Skip to content

Commit 13e3a6a

Browse files
elahrvivazelahrvivaz
authored
Bump Zookeeper to 3.9.5, Jackson to 2.21.1 (#3522)
* Remove GeoServer-specific versioning in gs-plugins to avoid false CVE warnings
1 parent 50622b7 commit 13e3a6a

File tree

5 files changed

+41
-62
lines changed

5 files changed

+41
-62
lines changed

build/dependencies.txt

Lines changed: 14 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,10 @@ com.clearspring.analytics:stream:2.9.8:compile
44
com.esotericsoftware:kryo-shaded:4.0.3:compile
55
com.esotericsoftware:minlog:1.3.0:compile
66
com.facebook:nailgun-server:1.0.1:compile
7-
com.fasterxml.jackson.core:jackson-annotations:2.19.0:compile
8-
com.fasterxml.jackson.core:jackson-core:2.19.0:compile
9-
com.fasterxml.jackson.core:jackson-databind:2.19.0:compile
10-
com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.19.0:compile
7+
com.fasterxml.jackson.core:jackson-annotations:2.21:compile
8+
com.fasterxml.jackson.core:jackson-core:2.21.1:compile
9+
com.fasterxml.jackson.core:jackson-databind:2.21.1:compile
10+
com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.21.1:compile
1111
com.github.ben-manes.caffeine:caffeine:3.1.8:compile
1212
com.github.luben:zstd-jni:1.5.5-11:compile
1313
com.github.pureconfig:pureconfig-core_2.12:0.17.4:compile
@@ -169,8 +169,8 @@ org.apache.thrift:libthrift:0.17.0:compile
169169
org.apache.xml:xml-commons-resolver:1.2:compile
170170
org.apache.yetus:audience-annotations:0.12.0:compile
171171
org.apache.yetus:audience-annotations:0.13.0:compile
172-
org.apache.zookeeper:zookeeper-jute:3.9.4:compile
173-
org.apache.zookeeper:zookeeper:3.9.4:compile
172+
org.apache.zookeeper:zookeeper-jute:3.9.5:compile
173+
org.apache.zookeeper:zookeeper:3.9.5:compile
174174
org.apiguardian:apiguardian-api:1.1.2:compile
175175
org.calrissian.mango:mango-core:3.0.0:compile
176176
org.checkerframework:checker-qual:2.5.2:compile
@@ -288,13 +288,13 @@ com.amazonaws:jmespath-java:1.12.793:provided
288288
com.datastax.cassandra:cassandra-driver-core:3.11.5:provided
289289
com.datastax.cassandra:cassandra-driver-mapping:3.11.5:provided
290290
com.eclipsesource.minimal-json:minimal-json:0.9.5:provided
291-
com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.19.0:provided
292-
com.fasterxml.jackson.dataformat:jackson-dataformat-csv:2.19.0:provided
293-
com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:2.19.0:provided
294-
com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:2.19.0:provided
295-
com.fasterxml.jackson.module:jackson-module-jaxb-annotations:2.19.0:provided
296-
com.fasterxml.jackson.module:jackson-module-scala_2.12:2.19.0:provided
297-
com.fasterxml.woodstox:woodstox-core:7.1.0:provided
291+
com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.21.1:provided
292+
com.fasterxml.jackson.dataformat:jackson-dataformat-csv:2.21.1:provided
293+
com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:2.21.1:provided
294+
com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:2.21.1:provided
295+
com.fasterxml.jackson.module:jackson-module-jaxb-annotations:2.21.1:provided
296+
com.fasterxml.jackson.module:jackson-module-scala_2.12:2.21.1:provided
297+
com.fasterxml.woodstox:woodstox-core:5.4.0:provided
298298
com.github.jnr:jffi:1.2.16:provided
299299
com.github.jnr:jffi:native:1.2.16:provided
300300
com.github.jnr:jnr-constants:0.9.9:provided
@@ -305,7 +305,6 @@ com.github.pjfanning:jersey-json:1.22.0:provided
305305
com.github.stephenc.jcip:jcip-annotations:1.0-1:provided
306306
com.google.code.findbugs:jsr305:3.0.2:provided
307307
com.google.crypto.tink:tink:1.9.0:provided
308-
com.google.errorprone:error_prone_annotations:2.36.0:provided
309308
com.google.inject.extensions:guice-servlet:4.2.3:provided
310309
com.google.inject:guice:4.2.3:provided
311310
com.jcraft:jsch:0.1.55:provided
@@ -372,7 +371,6 @@ org.antlr:antlr4-runtime:4.7.1:provided
372371
org.apache.accumulo:accumulo-start:2.1.4:provided
373372
org.apache.avro:avro-ipc:1.11.4:provided
374373
org.apache.avro:avro-mapred:1.11.4:provided
375-
org.apache.commons:commons-lang3:3.18.0:provided
376374
org.apache.commons:commons-math3:3.6.1:provided
377375
org.apache.commons:commons-vfs2:2.9.0:provided
378376
org.apache.datasketches:datasketches-java:3.3.0:provided
@@ -449,11 +447,10 @@ org.apache.tomcat:tomcat-util-scan:9.0.104:provided
449447
org.apache.tomcat:tomcat-util:9.0.104:provided
450448
org.apache.xbean:xbean-asm9-shaded:4.23:provided
451449
org.bouncycastle:bcprov-jdk18on:1.78.1:provided
452-
org.checkerframework:checker-qual:3.49.5:provided
453450
org.codehaus.janino:commons-compiler:3.1.9:provided
454451
org.codehaus.janino:janino:3.1.9:provided
455452
org.codehaus.jettison:jettison:1.5.4:provided
456-
org.codehaus.woodstox:stax2-api:4.2.2:provided
453+
org.codehaus.woodstox:stax2-api:4.2.1:provided
457454
org.eclipse.angus:angus-activation:2.0.1:provided
458455
org.eclipse.jetty.websocket:websocket-api:9.4.57.v20241219:provided
459456
org.eclipse.jetty.websocket:websocket-client:9.4.57.v20241219:provided

