From e6a042b9e0b7565017a03fdbeb9af4c709237d6c Mon Sep 17 00:00:00 2001 From: Max Lapan Date: Wed, 17 Apr 2024 15:22:14 +0200 Subject: [PATCH] Fix CVEs (#308) * Upgrade deps * PK fix * Update task ref * Disable path warnings * Add maven-compiler-plugin section * Disable processing warnings * Suppress unchecked cast warning * Downgrade netty * Downgrade extension-manager-integration-test-java * Rollback other upgrades * Fix duplicate in new commons-configuration2 * Exclude old jersey from spark * PK * More exclusions * Add server dep * More glassfish * Change scope * Try to drop exclude * More upgrades * Exclude back * Release date * Gitattributes --- .gitattributes | 1 + .github/workflows/broken_links_checker.yml | 3 + .github/workflows/dependencies_check.yml | 78 ++-- .github/workflows/dependencies_update.yml | 133 +++--- .github/workflows/release.yml | 219 ++++++++++ ...elease_droid_prepare_original_checksum.yml | 55 --- .../release_droid_print_quick_checksum.yml | 26 -- ...ase_droid_upload_github_release_assets.yml | 54 --- dependencies.md | 381 +++++++++--------- doc/changes/changelog.md | 1 + doc/changes/changes_2.7.12.md | 45 +++ doc/user_guide/user_guide.md | 20 +- pk_generated_parent.pom | 17 +- pom.xml | 102 ++++- src/test/java/org/apache/log4j/MDC.java | 3 +- 15 files changed, 695 insertions(+), 443 deletions(-) create mode 100644 .github/workflows/release.yml delete mode 100644 .github/workflows/release_droid_prepare_original_checksum.yml delete mode 100644 .github/workflows/release_droid_print_quick_checksum.yml delete mode 100644 .github/workflows/release_droid_upload_github_release_assets.yml create mode 100644 doc/changes/changes_2.7.12.md diff --git a/.gitattributes b/.gitattributes index 4c97d548..9519524e 100644 --- a/.gitattributes +++ b/.gitattributes @@ -3,6 +3,7 @@ .github/workflows/dependencies_check.yml linguist-generated=true .github/workflows/dependencies_update.yml linguist-generated=true .github/workflows/release_droid_print_quick_checksum.yml linguist-generated=true +.github/workflows/release.yml linguist-generated=true .settings/org.eclipse.jdt.core.prefs linguist-generated=true .settings/org.eclipse.jdt.ui.prefs linguist-generated=true dependencies.md linguist-generated=true diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml index 0fbcad58..d7a38b46 100644 --- a/.github/workflows/broken_links_checker.yml +++ b/.github/workflows/broken_links_checker.yml @@ -13,6 +13,9 @@ on: jobs: linkChecker: runs-on: ubuntu-latest + defaults: + run: + shell: "bash" concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml index 6926e55c..9c2365cf 100644 --- a/.github/workflows/dependencies_check.yml +++ b/.github/workflows/dependencies_check.yml @@ -1,64 +1,80 @@ -# Generated by Project Keeper -# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/dependencies_check.yml +# This file was generated by Project Keeper. name: Report Security Issues on: - workflow_dispatch: + workflow_dispatch: null schedule: - - cron: "0 2 * * *" - + - { + cron: 0 2 * * * + } jobs: report_security_issues: runs-on: ubuntu-latest - permissions: - contents: read + defaults: + run: { + shell: bash + } + permissions: { + contents: read, issues: write - outputs: - created-issues: ${{ steps.security-issues.outputs.created-issues }} + } + outputs: { + created-issues: '${{ steps.security-issues.outputs.created-issues }}' + } + concurrency: { + group: '${{ github.workflow }}-report_security_issues', + cancel-in-progress: true + } steps: - - uses: actions/checkout@v4 - + - { + name: Checkout, + id: checkout, + uses: actions/checkout@v4 + } - name: Set up JDKs + id: setup-jdks uses: actions/setup-java@v4 with: - distribution: "temurin" + distribution: temurin java-version: | 11 17 - cache: "maven" - + cache: maven - name: Generate ossindex report + id: ossindex-report run: | mvn --batch-mode org.sonatype.ossindex.maven:ossindex-maven-plugin:audit \ org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate \ -Dossindex.reportFile=$(pwd)/ossindex-report.json \ -Dossindex.fail=false - - name: Report Security Issues id: security-issues uses: exasol/python-toolbox/.github/actions/security-issues@main - with: - format: "maven" - command: "cat ossindex-report.json" - github-token: ${{ secrets.GITHUB_TOKEN }} - + with: { + format: maven, + command: cat ossindex-report.json, + github-token: '${{ secrets.GITHUB_TOKEN }}' + } - name: Output security issues (Debugging) + id: debug-print-security-issues run: | echo "$CREATED_ISSUES" > test.jsonl cat test.jsonl - env: - CREATED_ISSUES: ${{ steps.security-issues.outputs.created-issues }} - + env: { + CREATED_ISSUES: '${{ steps.security-issues.outputs.created-issues }}' + } start_dependency_udpate: needs: report_security_issues if: ${{ needs.report_security_issues.outputs.created-issues }} - concurrency: - cancel-in-progress: true - group: "dependency_update" - # Workflow needs secret INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK + concurrency: { + group: '${{ github.workflow }}-start_dependency_update', + cancel-in-progress: false + } secrets: inherit - permissions: - contents: write + permissions: { + contents: write, pull-requests: write + } uses: ./.github/workflows/dependencies_update.yml - with: - vulnerability_issues: ${{ needs.report_security_issues.outputs.created-issues }} + with: { + vulnerability_issues: '${{ needs.report_security_issues.outputs.created-issues }}' + } diff --git a/.github/workflows/dependencies_update.yml b/.github/workflows/dependencies_update.yml index 58222ba5..9f536ee3 100644 --- a/.github/workflows/dependencies_update.yml +++ b/.github/workflows/dependencies_update.yml @@ -1,70 +1,76 @@ -# Generated by Project Keeper -# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/dependencies_update.yml +# This file was generated by Project Keeper. name: Update dependencies on: workflow_call: inputs: - vulnerability_issues: - description: "GitHub issues for vulnerable dependencies as JSONL" - required: