Gitiles
Code Review Sign In
asterix-gerrit.ics.uci.edu / asterixdb / c831a8bdcaaa435e89f62b2251a4e465ff47ffef^! / . / hyracks-fullstack / pom.xml
commitc831a8bdcaaa435e89f62b2251a4e465ff47ffef[log] [tgz]
authorMichael Blow <michael.blow@couchbase.com>Mon Dec 02 21:38:38 2024 -0500
committerMichael Blow <mblow@apache.org>Thu Dec 05 16:01:00 2024 +0000
tree3a0e7b5e877d08580199fff75cd0e0916fd22fe0
parente9eb741c42c16cb9292dada589fa786686f3e41d [diff] [blame]
[NO ISSUE][HYR][*DB] Update dependencies to address CVEs

Ext-ref: MB-64482
Change-Id: I708ae48517a2c5e43ec7fc51f54f770e40f17ab1
Reviewed-on: https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/19169
Reviewed-by: Michael Blow <mblow@apache.org>
Tested-by: Michael Blow <mblow@apache.org>

diff --git a/hyracks-fullstack/pom.xml b/hyracks-fullstack/pom.xml
index 432947e..e33184c 100644
--- a/hyracks-fullstack/pom.xml
+++ b/hyracks-fullstack/pom.xml

@@ -70,13 +70,13 @@
     <test.includes>${global.test.includes}</test.includes>
     <test.excludes>${global.test.excludes}</test.excludes>
     <!-- Versions under dependencymanagement or used in many projects via properties -->
-    <hadoop.version>3.3.6</hadoop.version>
+    <hadoop.version>3.4.1</hadoop.version>
     <jacoco.version>0.7.6.201602180812</jacoco.version>
     <log4j.version>2.19.0</log4j.version>
     <snappy.version>1.1.10.5</snappy.version>
     <jackson.version>2.14.1</jackson.version>
     <jackson-databind.version>${jackson.version}</jackson-databind.version>
-    <netty.version>4.1.87.Final</netty.version>
+    <netty.version>4.1.115.Final</netty.version>
 
     <implementation.title>Apache Hyracks and Algebricks - ${project.name}</implementation.title>
     <implementation.url>https://asterixdb.apache.org/</implementation.url>
@@ -127,6 +127,11 @@
       </dependency>
       <dependency>
         <groupId>io.netty</groupId>
+        <artifactId>netty-transport-native-epoll</artifactId>
+        <version>${netty.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>io.netty</groupId>
         <artifactId>netty-resolver-dns</artifactId>
         <version>${netty.version}</version>
       </dependency>
@@ -246,12 +251,12 @@
       <dependency>
         <groupId>commons-io</groupId>
         <artifactId>commons-io</artifactId>
-        <version>2.11.0</version>
+        <version>2.18.0</version>
       </dependency>
       <dependency>
         <groupId>org.apache.commons</groupId>
         <artifactId>commons-text</artifactId>
-        <version>1.10.0</version>
+        <version>1.12.0</version>
       </dependency>
       <dependency>
         <groupId>com.fasterxml.jackson.core</groupId>
@@ -271,7 +276,7 @@
       <dependency>
         <groupId>com.google.guava</groupId>
         <artifactId>guava</artifactId>
-        <version>32.1.2-jre</version>
+        <version>33.3.1-jre</version>
         <exclusions>
           <exclusion>
             <groupId>com.google.code.findbugs</groupId>
@@ -298,7 +303,7 @@
       <dependency>
         <groupId>org.apache.commons</groupId>
         <artifactId>commons-lang3</artifactId>
-        <version>3.12.0</version>
+        <version>3.17.0</version>
       </dependency>
       <dependency>
         <groupId>org.apache.commons</groupId>
@@ -308,12 +313,12 @@
       <dependency>
         <groupId>org.apache.httpcomponents</groupId>
         <artifactId>httpcore</artifactId>
-        <version>4.4.15</version>
+        <version>4.4.16</version>
       </dependency>
       <dependency>
         <groupId>org.apache.httpcomponents</groupId>
         <artifactId>httpclient</artifactId>
-        <version>4.5.13</version>
+        <version>4.5.14</version>
       </dependency>
       <dependency>
         <groupId>org.apache.rat</groupId>