From 7e7a8bcb9b16f6feb58d07852bed6ad18760c259 Mon Sep 17 00:00:00 2001 From: Gabor Roczei Date: Sat, 17 Aug 2024 00:04:54 +0200 Subject: [PATCH] Fix the okhttp CVE issues (cherry picked from commit 2d47e4b0185520ac7dc67f7b55c68f0ddb28b791) --- dev/deps/spark-deps-hadoop-2-hive-2.3 | 11 ++++++++--- dev/deps/spark-deps-hadoop-3-hive-2.3 | 11 ++++++++--- pom.xml | 7 +------ resource-managers/kubernetes/core/pom.xml | 20 ++++++++++++++++++++ 4 files changed, 37 insertions(+), 12 deletions(-) diff --git a/dev/deps/spark-deps-hadoop-2-hive-2.3 b/dev/deps/spark-deps-hadoop-2-hive-2.3 index 1df44c045336c..163a02965713b 100644 --- a/dev/deps/spark-deps-hadoop-2-hive-2.3 +++ b/dev/deps/spark-deps-hadoop-2-hive-2.3 @@ -158,6 +158,10 @@ jsp-api/2.1//jsp-api-2.1.jar jsr305/3.0.0//jsr305-3.0.0.jar jta/1.1//jta-1.1.jar jul-to-slf4j/2.0.6//jul-to-slf4j-2.0.6.jar +kotlin-stdlib-common/1.9.10//kotlin-stdlib-common-1.9.10.jar +kotlin-stdlib-jdk7/1.8.21//kotlin-stdlib-jdk7-1.8.21.jar +kotlin-stdlib-jdk8/1.8.21//kotlin-stdlib-jdk8-1.8.21.jar +kotlin-stdlib/1.8.21//kotlin-stdlib-1.8.21.jar kryo-shaded/4.0.2//kryo-shaded-4.0.2.jar kubernetes-client-api/6.4.1//kubernetes-client-api-6.4.1.jar kubernetes-client/6.4.1//kubernetes-client-6.4.1.jar @@ -191,7 +195,7 @@ log4j-1.2-api/2.19.0//log4j-1.2-api-2.19.0.jar log4j-api/2.19.0//log4j-api-2.19.0.jar log4j-core/2.19.0//log4j-core-2.19.0.jar log4j-slf4j2-impl/2.19.0//log4j-slf4j2-impl-2.19.0.jar -logging-interceptor/3.12.12//logging-interceptor-3.12.12.jar +logging-interceptor/4.12.0//logging-interceptor-4.12.0.jar lz4-java/1.8.0//lz4-java-1.8.0.jar mesos/1.4.3/shaded-protobuf/mesos-1.4.3-shaded-protobuf.jar metrics-core/4.2.15//metrics-core-4.2.15.jar @@ -219,8 +223,9 @@ netty-transport-native-kqueue/4.1.87.Final/osx-x86_64/netty-transport-native-kqu netty-transport-native-unix-common/4.1.87.Final//netty-transport-native-unix-common-4.1.87.Final.jar netty-transport/4.1.87.Final//netty-transport-4.1.87.Final.jar objenesis/3.2//objenesis-3.2.jar -okhttp/3.12.12//okhttp-3.12.12.jar -okio/1.17.6//okio-1.17.6.jar +okhttp/4.12.0//okhttp-4.12.0.jar +okio-jvm/3.6.0//okio-jvm-3.6.0.jar +okio/3.6.0//okio-3.6.0.jar opencsv/2.3//opencsv-2.3.jar orc-core/1.8.7/shaded-protobuf/orc-core-1.8.7-shaded-protobuf.jar orc-mapreduce/1.8.7/shaded-protobuf/orc-mapreduce-1.8.7-shaded-protobuf.jar diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3 b/dev/deps/spark-deps-hadoop-3-hive-2.3 index f0785806d5642..d63c6df764371 100644 --- a/dev/deps/spark-deps-hadoop-3-hive-2.3 +++ b/dev/deps/spark-deps-hadoop-3-hive-2.3 @@ -142,6 +142,10 @@ json4s-scalap_2.12/3.7.0-M11//json4s-scalap_2.12-3.7.0-M11.jar jsr305/3.0.0//jsr305-3.0.0.jar jta/1.1//jta-1.1.jar jul-to-slf4j/2.0.6//jul-to-slf4j-2.0.6.jar +kotlin-stdlib-common/1.9.10//kotlin-stdlib-common-1.9.10.jar +kotlin-stdlib-jdk7/1.8.21//kotlin-stdlib-jdk7-1.8.21.jar +kotlin-stdlib-jdk8/1.8.21//kotlin-stdlib-jdk8-1.8.21.jar +kotlin-stdlib/1.8.21//kotlin-stdlib-1.8.21.jar kryo-shaded/4.0.2//kryo-shaded-4.0.2.jar kubernetes-client-api/6.4.1//kubernetes-client-api-6.4.1.jar kubernetes-client/6.4.1//kubernetes-client-6.4.1.jar @@ -175,7 +179,7 @@ log4j-1.2-api/2.19.0//log4j-1.2-api-2.19.0.jar log4j-api/2.19.0//log4j-api-2.19.0.jar log4j-core/2.19.0//log4j-core-2.19.0.jar log4j-slf4j2-impl/2.19.0//log4j-slf4j2-impl-2.19.0.jar -logging-interceptor/3.12.12//logging-interceptor-3.12.12.jar +logging-interceptor/4.12.0//logging-interceptor-4.12.0.jar lz4-java/1.8.0//lz4-java-1.8.0.jar mesos/1.4.3/shaded-protobuf/mesos-1.4.3-shaded-protobuf.jar metrics-core/4.2.15//metrics-core-4.2.15.jar @@ -203,8 +207,9 @@ netty-transport-native-kqueue/4.1.87.Final/osx-x86_64/netty-transport-native-kqu netty-transport-native-unix-common/4.1.87.Final//netty-transport-native-unix-common-4.1.87.Final.jar netty-transport/4.1.87.Final//netty-transport-4.1.87.Final.jar objenesis/3.2//objenesis-3.2.jar -okhttp/3.12.12//okhttp-3.12.12.jar -okio/1.17.6//okio-1.17.6.jar +okhttp/4.12.0//okhttp-4.12.0.jar +okio-jvm/3.6.0//okio-jvm-3.6.0.jar +okio/3.6.0//okio-3.6.0.jar opencsv/2.3//opencsv-2.3.jar opentracing-api/0.33.0//opentracing-api-0.33.0.jar opentracing-noop/0.33.0//opentracing-noop-0.33.0.jar diff --git a/pom.xml b/pom.xml index c552ca54e18eb..5bb7943b1ce01 100644 --- a/pom.xml +++ b/pom.xml @@ -227,7 +227,7 @@ org.fusesource.leveldbjni 6.4.1 - 1.17.6 + 4.12.0 ${java.home} @@ -2791,11 +2791,6 @@ arpack ${netlib.ludovic.dev.version} - - com.squareup.okio - okio - ${okio.version} - diff --git a/resource-managers/kubernetes/core/pom.xml b/resource-managers/kubernetes/core/pom.xml index abb2a5551653e..7842f2970d485 100644 --- a/resource-managers/kubernetes/core/pom.xml +++ b/resource-managers/kubernetes/core/pom.xml @@ -79,6 +79,26 @@ io.fabric8 kubernetes-httpclient-okhttp ${kubernetes-client.version} + + + com.squareup.okhttp3 + okhttp + + + com.squareup.okhttp3 + logging-interceptor + + + + + com.squareup.okhttp3 + okhttp + ${okhttp.version} + + + com.squareup.okhttp3 + logging-interceptor + ${okhttp.version} io.fabric8