docs/user/upgrade/6.0.0.rst

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ The following dependencies have been upgraded:
3434
* commons-logging ``1.3.3`` -> ``1.3.5``
3535
* commons-text ``1.12.0`` -> ``1.13.0``
3636
* geotools ``33.2`` -> ``34.2``
37+
* jackson ``2.19.0`` -> ``2.21.1``
3738
* kafka ``3.9.0`` -> ``3.9.1``
3839
* micrometer ``1.15.4`` -> ``1.16.0``
3940
* nifi ``2.6.0`` -> ``2.7.2``
@@ -44,7 +45,7 @@ The following dependencies have been upgraded:
4445
* scala 2.13 ``2.13.12`` -> ``2.13.16``
4546
* sedona ``1.8.0`` -> ``1.8.1``
4647
* spark ``3.5.5`` -> ``3.5.7``
47-
* zookeeper ``3.9.3`` -> ``3.9.4``
48+
* zookeeper ``3.9.3`` -> ``3.9.5``
4849

4950
StrategyDecider API Update
5051
--------------------------

geomesa-archetypes/geomesa-archetypes-gs-plugin/pom.xml

Lines changed: 17 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -13,98 +13,78 @@
1313
<packaging>pom</packaging>
1414

1515
<properties>
16-
<gs.antlr.version>4.7.1</gs.antlr.version>
17-
<gs.checker.qual.version>3.49.5</gs.checker.qual.version>
18-
<gs.commons.codec.version>1.18.0</gs.commons.codec.version>
19-
<gs.commons.io.version>2.19.0</gs.commons.io.version>
20-
<gs.commons.lang3.version>3.18.0</gs.commons.lang3.version>
21-
<gs.commons.logging.version>1.3.5</gs.commons.logging.version>
22-
<gs.commons.pool.version>1.5.4</gs.commons.pool.version>
23-
<gs.commons.text.version>1.13.0</gs.commons.text.version>
24-
<gs.error.prone.version>2.36.0</gs.error.prone.version>
25-
<gs.jackson.version>2.19.0</gs.jackson.version>
26-
<gs.jackson.databind.version>2.19.0</gs.jackson.databind.version>
16+
<antlr.version>4.7.1</antlr.version>
17+
<commons.pool.version>1.5.4</commons.pool.version>
2718
</properties>
2819

