🔐 Update dependencies to fix vulnerabilities (#94)

* 🔐 Update dependencies to fix vulnerabilities

* - added release date

---------

Co-authored-by: Automatic Dependency Updater <opensource@exasol.com>
Co-authored-by: mykhailo.skliar <mykhailo.skliar@exasol.com>

Author: 3 people

dependencies.md

@@ -0,0 +1,49 @@
+# Virtual Schema for Document Data in Files on Azure Blob Storage 2.1.8, released 2026-04-01
+
+Code name: Fixed vulnerabilities CVE-2026-33870, CVE-2026-33871
+
+## Summary
+
+This release fixes the following 2 vulnerabilities:
+
+### CVE-2026-33870 (CWE-444) in dependency `io.netty:netty-codec-http:jar:4.1.131.Final:compile`
+netty-codec-http - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
+#### References
+* https://ossindex.sonatype.org/vulnerability/CVE-2026-33870?component-type=maven&component-name=io.netty%2Fnetty-codec-http&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
+* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2026-33870
+* https://github.com/advisories/GHSA-pwqr-wmgm-9rr8
+* https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-codec-http/CVE-2026-33870.yml
+* https://osv-vulnerabilities.storage.googleapis.com/Maven/GHSA-pwqr-wmgm-9rr8.json
+* https://www.sonatype.com/products/sonatype-guide/oss-index-users
+
+### CVE-2026-33871 (CWE-770) in dependency `io.netty:netty-codec-http2:jar:4.1.131.Final:compile`
+io.netty:netty-codec-http2 - Allocation of Resources Without Limits or Throttling
+#### References
+* https://ossindex.sonatype.org/vulnerability/CVE-2026-33871?component-type=maven&component-name=io.netty%2Fnetty-codec-http2&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
+* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2026-33871
+* https://github.com/advisories/GHSA-w9fj-cfpg-grvv
+* https://www.sonatype.com/products/sonatype-guide/oss-index-users
+
+## Security
+
+* #92: Fixed vulnerability CVE-2026-33870 in dependency `io.netty:netty-codec-http:jar:4.1.131.Final:compile`
+* #93: Fixed vulnerability CVE-2026-33871 in dependency `io.netty:netty-codec-http2:jar:4.1.131.Final:compile`
+
+## Dependency Updates
+
+### Compile Dependency Updates
+
+* Updated `com.azure:azure-storage-blob:12.29.0` to `12.29.1`
+* Updated `com.exasol:error-reporting-java:1.0.1` to `1.0.2`
+* Updated `org.slf4j:slf4j-jdk14:2.0.16` to `2.0.17`
+
+### Test Dependency Updates
+
+* Updated `com.exasol:hamcrest-resultset-matcher:1.7.0` to `1.7.2`
+* Updated `com.exasol:performance-test-recorder-java:0.1.4` to `0.1.5`
+* Updated `com.exasol:test-db-builder-java:3.6.0` to `3.6.4`
+* Updated `com.exasol:udf-debugging-java:0.6.17` to `0.6.18`
+* Updated `org.junit.jupiter:junit-jupiter-params:5.11.4` to `5.14.3`
+* Updated `org.mockito:mockito-core:5.15.2` to `5.23.0`
+* Removed `org.testcontainers:junit-jupiter:1.20.4`
+* Added `org.testcontainers:testcontainers-junit-jupiter:2.0.4`

doc/changes/changelog.md

@@ -17,7 +17,7 @@ Next create the Adapter Script:
  ```sql
 CREATE OR REPLACE JAVA ADAPTER SCRIPT ADAPTER.AZURE_BLOB_STORAGE_FILES_ADAPTER AS
     %scriptclass com.exasol.adapter.RequestDispatcher;
-    %jar /buckets/bfsdefault/default/document-files-virtual-schema-dist-8.1.14-azure-blob-storage-2.1.7.jar;
+    %jar /buckets/bfsdefault/default/document-files-virtual-schema-dist-8.1.14-azure-blob-storage-2.1.8.jar;
 /
 ```
 