true + vulnerability_issues: { + description: GitHub issues for vulnerable dependencies as JSONL, + required: true, type: string - workflow_dispatch: - + } + workflow_dispatch: null jobs: update_dependencies: runs-on: ubuntu-latest - permissions: - contents: write + defaults: + run: { + shell: bash + } + permissions: { + contents: write, pull-requests: write - + } + concurrency: { + group: '${{ github.workflow }}', + cancel-in-progress: false + } steps: - uses: actions/checkout@v4 - with: + id: checkout + with: { fetch-depth: 0 - + } - name: Set up JDKs + id: setup-jdks uses: actions/setup-java@v4 with: - distribution: "temurin" + distribution: temurin java-version: | 11 17 - cache: "maven" - + cache: maven - name: Print issues + id: debug-print-issues run: | echo "Issues from Action input: $ISSUES" - env: - ISSUES: ${{ inputs.vulnerability_issues }} - + env: { + ISSUES: '${{ inputs.vulnerability_issues }}' + } - name: Fail if not running on a branch + id: check-branch if: ${{ !startsWith(github.ref, 'refs/heads/') }} uses: actions/github-script@v7 with: script: | core.setFailed('Not running on a branch, github.ref is ${{ github.ref }}. Please start this workflow only on main or a branch') - - name: Update dependencies + id: update-dependencies run: | mvn --batch-mode com.exasol:project-keeper-maven-plugin:update-dependencies --projects . \ -Dproject-keeper:vulnerabilities="$CREATED_ISSUES" - env: - CREATED_ISSUES: ${{ inputs.vulnerability_issues }} - + env: { + CREATED_ISSUES: '${{ inputs.vulnerability_issues }}' + } - name: Project Keeper Fix + id: project-keeper-fix run: | mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects . - - name: Project Keeper Fix for updated Project Keeper version - # Calling PK fix a second time is necessary because the first invocation potentially updated PK itself. - # So we need to run PK fix again with the latest PK version. - # [impl->dsn~dependency-updater.workflow.start-pk-fix~1] + id: project-keeper-fix-2 run: | mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects . - - name: Generate Pull Request comment id: pr-comment - # [impl->dsn~dependency-updater.workflow.pull-request-trigger-ci-build~1] run: | echo 'comment<> "$GITHUB_OUTPUT" echo 'This Pull Request was created by [`dependencies_update.yml`](https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/dependencies_update.yml) workflow.' >> "$GITHUB_OUTPUT" @@ -81,9 +87,9 @@ jobs: echo 'EOF' >> "$GITHUB_OUTPUT" cat "$GITHUB_OUTPUT" - env: - CREATED_ISSUES: ${{ inputs.vulnerability_issues }} - + env: { + CREATED_ISSUES: '${{ inputs.vulnerability_issues }}' + } - name: Generate Pull Request Title id: pr-title run: | @@ -96,22 +102,23 @@ jobs: fi cat "$GITHUB_OUTPUT" - env: - CREATED_ISSUES: ${{ inputs.vulnerability_issues }} - + env: { + CREATED_ISSUES: '${{ inputs.vulnerability_issues }}' + } - name: Configure git + id: configure-git run: | git config --global user.email "opensource@exasol.com" git config --global user.name "Automatic Dependency Updater" - - name: Create branch + id: create-branch if: ${{ github.ref == 'refs/heads/main' }} run: | branch_name="dependency-update/$(date "+%Y%m%d%H%M%S")" echo "Creating branch $branch_name" git checkout -b "$branch_name" - - name: Commit changes & push + id: publish-branch if: ${{ startsWith(github.ref, 'refs/heads/' ) }} run: | branch_name=$(git rev-parse --abbrev-ref HEAD) @@ -129,9 +136,9 @@ jobs: echo "Pushing branch $branch_name..." git push --set-upstream origin "$branch_name" echo "Done." - env: - TITLE: ${{ steps.pr-title.outputs.title }} - + env: { + TITLE: '${{ steps.pr-title.outputs.title }}' + } - name: Create pull request id: create-pr if: ${{ github.ref == 'refs/heads/main' }} @@ -139,31 +146,35 @@ jobs: pr_url=$(gh pr create --base main --title "$TITLE" --body "$COMMENT") echo "Created Pull Request: $pr_url" echo "pr_url=$pr_url" >> "$GITHUB_OUTPUT" - env: - COMMENT: ${{ steps.pr-comment.outputs.comment }} - TITLE: ${{ steps.pr-title.outputs.title }} - GH_TOKEN: ${{ github.token }} - + env: { + COMMENT: '${{ steps.pr-comment.outputs.comment }}', + TITLE: '${{ steps.pr-title.outputs.title }}', + GH_TOKEN: '${{ github.token }}' + } - name: Report failure Status to Slack channel - # Also run this step in case of failures + id: report-failure-slack if: ${{ always() }} uses: ravsamhq/notify-slack-action@v2 - with: - status: ${{ job.status }} - token: ${{ secrets.GITHUB_TOKEN }} - notification_title: "Dependency check in {repo} has {status_message}" - message_format: "{emoji} *{workflow}* {status_message} in <{repo_url}|{repo}>" - notify_when: "failure,cancelled,warnings" - env: - SLACK_WEBHOOK_URL: ${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }} - + with: { + status: '${{ job.status }}', + token: '${{ secrets.GITHUB_TOKEN }}', + notification_title: 'Dependency check in {repo} has {status_message}', + message_format: '{emoji} *{workflow}* {status_message} in <{repo_url}|{repo}>', + notify_when: 'failure,cancelled,warnings' + } + env: { + SLACK_WEBHOOK_URL: '${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}' + } - name: Report new Pull Request to Slack channel + id: report-pr-slack if: ${{ steps.create-pr.outputs.pr_url }} uses: ravsamhq/notify-slack-action@v2 - with: - status: ${{ job.status }} - token: ${{ secrets.GITHUB_TOKEN }} - notification_title: "Dependency update for {repo} created a Pull Request" - message_format: "{workflow} created Pull Request ${{ steps.create-pr.outputs.pr_url }}" - env: - SLACK_WEBHOOK_URL: ${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }} + with: { + status: '${{ job.status }}', + token: '${{ secrets.GITHUB_TOKEN }}', + notification_title: 'Dependency update for {repo} created a Pull Request', + message_format: '{workflow} created Pull Request ${{ steps.create-pr.outputs.pr_url }}' + } + env: { + SLACK_WEBHOOK_URL: '${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}' + } diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..2a8bbf7a --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,219 @@ +# This file was generated by Project Keeper. +name: Release +on: + workflow_call: + inputs: + started-from-ci: { + description: 'Marks this release as started from CI, skipping precondition check', + type: boolean, + required: true, + default: false + } + workflow_dispatch: + inputs: + skip-maven-central: { + description: Skip deployment to Maven Central, + required: true, + type: boolean, + default: false + } + skip-github-release: { + description: Skip creating the GitHub release, + required: true, + type: boolean, + default: false + } +jobs: + release: + runs-on: ubuntu-latest + defaults: + run: { + shell: bash + } + concurrency: { + group: '${{ github.workflow }}', + cancel-in-progress: false + } + permissions: { + contents: write, + actions: read, + issues: read + } + steps: + - name: Checkout the repository + id: checkout + uses: actions/checkout@v4 + with: { + fetch-depth: 0 + } + - name: Set up Maven Central Repository + id: configure-maven-central-credentials + if: ${{ false }} + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: | + 11 + 17 + cache: maven + server-id: ossrh + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }} + gpg-passphrase: MAVEN_GPG_PASSPHRASE + - name: Set up JDKs + id: setup-jdks + if: ${{ ! false }} + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: | + 11 + 17 + cache: maven + - name: Fail if not running on main branch + id: check-main-branch + if: ${{ github.ref != 'refs/heads/main' }} + uses: actions/github-script@v7 + with: + script: | + core.setFailed('Not running on main branch, github.ref is ${{ github.ref }}. Please start this workflow only on main') + - name: Check CI build of this commit succeeded + id: check-ci-build-status + if: ${{ ! inputs.started-from-ci }} + run: | + echo "Commit SHA: $COMMIT_SHA" + gh run list --workflow ci-build.yml --branch main --event push --commit $COMMIT_SHA + ci_build_status=$(gh run list --workflow ci-build.yml --branch main --event push --commit $COMMIT_SHA --json conclusion --template '{{range .}}{{.conclusion}}{{"\n"}}{{end}}') + echo "CI build status at commit $COMMIT_SHA was '$ci_build_status'" + if [[ "$ci_build_status" != "success" ]]; then + gh run list --workflow ci-build.yml --commit $COMMIT_SHA >> $GITHUB_STEP_SUMMARY + echo "Status of CI build for commit $COMMIT_SHA was '$ci_build_status', expected 'success'" >> $GITHUB_STEP_SUMMARY + cat $GITHUB_STEP_SUMMARY + exit 1 + fi + env: { + COMMIT_SHA: '${{ github.sha }}', + GH_TOKEN: '${{ github.token }}' + } + - name: Verify release preconditions + id: verify-release + run: | + mvn --batch-mode com.exasol:project-keeper-maven-plugin:verify-release --projects . + echo "$GITHUB_OUTPUT" + env: { + GITHUB_TOKEN: '${{ github.token }}' + } + - { + name: Build project, + id: build, + run: mvn --batch-mode -DskipTests clean verify + } + - { + name: List secret GPG keys, + id: list-secret-gpg-keys, + if: '${{ false && (! inputs.skip-maven-central) }}', + run: gpg --list-secret-keys + } + - name: Publish to Central Repository + id: deploy-maven-central + if: ${{ false && (! inputs.skip-maven-central) }} + run: | + echo "#### Maven Central Release" >> "$GITHUB_STEP_SUMMARY" + mvn --batch-mode -Dgpg.skip=false -DskipTests deploy + echo "Published to Maven Central ✅" >> "$GITHUB_STEP_SUMMARY" + env: { + MAVEN_USERNAME: '${{ secrets.OSSRH_USERNAME }}', + MAVEN_PASSWORD: '${{ secrets.OSSRH_PASSWORD }}', + MAVEN_GPG_PASSPHRASE: '${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}' + } + - name: Calculate Artifact Checksums + id: artifact-checksum + if: ${{ ! inputs.skip-github-release }} + run: | + echo "Calculating sha256 checksum for artifact files" + echo "artifacts<> "$GITHUB_OUTPUT" + IFS=$'\n' artifacts_array=($ARTIFACTS) + for file in "${artifacts_array[@]}"; + do + full_path=$(realpath "$file") + echo "Calculate sha256sum for file '$full_path'" + file_dir="$(dirname "$full_path")" + file_name=$(basename "$full_path") + pushd "$file_dir" + checksum_file_name="${file_name}.sha256" + sha256sum "$file_name" > "$checksum_file_name" + echo "$full_path" >> "$GITHUB_OUTPUT" + echo "${file_dir}/$checksum_file_name" >> "$GITHUB_OUTPUT" + popd + done + echo "EOF" >> "$GITHUB_OUTPUT" + echo "Full artifact file list" + cat "$GITHUB_OUTPUT" + env: { + ARTIFACTS: '${{ steps.verify-release.outputs.release-artifacts }}' + } + - name: Create GitHub Release + id: create-github-release + if: ${{ ! inputs.skip-github-release }} + run: | + echo "### GitHub Release" >> "$GITHUB_STEP_SUMMARY" + IFS=$'\n' artifacts_array=($ARTIFACTS) + echo "#### Attaching Release Artifacts" >> "$GITHUB_STEP_SUMMARY" + for file in "${artifacts_array[@]}"; + do + echo "Attaching artifact '$file'" + echo "* \`$file\`" >> "$GITHUB_STEP_SUMMARY" + done + echo "" >> "$GITHUB_STEP_SUMMARY" + release_url=$(gh release create --latest --title "$TITLE" --notes "$NOTES" --target main $TAG "${artifacts_array[@]}") + echo "Created release $TAG with title '$TITLE' at $release_url ✅" >> "$GITHUB_STEP_SUMMARY" + echo "release-url=$release_url" >> "$GITHUB_OUTPUT" + + # [impl->dsn~release-workflow.create-golang-tags~1] + echo "#### Creating Additional Tags" >> "$GITHUB_STEP_SUMMARY" + IFS=$'\n' tags_array=($ADDITIONAL_TAGS) + for tag in "${tags_array[@]}"; + do + echo "Creating tag '$tag'" + git tag "$tag" + git push origin "$tag" + echo "* \`$tag\`" >> "$GITHUB_STEP_SUMMARY" + done + + git fetch --tags origin + env: { + GH_TOKEN: '${{ github.token }}', + TAG: '${{ steps.verify-release.outputs.release-tag }}', + ADDITIONAL_TAGS: '${{ steps.verify-release.outputs.additional-release-tags }}', + NOTES: '${{ steps.verify-release.outputs.release-notes }}', + TITLE: '${{ steps.verify-release.outputs.release-title }}', + ARTIFACTS: '${{ steps.artifact-checksum.outputs.artifacts }}' + } + - name: Report failure Status to Slack channel + id: report-failure-status-slack + if: ${{ always() }} + uses: ravsamhq/notify-slack-action@v2 + with: { + status: '${{ job.status }}', + token: '${{ github.token }}', + notification_title: 'Release build in {repo} has {status_message}', + message_format: '{emoji} *{workflow}* {status_message} in <{repo_url}|{repo}>', + notify_when: 'failure,cancelled,warnings,skipped' + } + env: { + SLACK_WEBHOOK_URL: '${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}' + } + - name: Report new release to Slack channel + id: report-new-release-slack + if: ${{ steps.create-github-release.outputs.release-url }} + uses: ravsamhq/notify-slack-action@v2 + with: { + status: '${{ job.status }}', + token: '${{ github.token }}', + notification_title: 'Release build for {repo} created a new release', + message_format: '{workflow} created release ${{ steps.create-github-release.outputs.release-url }}' + } + env: { + SLACK_WEBHOOK_URL: '${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}' + } diff --git a/.github/workflows/release_droid_prepare_original_checksum.yml b/.github/workflows/release_droid_prepare_original_checksum.yml deleted file mode 100644 index ae937252..00000000 --- a/.github/workflows/release_droid_prepare_original_checksum.yml +++ /dev/null @@ -1,55 +0,0 @@ -name: Release Droid - Prepare Original Checksum -on: - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-20.04 # UDFs fail with "VM error: Internal error: VM crashed" on ubuntu-latest - steps: - - name: Free Disk Space - run: | - sudo rm -rf /usr/local/lib/android - sudo rm -rf /usr/share/dotnet - - name: Checkout the repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Set up JDKs - uses: actions/setup-java@v4 - with: - distribution: "temurin" - java-version: | - 11 - 17 - cache: "maven" - - name: Set up Go - uses: actions/setup-go@v3 - with: - go-version: "1.22" - - name: Enable testcontainer reuse - run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties" - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@main - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - - # all of these default to true, but feel free to set to - # "false" if necessary for your workflow - android: true - dotnet: true - haskell: true - large-packages: true - docker-images: true - swap-storage: true - - name: Run tests and build with Maven - run: mvn --batch-mode clean verify --file pom.xml - - name: Prepare checksum - run: find target -maxdepth 1 -name *.jar -exec sha256sum "{}" + > original_checksum - - name: Upload checksum to the artifactory - uses: actions/upload-artifact@v4 - with: - name: original_checksum - retention-days: 5 - path: original_checksum diff --git a/.github/workflows/release_droid_print_quick_checksum.yml b/.github/workflows/release_droid_print_quick_checksum.yml deleted file mode 100644 index 86979cd0..00000000 --- a/.github/workflows/release_droid_print_quick_checksum.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Generated by Project Keeper -# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/release_droid_print_quick_checksum.yml -name: Release Droid - Print Quick Checksum -on: - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Checkout the repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Set up JDKs - uses: actions/setup-java@v4 - with: - distribution: "temurin" - java-version: | - 11 - 17 - cache: "maven" - - name: Build with Maven skipping tests - run: mvn --batch-mode clean verify -DskipTests - - name: Print checksum - run: echo 'checksum_start==';find target -maxdepth 1 -name *.jar -exec sha256sum "{}" + | xargs;echo '==checksum_end' diff --git a/.github/workflows/release_droid_upload_github_release_assets.yml b/.github/workflows/release_droid_upload_github_release_assets.yml deleted file mode 100644 index 94187c61..00000000 --- a/.github/workflows/release_droid_upload_github_release_assets.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: Release Droid - Upload GitHub Release Assets -on: - workflow_dispatch: - inputs: - upload_url: - description: "Assets upload URL" - required: true - -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Checkout the repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Set up JDKs - uses: actions/setup-java@v4 - with: - distribution: "temurin" - java-version: | - 11 - 17 - cache: "maven" - - name: Build with Maven skipping tests - run: mvn --batch-mode clean verify -DskipTests - - name: Generate sha256sum files - run: | - cd target - find . -maxdepth 1 -name \*.jar -exec bash -c 'sha256sum {} > {}.sha256' \; - - name: Generate sha256sum files for extension - run: | - cd extension/dist/ - sha256sum cloud-storage-extension.js > cloud-storage-extension.js.sha256 - - name: Upload assets to the GitHub release draft - uses: shogo82148/actions-upload-release-asset@v1 - with: - upload_url: ${{ github.event.inputs.upload_url }} - asset_path: target/*.jar - - name: Upload extension - uses: shogo82148/actions-upload-release-asset@v1 - with: - upload_url: ${{ github.event.inputs.upload_url }} - asset_path: extension/dist/cloud-storage-extension.js* - - name: Upload sha256sum files - uses: shogo82148/actions-upload-release-asset@v1 - with: - upload_url: ${{ github.event.inputs.upload_url }} - asset_path: target/*.sha256 - - name: Upload error-code-report - uses: shogo82148/actions-upload-release-asset@v1 - with: - upload_url: ${{ github.event.inputs.upload_url }} - asset_path: target/error_code_report.json diff --git a/dependencies.md b/dependencies.md index 52a4df34..b7322e29 100644 --- a/dependencies.md +++ b/dependencies.md @@ -5,99 +5,105 @@ ### Compile Dependencies -| Dependency | License | -| ------------------------------------------ | --------------------------------------------- | -| [Scala Library][0] | [Apache-2.0][1] | -| [Apache Commons Lang][2] | [Apache-2.0][3] | -| [Guava: Google Core Libraries for Java][4] | [Apache License, Version 2.0][5] | -| [io.grpc:grpc-netty][6] | [Apache 2.0][7] | -| [Netty/Handler][8] | [Apache License, Version 2.0][1] | -| [snappy-java][9] | [Apache-2.0][10] | -| [Import Export