Fix security vulnerabilities and upgrade KC version to 1.6.9 (#498)

* [SNOW-643653] Fix Citi Blackduck vulnerabilities (#497) * avro 1.8.1 -> 1.11.0, kakfa-clients -> 2.8.2 * vulnerabilities fixed? * fixed all vuln * update kc version * update utils.java
snowflakedb · Sep 28, 2022 · 3b64777 · 3b64777
1 parent 58fa3ca
commit 3b64777
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 11 deletions.
diff --git a/pom.xml b/pom.xml
@@ -12,7 +12,7 @@
 
  <groupId>com.snowflake</groupId>
  <artifactId>snowflake-kafka-connector</artifactId>
- <version>1.6.8</version>
+ <version>1.6.9</version>
  <packaging>jar</packaging>
  <name>Snowflake Kafka Connector</name>
  <description>Snowflake Kafka Connect Sink Connector</description>
@@ -290,7 +290,7 @@
  <dependency>
  <groupId>org.apache.kafka</groupId>
  <artifactId>connect-api</artifactId>
- <version>2.8.1</version>
+ <version>3.2.3</version>
  <scope>provided</scope>
  <exclusions>
  <exclusion>
@@ -326,7 +326,7 @@
  <dependency>
  <groupId>org.apache.avro</groupId>
  <artifactId>avro</artifactId>
- <version>1.9.0</version>
+ <version>1.11.1</version>
  <exclusions>
  <exclusion>
  <groupId>com.fasterxml.jackson.core</groupId>

diff --git a/pom_confluent.xml b/pom_confluent.xml
@@ -13,7 +13,7 @@
 
  <groupId>com.snowflake</groupId>
  <artifactId>snowflake-kafka-connector</artifactId>
- <version>1.6.8</version>
+ <version>1.6.9</version>
  <packaging>jar</packaging>
  <name>Snowflake Kafka Connector</name>
  <description>Snowflake Kafka Connect Sink Connector</description>
@@ -338,7 +338,7 @@
  <dependency>
  <groupId>org.apache.kafka</groupId>
  <artifactId>connect-api</artifactId>
- <version>2.8.1</version>
+ <version>3.2.3</version>
  <scope>provided</scope>
  <exclusions>
  <exclusion>
@@ -374,7 +374,7 @@
  <dependency>
  <groupId>org.apache.avro</groupId>
  <artifactId>avro</artifactId>
- <version>1.9.0</version>
+ <version>1.11.1</version>
  <exclusions>
  <exclusion>
  <groupId>com.fasterxml.jackson.core</groupId>

diff --git a/src/main/java/com/snowflake/kafka/connector/Utils.java b/src/main/java/com/snowflake/kafka/connector/Utils.java
@@ -46,7 +46,7 @@
 public class Utils {
 
  // Connector version, change every release
- public static final String VERSION = "1.6.8";
+ public static final String VERSION = "1.6.9";
 
  // connector parameter list
  public static final String NAME = "name";

diff --git a/test/perf_test/pom.xml b/test/perf_test/pom.xml
@@ -25,7 +25,7 @@
  <dependency>
  <groupId>io.confluent</groupId>
  <artifactId>kafka-avro-serializer</artifactId>
- <version>5.1.2</version>
+ <version>7.2.1</version>
  </dependency>
 
  <!-- https://mvnrepository.com/artifact/net.snowflake/snowflake-jdbc -->
@@ -37,7 +37,7 @@
  <dependency>
  <groupId>org.apache.kafka</groupId>
  <artifactId>kafka-clients</artifactId>
- <version>2.2.1</version>
+ <version>2.8.2</version>
  </dependency>
  <dependency>
  <groupId>org.bouncycastle</groupId>
@@ -54,7 +54,7 @@
  <dependency>
  <groupId>org.apache.avro</groupId>
  <artifactId>avro</artifactId>
- <version>1.8.1</version>
+ <version>1.11.1</version>
  </dependency>
  </dependencies>
 
@@ -63,7 +63,7 @@
  <plugin>
  <groupId>org.apache.avro</groupId>
  <artifactId>avro-maven-plugin</artifactId>
- <version>1.8.1</version>
+ <version>1.11.1</version>
  <executions>
  <execution>
  <phase>generate-sources</phase>