From 2bac63b014a5d1e31586b5b1ce4c7bb9637081ff Mon Sep 17 00:00:00 2001
From: Denodo Research Labs <research.labs@denodo.com>
Date: Wed, 19 Jun 2024 13:57:29 +0200
Subject: [PATCH] Upgrade avro to 1.11.3 due CVE-2023-39410

---
 pom.xml | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 6ad1286..c760374 100644
--- a/pom.xml
+++ b/pom.xml
@@ -41,6 +41,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.build.targetJdk>1.7</project.build.targetJdk>
         <shadeBase>com.facebook.presto.hadoop.\$internal</shadeBase>
+        <dep.avro.version>1.11.3</dep.avro.version>
         <dep.slf4j.version>1.7.13</dep.slf4j.version>
         <dep.hadoop.version>2.7.4</dep.hadoop.version>
 
@@ -54,6 +55,16 @@
         <air.javadoc.lint>-missing</air.javadoc.lint>
     </properties>
 
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.apache.avro</groupId>
+                <artifactId>avro</artifactId>
+                <version>${dep.avro.version}</version>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
     <dependencies>
         <dependency>
             <groupId>org.apache.hadoop</groupId>
@@ -455,8 +466,8 @@
                                     <shadedPattern>${shadeBase}.com.google.gson</shadedPattern>
                                 </relocation>
                                 <relocation>
-                                    <pattern>com.fasterxml.jackson.core</pattern>
-                                    <shadedPattern>${shadeBase}.com.fasterxml.jackson.core</shadedPattern>
+                                    <pattern>com.fasterxml.jackson</pattern>
+                                    <shadedPattern>${shadeBase}.com.fasterxml.jackson</shadedPattern>
                                 </relocation>
                                 <relocation>
                                     <pattern>org.codehaus.jackson</pattern>