Skip to content

Commit

Permalink
downgrade scoped Jetty dependency to use 9.4.52 version for Kafka-Con…
Browse files Browse the repository at this point in the history 
…nect-Plugin, which minimize the impact to other plugins.

Signed-off-by: Haidong <[email protected]>
  • Loading branch information
Haidong committed Oct 7, 2023
1 parent 45d97ae commit 401acb4
Show file tree
Hide file tree
Showing 2 changed files with 58 additions and 16 deletions.
70 changes: 58 additions & 12 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,64 @@ subprojects {
}
dependencies {
implementation platform('com.fasterxml.jackson:jackson-bom:2.15.0')
implementation platform('org.eclipse.jetty:jetty-bom:11.0.16') {
dependencies {
implementation('org.eclipse.jetty:jetty-http') {
version {
strictly '9.4.52.v20230823'
}
because 'CVE from transitive dependencies, please use 9.x version for kafka connect plugin.'
}
implementation('org.eclipse.jetty:jetty-server') {
version {
strictly '9.4.52.v20230823'
}
because 'CVE from transitive dependencies, please use 9.x version for kafka connect plugin.'
}
implementation('org.eclipse.jetty:jetty-servlet') {
version {
strictly '9.4.52.v20230823'
}
because 'CVE from transitive dependencies, please use 9.x version for kafka connect plugin.'
}
implementation('org.eclipse.jetty:jetty-servlets') {
version {
strictly '9.4.52.v20230823'
}
because 'CVE from transitive dependencies, please use 9.x version for kafka connect plugin.'
}
implementation('org.eclipse.jetty:jetty-client') {
version {
strictly '9.4.52.v20230823'
}
because 'CVE from transitive dependencies, please use 9.x version for kafka connect plugin.'
}
implementation('org.eclipse.jetty:jetty-util') {
version {
strictly '9.4.52.v20230823'
}
because 'CVE from transitive dependencies, please use 9.x version for kafka connect plugin.'
}
implementation('org.eclipse.jetty:jetty-util-ajax') {
version {
strictly '9.4.52.v20230823'
}
because 'CVE from transitive dependencies, please use 9.x version for kafka connect plugin.'
}
implementation('org.eclipse.jetty:jetty-io') {
version {
strictly '9.4.52.v20230823'
}
because 'CVE from transitive dependencies, please use 9.x version for kafka connect plugin.'
}
implementation('org.eclipse.jetty.http2:http2-hpack') {
version {
strictly '9.4.52.v20230823'
}
because 'CVE from transitive dependencies, please use 9.x version for kafka connect plugin.'
}
}
}
implementation platform('io.micrometer:micrometer-bom:1.10.5')
implementation libs.guava.core
implementation libs.slf4j.api
Expand Down Expand Up @@ -145,18 +203,6 @@ subprojects {
}
because 'CVE from transitive dependencies'
}
implementation('org.eclipse.jetty:jetty-http') {
version {
require '9.4.52.v20230823'
}
because 'CVE from transitive dependencies, please use 9.x version for kafka connect plugin.'
}
implementation('org.eclipse.jetty:jetty-server') {
version {
require '9.4.52.v20230823'
}
because 'CVE from transitive dependencies, please use 9.x version for kafka connect plugin.'
}
implementation('org.jetbrains.kotlin:kotlin-stdlib') {
version {
require '1.8.21'
Expand Down
4 changes: 0 additions & 4 deletions data-prepper-plugins/kafka-connect-plugins/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,6 @@ dependencies {
implementation 'javax.validation:validation-api:2.0.1.Final'
implementation libs.reflections.core
implementation 'io.micrometer:micrometer-core'
implementation 'org.eclipse.jetty:jetty-server:9.4.52.v20230823'
implementation 'org.eclipse.jetty:jetty-servlet:9.4.52.v20230823'
implementation 'org.eclipse.jetty:jetty-servlets:9.4.52.v20230823'
implementation 'org.eclipse.jetty:jetty-client:9.4.52.v20230823'
implementation ('io.confluent:kafka-schema-registry:7.5.0') {
exclude group: 'org.glassfish.jersey.containers', module: 'jersey-container-servlet'
exclude group: 'org.glassfish.jersey.inject', module: 'jersey-hk2'
Expand Down

0 comments on commit 401acb4

Please sign in to comment.