2920
<dependencyManagement>
3021
<dependencies>
3122
<!-- dependencies already in geoserver -->
23+
<!-- note: these versions don't align with the actual versions in the geoserver war -->
3224
<dependency>
3325
<groupId>commons-codec</groupId>
3426
<artifactId>commons-codec</artifactId>
35-
<version>${gs.commons.codec.version}</version>
27+
<version>${commons.codec.version}</version>
3628
<scope>provided</scope>
3729
</dependency>
3830
<dependency>
3931
<groupId>commons-io</groupId>
4032
<artifactId>commons-io</artifactId>
41-
<version>${gs.commons.io.version}</version>
33+
<version>${commons.io.version}</version>
4234
<scope>provided</scope>
4335
</dependency>
4436
<dependency>
4537
<groupId>org.apache.commons</groupId>
4638
<artifactId>commons-lang3</artifactId>
47-
<version>${gs.commons.lang3.version}</version>
39+
<version>${commons.lang3.version}</version>
4840
<scope>provided</scope>
4941
</dependency>
5042
<dependency>
5143
<groupId>commons-logging</groupId>
5244
<artifactId>commons-logging</artifactId>
53-
<version>${gs.commons.logging.version}</version>
45+
<version>${commons.logging.version}</version>
5446
<scope>provided</scope>
5547
</dependency>
5648
<dependency>
5749
<groupId>commons-pool</groupId>
5850
<artifactId>commons-pool</artifactId>
59-
<version>${gs.commons.pool.version}</version>
51+
<version>${commons.pool.version}</version>
6052
<scope>provided</scope>
6153
</dependency>
6254
<dependency>
6355
<groupId>org.apache.commons</groupId>
6456
<artifactId>commons-text</artifactId>
65-
<version>${gs.commons.text.version}</version>
66-
<scope>provided</scope>
67-
</dependency>
68-
<dependency>
69-
<groupId>com.fasterxml.jackson.core</groupId>
70-
<artifactId>jackson-annotations</artifactId>
71-
<version>${gs.jackson.version}</version>
57+
<version>${commons.text.version}</version>
7258
<scope>provided</scope>
7359
</dependency>
7460
<dependency>
7561
<groupId>com.fasterxml.jackson.core</groupId>
7662
<artifactId>jackson-core</artifactId>
77-
<version>${gs.jackson.version}</version>
63+
<version>${jackson.version}</version>
7864
<scope>provided</scope>
7965
</dependency>
8066
<dependency>
8167
<groupId>com.fasterxml.jackson.core</groupId>
8268
<artifactId>jackson-databind</artifactId>
83-
<version>${gs.jackson.databind.version}</version>
69+
<version>${jackson.version}</version>
8470
<scope>provided</scope>
8571
</dependency>
8672
<dependency>
8773
<groupId>com.fasterxml.jackson.dataformat</groupId>
8874
<artifactId>jackson-dataformat-xml</artifactId>
89-
<version>${gs.jackson.version}</version>
75+
<version>${jackson.version}</version>
9076
<scope>provided</scope>
9177
</dependency>
9278
<dependency>
9379
<groupId>com.fasterxml.jackson.datatype</groupId>
9480
<artifactId>jackson-datatype-jsr310</artifactId>
95-
<version>${gs.jackson.version}</version>
81+
<version>${jackson.version}</version>
9682
<scope>provided</scope>
9783
</dependency>
9884
<dependency>
99-
<groupId>com.google.errorprone</groupId>
100-
<artifactId>error_prone_annotations</artifactId>
101-
<version>${gs.error.prone.version}</version>
102-
<scope>provided</scope>
103-
</dependency>
104-
<dependency>
105-
<groupId>org.checkerframework</groupId>
106-
<artifactId>checker-qual</artifactId>
107-
<version>${gs.checker.qual.version}</version>
85+
<groupId>com.fasterxml.jackson.core</groupId>
86+
<artifactId>jackson-annotations</artifactId>
87+
<version>${jackson.annotations.version}</version>
10888
<scope>provided</scope>
10989
</dependency>
11090
<dependency>
@@ -224,7 +204,7 @@
224204
<dependency>
225205
<groupId>org.antlr</groupId>
226206
<artifactId>antlr4-runtime</artifactId>
227-
<version>${gs.antlr.version}</version>
207+
<version>${antlr.version}</version>
228208
<scope>provided</scope>
229209
</dependency>
230210
<dependency>

