From cdc3c37d28c83aef8a7446b58d750ccc405ce469 Mon Sep 17 00:00:00 2001 From: Aaron Steinfeld <45047841+aaron-steinfeld@users.noreply.github.com> Date: Fri, 4 Oct 2024 11:32:49 -0400 Subject: [PATCH] chore: update some old dependencies (#101) --- kafka-bom/build.gradle.kts | 10 ++++------ kafka-streams-framework/build.gradle.kts | 2 +- .../weighted-group-partitioner/build.gradle.kts | 4 ++-- owasp-suppressions.xml | 15 --------------- 4 files changed, 7 insertions(+), 24 deletions(-) diff --git a/kafka-bom/build.gradle.kts b/kafka-bom/build.gradle.kts index 5d47c6d..115344a 100644 --- a/kafka-bom/build.gradle.kts +++ b/kafka-bom/build.gradle.kts @@ -6,18 +6,16 @@ plugins { var confluentVersion = "7.7.0" var confluentCcsVersion = "$confluentVersion-ccs" -var protobufVersion = "3.21.7" +var protobufVersion = "3.25.5" dependencies { constraints { - api("com.fasterxml.jackson.core:jackson-databind:2.15.2") + api("com.fasterxml.jackson.core:jackson-databind:2.16.1") api("org.xerial.snappy:snappy-java:1.1.10.5") { because("[https://nvd.nist.gov/vuln/detail/CVE-2023-34455] in 'org.apache.kafka:kafka-clients:*'") because("[https://nvd.nist.gov/vuln/detail/CVE-2023-43642]") } - api("com.google.protobuf:protobuf-java-util:3.21.7") { - because("https://nvd.nist.gov/vuln/detail/CVE-2022-3171") - } + api("com.google.protobuf:protobuf-java-util:$protobufVersion") api("com.squareup.okio:okio:3.4.0") { because("https://nvd.nist.gov/vuln/detail/CVE-2023-3635 in io.confluent:kafka-protobuf-serializer:7.4.0") } @@ -32,6 +30,6 @@ dependencies { api("org.apache.kafka:kafka-clients:$confluentCcsVersion") api("org.apache.kafka:kafka-streams:$confluentCcsVersion") api("org.apache.kafka:kafka-streams-test-utils:$confluentCcsVersion") - api("org.apache.avro:avro:1.11.3") + api("org.apache.avro:avro:1.11.4") } } diff --git a/kafka-streams-framework/build.gradle.kts b/kafka-streams-framework/build.gradle.kts index 6f0491c..537be83 100644 --- a/kafka-streams-framework/build.gradle.kts +++ b/kafka-streams-framework/build.gradle.kts @@ -18,7 +18,7 @@ dependencies { api(platform(project(":kafka-bom"))) api("org.apache.kafka:kafka-streams") api("io.confluent:kafka-streams-avro-serde") - api("org.hypertrace.core.grpcutils:grpc-client-utils:0.13.0") + api("org.hypertrace.core.grpcutils:grpc-client-utils:0.13.6") implementation("org.apache.avro:avro") implementation("org.apache.kafka:kafka-clients") diff --git a/kafka-streams-partitioners/weighted-group-partitioner/build.gradle.kts b/kafka-streams-partitioners/weighted-group-partitioner/build.gradle.kts index afd8e96..a484b6b 100644 --- a/kafka-streams-partitioners/weighted-group-partitioner/build.gradle.kts +++ b/kafka-streams-partitioners/weighted-group-partitioner/build.gradle.kts @@ -15,10 +15,10 @@ dependencies { api(platform(project(":kafka-bom"))) api("org.apache.kafka:kafka-streams") - api("org.hypertrace.core.grpcutils:grpc-client-utils:0.13.0") + api("org.hypertrace.core.grpcutils:grpc-client-utils:0.13.6") api("com.typesafe:config:1.4.2") implementation("com.google.guava:guava:32.0.1-jre") - implementation("org.hypertrace.core.grpcutils:grpc-context-utils:0.13.0") + implementation("org.hypertrace.core.grpcutils:grpc-context-utils:0.13.6") implementation("org.hypertrace.config.service:partitioner-config-service-api:0.1.46") implementation("org.slf4j:slf4j-api:1.7.36") diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml index 9f207a7..cbc052c 100644 --- a/owasp-suppressions.xml +++ b/owasp-suppressions.xml @@ -1,18 +1,3 @@ - - - ^pkg:maven/org\.hypertrace\.core\..*@.*$ - cpe:/a:grpc:grpc - - - - ^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$ - CVE-2023-35116 - \ No newline at end of file