UDF Common Scala][11] | [MIT License][12] | -| [error-reporting-java][13] | [MIT License][14] | -| Apache Hadoop Common | [Apache License, Version 2.0][3] | -| Apache Hadoop Amazon Web Services support | [Apache License, Version 2.0][3] | -| [Apache ZooKeeper - Server][15] | [Apache License, Version 2.0][3] | -| Apache Hadoop Azure support | [Apache License, Version 2.0][3] | -| Apache Hadoop Azure Data Lake support | [Apache License, Version 2.0][3] | -| Apache Hadoop HDFS | [Apache License, Version 2.0][3] | -| Apache Hadoop HDFS Client | [Apache License, Version 2.0][3] | -| [Kotlin Stdlib][16] | [The Apache License, Version 2.0][5] | -| [Alluxio Core - Client - HDFS][17] | [Apache License][18] | -| [Metrics Core][19] | [Apache License 2.0][10] | -| [Protocol Buffers [Core]][20] | [BSD-3-Clause][21] | -| [gcs-connector-hadoop3][22] | [Apache License, Version 2.0][5] | -| [Google OAuth Client Library for Java][23] | [The Apache Software License, Version 2.0][3] | -| [ORC Core][24] | [Apache License, Version 2.0][3] | -| [Apache Avro][25] | [Apache-2.0][3] | -| [Apache Commons Compress][26] | [Apache-2.0][3] | -| [Nimbus JOSE+JWT][27] | [The Apache Software License, Version 2.0][3] | -| [delta-core][28] | [Apache-2.0][29] | -| [Spark Project SQL][30] | [Apache 2.0 License][31] | -| [Apache Ivy][32] | [The Apache Software License, Version 2.0][5] | -| [Parquet for Java][33] | [MIT License][34] | -| [JUL to SLF4J bridge][35] | [MIT License][36] | -| [Apache Log4j API][37] | [Apache-2.0][3] | -| [Apache Log4j 1.x Compatibility API][38] | [Apache-2.0][3] | -| [Apache Log4j Core][39] | [Apache-2.0][3] | -| [scala-logging][40] | [Apache 2.0 License][31] | +| Dependency | License | +| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [Scala Library][0] | [Apache-2.0][1] | +| [Apache Commons Lang][2] | [Apache-2.0][3] | +| [Apache Commons Configuration][4] | [Apache-2.0][3] | +| [Guava: Google Core Libraries for Java][5] | [Apache License, Version 2.0][6] | +| [io.grpc:grpc-netty][7] | [Apache 2.0][8] | +| [Netty/Codec/HTTP2][9] | [Apache License, Version 2.0][1] | +| [snappy-java][10] | [Apache-2.0][11] | +| [Import Export UDF Common Scala][12] | [MIT License][13] | +| [error-reporting-java][14] | [MIT License][15] | +| Apache Hadoop Common | [Apache License, Version 2.0][3] | +| Apache Hadoop Amazon Web Services support | [Apache License, Version 2.0][3] | +| [Apache ZooKeeper - Server][16] | [Apache License, Version 2.0][3] | +| Apache Hadoop Azure support | [Apache License, Version 2.0][3] | +| Apache Hadoop Azure Data Lake support | [Apache License, Version 2.0][3] | +| Apache Hadoop HDFS | [Apache License, Version 2.0][3] | +| Apache Hadoop HDFS Client | [Apache License, Version 2.0][3] | +| [Kotlin Stdlib][17] | [The Apache License, Version 2.0][6] | +| [Alluxio Core - Client - HDFS][18] | [Apache License][19] | +| [Metrics Core][20] | [Apache License 2.0][11] | +| [Protocol Buffers [Core]][21] | [BSD-3-Clause][22] | +| [gcs-connector-hadoop3][23] | [Apache License, Version 2.0][6] | +| [Google OAuth Client Library for Java][24] | [The Apache Software License, Version 2.0][3] | +| [ORC Core][25] | [Apache License, Version 2.0][3] | +| [Apache Avro][26] | [Apache-2.0][3] | +| [Apache Commons Compress][27] | [Apache-2.0][3] | +| [Nimbus JOSE+JWT][28] | [The Apache Software License, Version 2.0][3] | +| [delta-core][29] | [Apache-2.0][30] | +| [Spark Project SQL][31] | [Apache 2.0 License][32] | +| [Apache Ivy][33] | [The Apache Software License, Version 2.0][6] | +| [Parquet for Java][34] | [MIT License][35] | +| [JUL to SLF4J bridge][36] | [MIT License][37] | +| [Apache Log4j API][38] | [Apache-2.0][3] | +| [Apache Log4j 1.x Compatibility API][39] | [Apache-2.0][3] | +| [Apache Log4j Core][40] | [Apache-2.0][3] | +| [scala-logging][41] | [Apache 2.0 License][32] | +| [jersey-core-common][42] | [EPL 2.0][43]; [The GNU General Public License (GPL), Version 2, With Classpath Exception][44]; [Apache License, 2.0][32]; [Public Domain][45] | +| [jersey-core-client][46] | [EPL 2.0][43]; [GPL2 w/ CPE][44]; [EDL 1.0][47]; [BSD 2-Clause][48]; [Apache License, 2.0][32]; [Public Domain][45]; [Modified BSD][49]; [jQuery license][50]; [MIT license][37]; [W3C license][51] | +| [jersey-core-server][52] | [EPL 2.0][43]; [The GNU General Public License (GPL), Version 2, With Classpath Exception][44]; [Apache License, 2.0][32]; [Modified BSD][49] | +| [jersey-container-servlet][53] | [EPL 2.0][43]; [GPL2 w/ CPE][44]; [EDL 1.0][47]; [BSD 2-Clause][48]; [Apache License, 2.0][32]; [Public Domain][45]; [Modified BSD][49]; [jQuery license][50]; [MIT license][37]; [W3C license][51] | +| [jersey-container-servlet-core][54] | [EPL 2.0][43]; [GPL2 w/ CPE][44]; [EDL 1.0][47]; [BSD 2-Clause][48]; [Apache License, 2.0][32]; [Public Domain][45]; [Modified BSD][49]; [jQuery license][50]; [MIT license][37]; [W3C license][51] | +| [jersey-inject-hk2][55] | [EPL 2.0][43]; [GPL2 w/ CPE][44]; [EDL 1.0][47]; [BSD 2-Clause][48]; [Apache License, 2.0][32]; [Public Domain][45]; [Modified BSD][49]; [jQuery license][50]; [MIT license][37]; [W3C license][51] | ### Test Dependencies -| Dependency | License | -| ------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------- | -| [scalatest][41] | [the Apache License, ASL Version 2.0][29] | -| [scalatestplus-mockito][42] | [Apache-2.0][29] | -| [mockito-core][43] | [MIT][44] | -| [Hamcrest][45] | [BSD License 3][46] | -| [testcontainers-scala-scalatest][47] | [The MIT License (MIT)][44] | -| [Testcontainers :: Localstack][48] | [MIT][49] | -| [Test containers for Exasol on Docker][50] | [MIT License][51] | -| [Test Database Builder for Java][52] | [MIT License][53] | -| [Matcher for SQL Result Sets][54] | [MIT License][55] | -| [EqualsVerifier \| release normal jar][56] | [Apache License, Version 2.0][3] | -| [JUnit Jupiter Engine][57] | [Eclipse Public License v2.0][58] | -| [Maven Project Version Getter][59] | [MIT License][60] | -| [Extension integration