@@ -30,7 +30,7 @@ CREATE OR REPLACE JAVA SET SCRIPT ADAPTER.IMPORT_FROM_AZURE_BLOB_STORAGE_DOCUMEN
   CONNECTION_NAME VARCHAR(500))
   EMITS(...) AS
     %scriptclass com.exasol.adapter.document.UdfEntryPoint;
-    %jar /buckets/bfsdefault/default/document-files-virtual-schema-dist-8.1.14-azure-blob-storage-2.1.7.jar;
+    %jar /buckets/bfsdefault/default/document-files-virtual-schema-dist-8.1.14-azure-blob-storage-2.1.8.jar;
 /
 ```
 

doc/changes/changes_2.1.8.md

@@ -1,8 +1,8 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <artifactId>azure-blob-storage-document-files-virtual-schema</artifactId>
-    <version>2.1.7</version>
+    <version>2.1.8</version>
     <name>Virtual Schema for document data in files on Azure Blob Storage</name>
     <description>Adapter for document data access from files from Azure Blob Storage.</description>
     <url>https://github.com/exasol/azure-blob-storage-document-files-virtual-schema/</url>
@@ -29,14 +29,13 @@
     <dependencyManagement>
         <dependencies>
             <dependency>
-                <!-- Fix vulnerabilities CVE-2025-25193, CVE-2025-24970 and CVE-2025-55163,-->
+                <!-- Fix vulnerabilities CVE-2025-25193, CVE-2025-24970, CVE-2025-55163, CVE-2026-33870 & CVE-2026-33871 -->
                 <groupId>io.netty</groupId>
                 <artifactId>netty-bom</artifactId>
-                <version>4.1.131.Final</version>
+                <version>4.2.12.Final</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
-
         </dependencies>
     </dependencyManagement>
     <dependencies>
@@ -48,12 +47,12 @@
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>error-reporting-java</artifactId>
-            <version>1.0.1</version>
+            <version>1.0.2</version>
         </dependency>
         <dependency>
             <groupId>com.azure</groupId>
             <artifactId>azure-storage-blob</artifactId>
-            <version>12.29.0</version>
+            <version>12.29.1</version>
         </dependency>
         <!-- Test dependencies -->
         <dependency>
@@ -72,37 +71,37 @@
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-params</artifactId>
-            <version>5.11.4</version>
+            <version>5.14.3</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>5.15.2</version>
+            <version>5.23.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.testcontainers</groupId>
-            <artifactId>junit-jupiter</artifactId>
-            <version>1.20.4</version>
+            <artifactId>testcontainers-junit-jupiter</artifactId>
+            <version>2.0.4</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>test-db-builder-java</artifactId>
-            <version>3.6.0</version>
+            <version>3.6.4</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>udf-debugging-java</artifactId>
-            <version>0.6.17</version>
+            <version>0.6.18</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>hamcrest-resultset-matcher</artifactId>
-            <version>1.7.0</version>
+            <version>1.7.2</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -114,14 +113,14 @@
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>performance-test-recorder-java</artifactId>
-            <version>0.1.4</version>
+            <version>0.1.5</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <!-- Enable log output for integration tests -->
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-jdk14</artifactId>
-            <version>2.0.16</version>
+            <version>2.0.17</version>
         </dependency>
     </dependencies>
     <build>
@@ -200,7 +199,7 @@
     <parent>
         <artifactId>azure-blob-storage-document-files-virtual-schema-generated-parent</artifactId>
         <groupId>com.exasol</groupId>
-        <version>2.1.7</version>
+        <version>2.1.8</version>
         <relativePath>pk_generated_parent.pom</relativePath>
     </parent>
 </project>

doc/user_guide/user_guide.md

@@ -26,7 +26,7 @@
 import jakarta.json.*;
 
 public class IntegrationTestSetup implements AutoCloseable {
-    private static final String ADAPTER_JAR = "document-files-virtual-schema-dist-8.1.14-azure-blob-storage-2.1.7.jar";
+    private static final String ADAPTER_JAR = "document-files-virtual-schema-dist-8.1.14-azure-blob-storage-2.1.8.jar";
     private final ExasolTestSetup exasolTestSetup;
     private final Connection exasolConnection;
     private final Statement exasolStatement;

pk_generated_parent.pom

@@ -21,7 +21,7 @@ public class LocalAbsTestSetup implements AbsTestSetup {
 
     public LocalAbsTestSetup() {
         // https://mcr.microsoft.com/en-us/product/azure-storage/azurite/tags
-        this.azuriteContainer = new GenericContainer<>("mcr.microsoft.com/azure-storage/azurite:3.33.0");
+        this.azuriteContainer = new GenericContainer<>("mcr.microsoft.com/azure-storage/azurite:3.35.0");
         this.azuriteContainer.addExposedPort(PORT_IN_CONTAINER);
         this.azuriteContainer.start();
         createAzuriteBlobServiceClient();