Skip to content

Commit

Permalink
Upgrade Jackson & its dependencies to resolve CVEs
Browse files Browse the repository at this point in the history 
If applied, this will:
Upgrade Jackson Core, Databind, and other dependencies to version 2.15.4.
Address security vulnerabilities, including PRISMA-2023-0067.
  • Loading branch information
@Mariamalmesfer
Mariamalmesfer authored and Mariam Almesfer committed Dec 3, 2024
1 parent 68b26f3 commit a25f1c7
Show file tree
Hide file tree
Showing 5 changed files with 42 additions and 5 deletions.
42 changes: 40 additions & 2 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@
<dep.ratis.version>2.2.0</dep.ratis.version>
<dep.errorprone.version>2.18.0</dep.errorprone.version>
<dep.guava.version>32.1.0-jre</dep.guava.version>
<dep.jackson.version>2.11.0</dep.jackson.version>
<dep.jackson.version>2.15.4</dep.jackson.version>
<dep.j2objc.version>2.8</dep.j2objc.version>
<dep.avro.version>1.11.4</dep.avro.version>
<dep.commons.compress.version>1.26.2</dep.commons.compress.version>
Expand Down Expand Up @@ -212,7 +212,7 @@
<artifactId>netty-handler</artifactId>
<version>4.1.107.Final</version>
</dependency>

<dependency>
<groupId>com.facebook.presto</groupId>
<artifactId>presto-testing-docker</artifactId>
Expand Down Expand Up @@ -798,6 +798,36 @@
<version>${dep.jackson.version}</version>
</dependency>

<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>${dep.jackson.version}</version>
</dependency>

<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>${dep.jackson.version}</version>
</dependency>

<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-smile</artifactId>
<version>${dep.jackson.version}</version>
</dependency>

<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-yaml</artifactId>
<version>${dep.jackson.version}</version>
</dependency>

<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${dep.jackson.version}</version>
</dependency>

<dependency>
<groupId>com.jayway.jsonpath</groupId>
<artifactId>json-path</artifactId>
Expand Down Expand Up @@ -2277,6 +2307,14 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.3.0</version>
<dependencies>
<dependency>
<groupId>org.codehaus.mojo</groupId>
<artifactId>extra-enforcer-rules</artifactId>
<version>1.6.2</version>
</dependency>
</dependencies>
<configuration>
<rules>
<requireUpperBoundDeps>
Expand Down
1 change: 1 addition & 0 deletions presto-bigquery/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -353,6 +353,7 @@
<exclude>com.fasterxml.jackson.core:jackson-core</exclude>
<exclude>javax.annotation:javax.annotation-api</exclude>
<exclude>com.fasterxml.jackson.core:jackson-databind</exclude>
<exclude>com.google.api.grpc:proto-google-common-protos</exclude>
</excludes>
</requireUpperBoundDeps>
</rules>
Expand Down
1 change: 0 additions & 1 deletion presto-hudi/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -217,7 +217,6 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>2.10.2</version>
<scope>provided</scope>
</dependency>

Expand Down
1 change: 0 additions & 1 deletion presto-iceberg/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -459,7 +459,6 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>2.10.2</version>
<scope>provided</scope>
</dependency>

Expand Down
2 changes: 1 addition & 1 deletion presto-spi/src/main/java/com/facebook/presto/spi/MaterializedViewDefinition.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -270,7 +270,7 @@ public String getColumnName()
return columnName;
}

@JsonProperty
@JsonProperty(value = "isDirectMapped")
public Optional<Boolean> isDirectMapped()
{
return isDirectMapped;
Expand Down

0 comments on commit a25f1c7

Please sign in to comment.