Skip to content

Commit 52b6ae8

Browse files
sfc-gh-skarlapudisfc-gh-skarlapudi
authored
SNOW-2994074: Fix vulns (#1092)
Fix netty-codec-http vulnerability (CVE in 4.1.124.Final)
1 parent e6d7522 commit 52b6ae8

File tree

2 files changed

+20
-3
lines changed

2 files changed

+20
-3
lines changed

pom.xml

Lines changed: 19 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -53,9 +53,9 @@
5353
<commonstext.version>1.13.0</commonstext.version>
5454
<fasterxml.version>2.18.1</fasterxml.version>
5555
<google.httpclient.version>1.45.0</google.httpclient.version>
56-
<grpc.version>1.67.1</grpc.version>
56+
<grpc.version>1.77.0</grpc.version>
5757
<gson.version>2.11.0</gson.version>
58-
<guava.version>33.3.1-jre</guava.version>
58+
<guava.version>33.4.8-jre</guava.version>
5959
<hadoop.version>3.4.2</hadoop.version>
6060
<iceberg.version>1.6.1</iceberg.version>
6161
<jacoco.skip.instrument>true</jacoco.skip.instrument>
@@ -67,7 +67,7 @@
6767
<maven.compiler.source>1.8</maven.compiler.source>
6868
<maven.compiler.target>1.8</maven.compiler.target>
6969
<net.minidev.version>2.5.2</net.minidev.version>
70-
<netty.version>4.1.124.Final</netty.version>
70+
<netty.version>4.1.127.Final</netty.version>
7171
<nimbusds.version>10.0.2</nimbusds.version>
7272
<objenesis.version>3.1</objenesis.version>
7373
<parquet.version>1.14.4</parquet.version>
@@ -94,6 +94,13 @@
9494
<type>pom</type>
9595
<scope>import</scope>
9696
</dependency>
97+
<dependency>
98+
<groupId>io.grpc</groupId>
99+
<artifactId>grpc-bom</artifactId>
100+
<version>${grpc.version}</version>
101+
<type>pom</type>
102+
<scope>import</scope>
103+
</dependency>
97104
<dependency>
98105
<groupId>io.netty</groupId>
99106
<artifactId>netty-bom</artifactId>
@@ -106,6 +113,11 @@
106113
<artifactId>gson</artifactId>
107114
<version>${gson.version}</version>
108115
</dependency>
116+
<dependency>
117+
<groupId>com.google.guava</groupId>
118+
<artifactId>failureaccess</artifactId>
119+
<version>1.0.3</version>
120+
</dependency>
109121
<dependency>
110122
<groupId>com.google.guava</groupId>
111123
<artifactId>guava</artifactId>
@@ -1655,6 +1667,10 @@
16551667
<pattern>org.roaringbitmap</pattern>
16561668
<shadedPattern>${shadeBase}.org.roaringbitmap</shadedPattern>
16571669
</relocation>
1670+
<relocation>
1671+
<pattern>org.jspecify</pattern>
1672+
<shadedPattern>${shadeBase}.org.jspecify</shadedPattern>
1673+
</relocation>
16581674
</relocations>
16591675
<filters>
16601676
<filter>

scripts/process_licenses.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,7 @@
4848
"com.google.guava:guava": APACHE_LICENSE,
4949
"com.google.guava:failureaccess": APACHE_LICENSE,
5050
"com.google.guava:listenablefuture": APACHE_LICENSE,
51+
"org.jspecify:jspecify": APACHE_LICENSE,
5152
"com.google.errorprone:error_prone_annotations": APACHE_LICENSE,
5253
"com.google.j2objc:j2objc-annotations": APACHE_LICENSE,
5354
"com.nimbusds:nimbus-jose-jwt": APACHE_LICENSE,

0 commit comments

Comments
 (0)