geomesa-archetypes/geomesa-archetypes-spark-runtime/pom.xml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -38,19 +38,19 @@
3838
<dependency>
3939
<groupId>com.fasterxml.jackson.core</groupId>
4040
<artifactId>jackson-core</artifactId>
41-
<version>${fasterxml.jackson.version}</version>
41+
<version>${jackson.version}</version>
4242
<scope>provided</scope>
4343
</dependency>
4444
<dependency>
4545
<groupId>com.fasterxml.jackson.core</groupId>
4646
<artifactId>jackson-databind</artifactId>
47-
<version>${fasterxml.jackson.version}</version>
47+
<version>${jackson.version}</version>
4848
<scope>provided</scope>
4949
</dependency>
5050
<dependency>
5151
<groupId>com.fasterxml.jackson.core</groupId>
5252
<artifactId>jackson-annotations</artifactId>
53-
<version>${fasterxml.jackson.version}</version>
53+
<version>${jackson.annotations.version}</version>
5454
<scope>provided</scope>
5555
</dependency>
5656
<dependency>

pom.xml

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -106,9 +106,10 @@
106106

107107
<!-- standardized transitive dependencies -->
108108
<aircompressor.version>0.27</aircompressor.version>
109-
<fasterxml.jackson.version>2.19.0</fasterxml.jackson.version> <!-- used by geoserver, spark and arrow -->
110109
<h2.version>2.2.224</h2.version>
111110
<hsql.version>2.7.2</hsql.version>
111+
<jackson.version>2.21.1</jackson.version> <!-- used by geoserver, spark and arrow -->
112+
<jackson.annotations.version>2.21</jackson.annotations.version> <!-- note: in most places this is managed through the jackson bom -->
112113
<jetty.version>9.4.57.v20241219</jetty.version>
113114
<jna.version>5.14.0</jna.version>
114115
<json.smart.version>2.5.2</json.smart.version> <!-- used by json-path and hadoop-auth -->
@@ -129,7 +130,7 @@
129130
<!-- provided artifacts, not bundled to support multiple environments -->
130131
<accumulo.version>2.1.4</accumulo.version>
131132
<accumulo-20.version>2.0.1</accumulo-20.version>
132-
<zookeeper.version>3.9.4</zookeeper.version>
133+
<zookeeper.version>3.9.5</zookeeper.version>
133134
<thrift.version>0.17.0</thrift.version>
134135
<thrift-accumulo-20.version>0.12.0</thrift-accumulo-20.version>
135136
<thrift-cassandra.version>0.12.0</thrift-cassandra.version>
@@ -1683,14 +1684,14 @@
16831684
<dependency>
16841685
<groupId>com.fasterxml.jackson</groupId>
16851686
<artifactId>jackson-bom</artifactId>
1686-
<version>${fasterxml.jackson.version}</version>
1687+
<version>${jackson.version}</version>
16871688
<type>pom</type>
16881689
<scope>import</scope>
16891690
</dependency>
16901691
<dependency>
16911692
<groupId>com.fasterxml.jackson.module</groupId>
16921693
<artifactId>jackson-module-scala_${scala.binary.version}</artifactId>
1693-
<version>${fasterxml.jackson.version}</version>
1694+
<version>${jackson.version}</version>
16941695
<scope>provided</scope> <!-- from spark -->
16951696
</dependency>
16961697
<dependency>

0 commit comments

Comments
 (0)