Issue 242: Update Third Party Library Versions

[shshashwat]

Signed-off-by: Shashwat Sharma [email protected]

Change log description
Few libraries version identified with possible vulnerabilities, this needs to be updated

Purpose of the change
Fixes #242

What the code does
Update the library version with possible vulnerabilities

How to verify it
All test cases should pass, Schema-Registry samples should work with Pravega Samples

[kotlasaicharanreddy]

@shshashwat could you please provide kind of tests performed on this ?

[shshashwat]

building and running Schema Registry samples with latest Pravega master is working fine in local

[shshashwat]

ObjectMapper.Configure is deprecated and as per the JavaDoc new way is to use JsonMapper.builder().configure(...).
Ref:- The Javadoc

[crazyzhou]

This change has brought the Flink connector a regression, two of the tests are failing for this change, and the main cause is the avro version upgrade.

Can you give the CVE number for the avro version upgrade and check if version 1.10.0 also works for you. Thanks.

We are still trying to fix it either from the schema registry or the connector itself.

[shshashwat]

Can you give the CVE number for the avro version upgrade and check if version 1.10.0 also works for you. Thanks.

@crazyzhou The changes made here was as per the issue-ticket created by Security scan. The suggested version in the ticket is 1.11.0 and hence it's changed here. If there is some backward compatibility related issue you're facing the way I faced here, that should be manageable.

[crazyzhou]

After some more investigation, the connector can help to fix with some changes on the connector side, so I will unblock it here.