tests/pom.xml b/presto-product-tests/pom.xml
index 49c2bf79a304c..d86a58ebcbfc9 100644
--- a/presto-product-tests/pom.xml
+++ b/presto-product-tests/pom.xml
@@ -18,16 +18,6 @@
2.12.2
-
-
-
- org.apache.commons
- commons-lang3
- 3.14.0
-
-
-
-
org.apache.avro