Skip to content

Commit

Permalink
Fix the okhttp CVE issues
Browse files Browse the repository at this point in the history 
(cherry picked from commit 2d47e4b)
  • Loading branch information
@roczei
roczei committed Aug 16, 2024
1 parent dcafafe commit 7e7a8bc
Show file tree
Hide file tree
Showing 4 changed files with 37 additions and 12 deletions.
11 changes: 8 additions & 3 deletions dev/deps/spark-deps-hadoop-2-hive-2.3
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,10 @@ jsp-api/2.1//jsp-api-2.1.jar
jsr305/3.0.0//jsr305-3.0.0.jar
jta/1.1//jta-1.1.jar
jul-to-slf4j/2.0.6//jul-to-slf4j-2.0.6.jar
kotlin-stdlib-common/1.9.10//kotlin-stdlib-common-1.9.10.jar
kotlin-stdlib-jdk7/1.8.21//kotlin-stdlib-jdk7-1.8.21.jar
kotlin-stdlib-jdk8/1.8.21//kotlin-stdlib-jdk8-1.8.21.jar
kotlin-stdlib/1.8.21//kotlin-stdlib-1.8.21.jar
kryo-shaded/4.0.2//kryo-shaded-4.0.2.jar
kubernetes-client-api/6.4.1//kubernetes-client-api-6.4.1.jar
kubernetes-client/6.4.1//kubernetes-client-6.4.1.jar
Expand Down Expand Up @@ -191,7 +195,7 @@ log4j-1.2-api/2.19.0//log4j-1.2-api-2.19.0.jar
log4j-api/2.19.0//log4j-api-2.19.0.jar
log4j-core/2.19.0//log4j-core-2.19.0.jar
log4j-slf4j2-impl/2.19.0//log4j-slf4j2-impl-2.19.0.jar
logging-interceptor/3.12.12//logging-interceptor-3.12.12.jar
logging-interceptor/4.12.0//logging-interceptor-4.12.0.jar
lz4-java/1.8.0//lz4-java-1.8.0.jar
mesos/1.4.3/shaded-protobuf/mesos-1.4.3-shaded-protobuf.jar
metrics-core/4.2.15//metrics-core-4.2.15.jar
Expand Down Expand Up @@ -219,8 +223,9 @@ netty-transport-native-kqueue/4.1.87.Final/osx-x86_64/netty-transport-native-kqu
netty-transport-native-unix-common/4.1.87.Final//netty-transport-native-unix-common-4.1.87.Final.jar
netty-transport/4.1.87.Final//netty-transport-4.1.87.Final.jar
objenesis/3.2//objenesis-3.2.jar
okhttp/3.12.12//okhttp-3.12.12.jar
okio/1.17.6//okio-1.17.6.jar
okhttp/4.12.0//okhttp-4.12.0.jar
okio-jvm/3.6.0//okio-jvm-3.6.0.jar
okio/3.6.0//okio-3.6.0.jar
opencsv/2.3//opencsv-2.3.jar
orc-core/1.8.7/shaded-protobuf/orc-core-1.8.7-shaded-protobuf.jar
orc-mapreduce/1.8.7/shaded-protobuf/orc-mapreduce-1.8.7-shaded-protobuf.jar
Expand Down
11 changes: 8 additions & 3 deletions dev/deps/spark-deps-hadoop-3-hive-2.3
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,10 @@ json4s-scalap_2.12/3.7.0-M11//json4s-scalap_2.12-3.7.0-M11.jar
jsr305/3.0.0//jsr305-3.0.0.jar
jta/1.1//jta-1.1.jar
jul-to-slf4j/2.0.6//jul-to-slf4j-2.0.6.jar
kotlin-stdlib-common/1.9.10//kotlin-stdlib-common-1.9.10.jar
kotlin-stdlib-jdk7/1.8.21//kotlin-stdlib-jdk7-1.8.21.jar
kotlin-stdlib-jdk8/1.8.21//kotlin-stdlib-jdk8-1.8.21.jar
kotlin-stdlib/1.8.21//kotlin-stdlib-1.8.21.jar
kryo-shaded/4.0.2//kryo-shaded-4.0.2.jar
kubernetes-client-api/6.4.1//kubernetes-client-api-6.4.1.jar
kubernetes-client/6.4.1//kubernetes-client-6.4.1.jar
Expand Down Expand Up @@ -175,7 +179,7 @@ log4j-1.2-api/2.19.0//log4j-1.2-api-2.19.0.jar
log4j-api/2.19.0//log4j-api-2.19.0.jar
log4j-core/2.19.0//log4j-core-2.19.0.jar
log4j-slf4j2-impl/2.19.0//log4j-slf4j2-impl-2.19.0.jar
logging-interceptor/3.12.12//logging-interceptor-3.12.12.jar
logging-interceptor/4.12.0//logging-interceptor-4.12.0.jar
lz4-java/1.8.0//lz4-java-1.8.0.jar
mesos/1.4.3/shaded-protobuf/mesos-1.4.3-shaded-protobuf.jar
metrics-core/4.2.15//metrics-core-4.2.15.jar
Expand Down Expand Up @@ -203,8 +207,9 @@ netty-transport-native-kqueue/4.1.87.Final/osx-x86_64/netty-transport-native-kqu
netty-transport-native-unix-common/4.1.87.Final//netty-transport-native-unix-common-4.1.87.Final.jar
netty-transport/4.1.87.Final//netty-transport-4.1.87.Final.jar
objenesis/3.2//objenesis-3.2.jar
okhttp/3.12.12//okhttp-3.12.12.jar
okio/1.17.6//okio-1.17.6.jar
okhttp/4.12.0//okhttp-4.12.0.jar
okio-jvm/3.6.0//okio-jvm-3.6.0.jar
okio/3.6.0//okio-3.6.0.jar
opencsv/2.3//opencsv-2.3.jar
opentracing-api/0.33.0//opentracing-api-0.33.0.jar
opentracing-noop/0.33.0//opentracing-noop-0.33.0.jar
Expand Down
7 changes: 1 addition & 6 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,7 @@
<!-- org.fusesource.leveldbjni will be used except on arm64 platform. -->
<leveldbjni.group>org.fusesource.leveldbjni</leveldbjni.group>
<kubernetes-client.version>6.4.1</kubernetes-client.version>
<okio.version>1.17.6</okio.version>
<okhttp.version>4.12.0</okhttp.version>

<test.java.home>${java.home}</test.java.home>

Expand Down Expand Up @@ -2791,11 +2791,6 @@
<artifactId>arpack</artifactId>
<version>${netlib.ludovic.dev.version}</version>
</dependency>
<dependency>
<groupId>com.squareup.okio</groupId>
<artifactId>okio</artifactId>
<version>${okio.version}</version>
</dependency>
</dependencies>
</dependencyManagement>

Expand Down
20 changes: 20 additions & 0 deletions resource-managers/kubernetes/core/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,26 @@
<groupId>io.fabric8</groupId>
<artifactId>kubernetes-httpclient-okhttp</artifactId>
<version>${kubernetes-client.version}</version>
<exclusions>
<exclusion>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
</exclusion>
<exclusion>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>logging-interceptor</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
<version>${okhttp.version}</version>
</dependency>
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>logging-interceptor</artifactId>
<version>${okhttp.version}</version>
</dependency>
<dependency>
<groupId>io.fabric8</groupId>
Expand Down

0 comments on commit 7e7a8bc

Please sign in to comment.