tests library][61] | [MIT License][62] | -| [jersey-core-common][63] | [EPL 2.0][64]; [The GNU General Public License (GPL), Version 2, With Classpath Exception][65]; [Apache License, 2.0][31]; [Public Domain][66] | +| Dependency | License | +| ------------------------------------------ | ----------------------------------------- | +| [scalatest][56] | [the Apache License, ASL Version 2.0][30] | +| [scalatestplus-mockito][57] | [Apache-2.0][30] | +| [mockito-core][58] | [MIT][59] | +| [Hamcrest][60] | [BSD License 3][61] | +| [testcontainers-scala-scalatest][62] | [The MIT License (MIT)][59] | +| [Testcontainers :: Localstack][63] | [MIT][64] | +| [Test containers for Exasol on Docker][65] | [MIT License][66] | +| [Test Database Builder for Java][67] | [MIT License][68] | +| [Matcher for SQL Result Sets][69] | [MIT License][70] | +| [EqualsVerifier \| release normal jar][71] | [Apache License, Version 2.0][3] | +| [JUnit Jupiter Engine][72] | [Eclipse Public License v2.0][73] | +| [Maven Project Version Getter][74] | [MIT License][75] | +| [Extension integration tests library][76] | [MIT License][77] | ### Runtime Dependencies | Dependency | License | | ---------------------------- | ----------------------------------------------------------------------------- | -| [Logback Classic Module][67] | [Eclipse Public License - v 1.0][68]; [GNU Lesser General Public License][69] | -| [Logback Core Module][70] | [Eclipse Public License - v 1.0][68]; [GNU Lesser General Public License][69] | +| [Logback Classic Module][78] | [Eclipse Public License - v 1.0][79]; [GNU Lesser General Public License][80] | +| [Logback Core Module][81] | [Eclipse Public License - v 1.0][79]; [GNU Lesser General Public License][80] | ### Plugin Dependencies | Dependency | License | | ------------------------------------------------------- | --------------------------------------------- | -| [SonarQube Scanner for Maven][71] | [GNU LGPL 3][72] | -| [Apache Maven Toolchains Plugin][73] | [Apache License, Version 2.0][3] | -| [Apache Maven Compiler Plugin][74] | [Apache-2.0][3] | -| [Apache Maven Enforcer Plugin][75] | [Apache-2.0][3] | -| [Maven Flatten Plugin][76] | [Apache Software Licenese][3] | -| [org.sonatype.ossindex.maven:ossindex-maven-plugin][77] | [ASL2][5] | -| [scala-maven-plugin][78] | [Public domain (Unlicense)][79] | -| [ScalaTest Maven Plugin][80] | [the Apache License, ASL Version 2.0][29] | -| [Apache Maven Javadoc Plugin][81] | [Apache-2.0][3] | -| [Maven Surefire Plugin][82] | [Apache-2.0][3] | -| [Versions Maven Plugin][83] | [Apache License, Version 2.0][3] | -| [duplicate-finder-maven-plugin Maven Mojo][84] | [Apache License 2.0][31] | -| [Apache Maven Assembly Plugin][85] | [Apache-2.0][3] | -| [Apache Maven JAR Plugin][86] | [Apache License, Version 2.0][3] | -| [Artifact reference checker and unifier][87] | [MIT License][88] | -| [Maven Failsafe Plugin][89] | [Apache-2.0][3] | -| [JaCoCo :: Maven Plugin][90] | [Eclipse Public License 2.0][91] | -| [error-code-crawler-maven-plugin][92] | [MIT License][93] | -| [Reproducible Build Maven Plugin][94] | [Apache 2.0][5] | -| [Project Keeper Maven plugin][95] | [The MIT License][96] | -| [OpenFastTrace Maven Plugin][97] | [GNU General Public License v3.0][98] | -| [Scalastyle Maven Plugin][99] | [Apache 2.0][31] | -| [spotless-maven-plugin][100] | [The Apache Software License, Version 2.0][3] | -| [scalafix-maven-plugin][101] | [BSD-3-Clause][21] | -| [Exec Maven Plugin][102] | [Apache License 2][3] | -| [Apache Maven Clean Plugin][103] | [Apache-2.0][3] | +| [SonarQube Scanner for Maven][82] | [GNU LGPL 3][83] | +| [Apache Maven Toolchains Plugin][84] | [Apache License, Version 2.0][3] | +| [Apache Maven Compiler Plugin][85] | [Apache-2.0][3] | +| [Apache Maven Enforcer Plugin][86] | [Apache-2.0][3] | +| [Maven Flatten Plugin][87] | [Apache Software Licenese][3] | +| [org.sonatype.ossindex.maven:ossindex-maven-plugin][88] | [ASL2][6] | +| [scala-maven-plugin][89] | [Public domain (Unlicense)][90] | +| [ScalaTest Maven Plugin][91] | [the Apache License, ASL Version 2.0][30] | +| [Apache Maven Javadoc Plugin][92] | [Apache-2.0][3] | +| [Maven Surefire Plugin][93] | [Apache-2.0][3] | +| [Versions Maven Plugin][94] | [Apache License, Version 2.0][3] | +| [duplicate-finder-maven-plugin Maven Mojo][95] | [Apache License 2.0][32] | +| [Apache Maven Assembly Plugin][96] | [Apache-2.0][3] | +| [Apache Maven JAR Plugin][97] | [Apache License, Version 2.0][3] | +| [Artifact reference checker and unifier][98] | [MIT License][99] | +| [Maven Failsafe Plugin][100] | [Apache-2.0][3] | +| [JaCoCo :: Maven Plugin][101] | [EPL-2.0][102] | +| [error-code-crawler-maven-plugin][103] | [MIT License][104] | +| [Reproducible Build Maven Plugin][105] | [Apache 2.0][6] | +| [Project Keeper Maven plugin][106] | [The MIT License][107] | +| [OpenFastTrace Maven Plugin][108] | [GNU General Public License v3.0][109] | +| [Scalastyle Maven Plugin][110] | [Apache 2.0][32] | +| [spotless-maven-plugin][111] | [The Apache Software License, Version 2.0][3] | +| [scalafix-maven-plugin][112] | [BSD-3-Clause][22] | +| [Exec Maven Plugin][113] | [Apache License 2][3] | +| [Apache Maven Clean Plugin][114] | [Apache-2.0][3] | ## Extension @@ -105,110 +111,121 @@ | Dependency | License | | ------------------------------------------ | ------- | -| [@exasol/extension-manager-interface][104] | MIT | +| [@exasol/extension-manager-interface][115] | MIT | [0]: https://www.scala-lang.org/ [1]: https://www.apache.org/licenses/LICENSE-2.0 [2]: https://commons.apache.org/proper/commons-lang/ [3]: https://www.apache.org/licenses/LICENSE-2.0.txt -[4]: https://github.com/google/guava -[5]: http://www.apache.org/licenses/LICENSE-2.0.txt -[6]: https://github.com/grpc/grpc-java -[7]: https://opensource.org/licenses/Apache-2.0 -[8]: https://netty.io/netty-handler/ -[9]: https://github.com/xerial/snappy-java -[10]: https://www.apache.org/licenses/LICENSE-2.0.html -[11]: https://github.com/exasol/import-export-udf-common-scala/ -[12]: https://github.com/exasol/import-export-udf-common-scala/blob/main/LICENSE -[13]: https://github.com/exasol/error-reporting-java/ -[14]: https://github.com/exasol/error-reporting-java/blob/main/LICENSE -[15]: http://zookeeper.apache.org/zookeeper -[16]: https://kotlinlang.org/ -[17]: https://www.alluxio.io/alluxio-dora/alluxio-core/alluxio-core-client/alluxio-core-client-hdfs/ -[18]: https://github.com/alluxio/alluxio/blob/master/LICENSE -[19]: https://metrics.dropwizard.io/metrics-core -[20]: https://developers.google.com/protocol-buffers/protobuf-java/ -[21]: https://opensource.org/licenses/BSD-3-Clause -[22]: https://github.com/GoogleCloudPlatform/BigData-interop/gcs-connector/ -[23]: https://github.com/googleapis/google-oauth-java-client/google-oauth-client -[24]: https://orc.apache.org/orc-core -[25]: https://avro.apache.org -[26]: https://commons.apache.org/proper/commons-compress/ -[27]: https://bitbucket.org/connect2id/nimbus-jose-jwt -[28]: https://delta.io/ -[29]: http://www.apache.org/licenses/LICENSE-2.0 -[30]: https://spark.apache.org/ -[31]: http://www.apache.org/licenses/LICENSE-2.0.html -[32]: http://ant.apache.org/ivy/ -[33]: https://github.com/exasol/parquet-io-java/ -[34]: https://github.com/exasol/parquet-io-java/blob/main/LICENSE -[35]: http://www.slf4j.org -[36]: http://www.opensource.org/licenses/mit-license.php -[37]: https://logging.apache.org/log4j/2.x/log4j/log4j-api/ -[38]: https://logging.apache.org/log4j/2.x/log4j/log4j-1.2-api/ -[39]: https://logging.apache.org/log4j/2.x/log4j/log4j-core/ -[40]: https://github.com/lightbend/scala-logging -[41]: http://www.scalatest.org -[42]: https://github.com/scalatest/scalatestplus-mockito -[43]: https://github.com/mockito/mockito -[44]: https://opensource.org/licenses/MIT -[45]: http://hamcrest.org/JavaHamcrest/ -[46]: http://opensource.org/licenses/BSD-3-Clause -[47]: https://github.com/testcontainers/testcontainers-scala -[48]: https://java.testcontainers.org -[49]: http://opensource.org/licenses/MIT -[50]: https://github.com/exasol/exasol-testcontainers/ -[51]: https://github.com/exasol/exasol-testcontainers/blob/main/LICENSE -[52]: https://github.com/exasol/test-db-builder-java/ -[53]: https://github.com/exasol/test-db-builder-java/blob/main/LICENSE -[54]: https://github.com/exasol/hamcrest-resultset-matcher/ -[55]: https://github.com/exasol/hamcrest-resultset-matcher/blob/main/LICENSE -[56]: https://www.jqno.nl/equalsverifier -[57]: https://junit.org/junit5/ -[58]: https://www.eclipse.org/legal/epl-v20.html -[59]: https://github.com/exasol/maven-project-version-getter/ -[60]: https://github.com/exasol/maven-project-version-getter/blob/main/LICENSE -[61]: https://github.com/exasol/extension-manager/ -[62]: https://github.com/exasol/extension-manager/blob/main/LICENSE -[63]: https://projects.eclipse.org/projects/ee4j.jersey/jersey-common -[64]: http://www.eclipse.org/legal/epl-2.0 -[65]: https://www.gnu.org/software/classpath/license.html -[66]: https://creativecommons.org/publicdomain/zero/1.0/ -[67]: http://logback.qos.ch/logback-classic -[68]: http://www.eclipse.org/legal/epl-v10.html -[69]: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html -[70]: http://logback.qos.ch/logback-core -[71]: http://sonarsource.github.io/sonar-scanner-maven/ -[72]: http://www.gnu.org/licenses/lgpl.txt -[73]: https://maven.apache.org/plugins/maven-toolchains-plugin/ -[74]: https://maven.apache.org/plugins/maven-compiler-plugin/ -[75]: https://maven.apache.org/enforcer/maven-enforcer-plugin/ -[76]: https://www.mojohaus.org/flatten-maven-plugin/ -[77]: https://sonatype.github.io/ossindex-maven/maven-plugin/ -[78]: http://github.com/davidB/scala-maven-plugin -[79]: http://unlicense.org/ -[80]: https://www.scalatest.org/user_guide/using_the_scalatest_maven_plugin -[81]: https://maven.apache.org/plugins/maven-javadoc-plugin/ -[82]: https://maven.apache.org/surefire/maven-surefire-plugin/ -[83]: https://www.mojohaus.org/versions/versions-maven-plugin/ -[84]: https://basepom.github.io/duplicate-finder-maven-plugin -[85]: https://maven.apache.org/plugins/maven-assembly-plugin/ -[86]: https://maven.apache.org/plugins/maven-jar-plugin/ -[87]: https://github.com/exasol/artifact-reference-checker-maven-plugin/ -[88]: https://github.com/exasol/artifact-reference-checker-maven-plugin/blob/main/LICENSE -[89]: https://maven.apache.org/surefire/maven-failsafe-plugin/ -[90]: https://www.jacoco.org/jacoco/trunk/doc/maven.html -[91]: https://www.eclipse.org/legal/epl-2.0/ -[92]: https://github.com/exasol/error-code-crawler-maven-plugin/ -[93]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE -[94]: http://zlika.github.io/reproducible-build-maven-plugin -[95]: https://github.com/exasol/project-keeper/ -[96]: https://github.com/exasol/project-keeper/blob/main/LICENSE -[97]: https://github.com/itsallcode/openfasttrace-maven-plugin -[98]: https://www.gnu.org/licenses/gpl-3.0.html -[99]: http://www.scalastyle.org -[100]: https://github.com/diffplug/spotless -[101]: https://github.com/evis/scalafix-maven-plugin -[102]: https://www.mojohaus.org/exec-maven-plugin -[103]: https://maven.apache.org/plugins/maven-clean-plugin/ -[104]: https://registry.npmjs.org/@exasol/extension-manager-interface/-/extension-manager-interface-0.4.1.tgz +[4]: https://commons.apache.org/proper/commons-configuration/ +[5]: https://github.com/google/guava +[6]: http://www.apache.org/licenses/LICENSE-2.0.txt +[7]: https://github.com/grpc/grpc-java +[8]: https://opensource.org/licenses/Apache-2.0 +[9]: https://netty.io/netty-codec-http2/ +[10]: https://github.com/xerial/snappy-java +[11]: https://www.apache.org/licenses/LICENSE-2.0.html +[12]: https://github.com/exasol/import-export-udf-common-scala/ +[13]: https://github.com/exasol/import-export-udf-common-scala/blob/main/LICENSE +[14]: https://github.com/exasol/error-reporting-java/ +[15]: https://github.com/exasol/error-reporting-java/blob/main/LICENSE +[16]: http://zookeeper.apache.org/zookeeper +[17]: https://kotlinlang.org/ +[18]: https://www.alluxio.io/alluxio-dora/alluxio-core/alluxio-core-client/alluxio-core-client-hdfs/ +[19]: https://github.com/alluxio/alluxio/blob/master/LICENSE +[20]: https://metrics.dropwizard.io/metrics-core +[21]: https://developers.google.com/protocol-buffers/protobuf-java/ +[22]: https://opensource.org/licenses/BSD-3-Clause +[23]: https://github.com/GoogleCloudPlatform/BigData-interop/gcs-connector/ +[24]: https://github.com/googleapis/google-oauth-java-client/google-oauth-client +[25]: https://orc.apache.org/orc-core +[26]: https://avro.apache.org +[27]: https://commons.apache.org/proper/commons-compress/ +[28]: https://bitbucket.org/connect2id/nimbus-jose-jwt +[29]: https://delta.io/ +[30]: http://www.apache.org/licenses/LICENSE-2.0 +[31]: https://spark.apache.org/ +[32]: http://www.apache.org/licenses/LICENSE-2.0.html +[33]: http://ant.apache.org/ivy/ +[34]: https://github.com/exasol/parquet-io-java/ +[35]: https://github.com/exasol/parquet-io-java/blob/main/LICENSE +[36]: http://www.slf4j.org +[37]: http://www.opensource.org/licenses/mit-license.php +[38]: https://logging.apache.org/log4j/2.x/log4j/log4j-api/ +[39]: https://logging.apache.org/log4j/2.x/log4j/log4j-1.2-api/ +[40]: https://logging.apache.org/log4j/2.x/log4j/log4j-core/ +[41]: https://github.com/lightbend/scala-logging +[42]: https://projects.eclipse.org/projects/ee4j.jersey/jersey-common +[43]: http://www.eclipse.org/legal/epl-2.0 +[44]: https://www.gnu.org/software/classpath/license.html +[45]: https://creativecommons.org/publicdomain/zero/1.0/ +[46]: https://projects.eclipse.org/projects/ee4j.jersey/jersey-client +[47]: http://www.eclipse.org/org/documents/edl-v10.php +[48]: https://opensource.org/licenses/BSD-2-Clause +[49]: https://asm.ow2.io/license.html +[50]: jquery.org/license +[51]: https://www.w3.org/Consortium/Legal/copyright-documents-19990405 +[52]: https://projects.eclipse.org/projects/ee4j.jersey/jersey-server +[53]: https://projects.eclipse.org/projects/ee4j.jersey/project/jersey-container-servlet +[54]: https://projects.eclipse.org/projects/ee4j.jersey/project/jersey-container-servlet-core +[55]: https://projects.eclipse.org/projects/ee4j.jersey/project/jersey-hk2 +[56]: http://www.scalatest.org +[57]: https://github.com/scalatest/scalatestplus-mockito +[58]: https://github.com/mockito/mockito +[59]: https://opensource.org/licenses/MIT +[60]: http://hamcrest.org/JavaHamcrest/ +[61]: http://opensource.org/licenses/BSD-3-Clause +[62]: https://github.com/testcontainers/testcontainers-scala +[63]: https://java.testcontainers.org +[64]: http://opensource.org/licenses/MIT +[65]: https://github.com/exasol/exasol-testcontainers/ +[66]: https://github.com/exasol/exasol-testcontainers/blob/main/LICENSE +[67]: https://github.com/exasol/test-db-builder-java/ +[68]: https://github.com/exasol/test-db-builder-java/blob/main/LICENSE +[69]: https://github.com/exasol/hamcrest-resultset-matcher/ +[70]: https://github.com/exasol/hamcrest-resultset-matcher/blob/main/LICENSE +[71]: https://www.jqno.nl/equalsverifier +[72]: https://junit.org/junit5/ +[73]: https://www.eclipse.org/legal/epl-v20.html +[74]: https://github.com/exasol/maven-project-version-getter/ +[75]: https://github.com/exasol/maven-project-version-getter/blob/main/LICENSE +[76]: https://github.com/exasol/extension-manager/ +[77]: https://github.com/exasol/extension-manager/blob/main/LICENSE +[78]: http://logback.qos.ch/logback-classic +[79]: http://www.eclipse.org/legal/epl-v10.html +[80]: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html +[81]: http://logback.qos.ch/logback-core +[82]: http://sonarsource.github.io/sonar-scanner-maven/ +[83]: http://www.gnu.org/licenses/lgpl.txt +[84]: https://maven.apache.org/plugins/maven-toolchains-plugin/ +[85]: https://maven.apache.org/plugins/maven-compiler-plugin/ +[86]: https://maven.apache.org/enforcer/maven-enforcer-plugin/ +[87]: https://www.mojohaus.org/flatten-maven-plugin/ +[88]: https://sonatype.github.io/ossindex-maven/maven-plugin/ +[89]: http://github.com/davidB/scala-maven-plugin +[90]: http://unlicense.org/ +[91]: https://www.scalatest.org/user_guide/using_the_scalatest_maven_plugin +[92]: https://maven.apache.org/plugins/maven-javadoc-plugin/ +[93]: https://maven.apache.org/surefire/maven-surefire-plugin/ +[94]: https://www.mojohaus.org/versions/versions-maven-plugin/ +[95]: https://basepom.github.io/duplicate-finder-maven-plugin +[96]: https://maven.apache.org/plugins/maven-assembly-plugin/ +[97]: https://maven.apache.org/plugins/maven-jar-plugin/ +[98]: https://github.com/exasol/artifact-reference-checker-maven-plugin/ +[99]: https://github.com/exasol/artifact-reference-checker-maven-plugin/blob/main/LICENSE +[100]: https://maven.apache.org/surefire/maven-failsafe-plugin/ +[101]: https://www.jacoco.org/jacoco/trunk/doc/maven.html +[102]: https://www.eclipse.org/legal/epl-2.0/ +[103]: https://github.com/exasol/error-code-crawler-maven-plugin/ +[104]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE +[105]: http://zlika.github.io/reproducible-build-maven-plugin +[106]: https://github.com/exasol/project-keeper/ +[107]: https://github.com/exasol/project-keeper/blob/main/LICENSE +[108]: https://github.com/itsallcode/openfasttrace-maven-plugin +[109]: https://www.gnu.org/licenses/gpl-3.0.html +[110]: http://www.scalastyle.org +[111]: https://github.com/diffplug/spotless +[112]: https://github.com/evis/scalafix-maven-plugin +[113]: https://www.mojohaus.org/exec-maven-plugin +[114]: https://maven.apache.org/plugins/maven-clean-plugin/ +[115]: https://registry.npmjs.org/@exasol/extension-manager-interface/-/extension-manager-interface-0.4.1.tgz diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md index 66d3ad2b..02675fd5 100644 --- a/doc/changes/changelog.md +++ b/doc/changes/changelog.md @@ -1,5 +1,6 @@ # Changes +* [2.7.12](changes_2.7.12.md) * [2.7.11](changes_2.7.11.md) * [2.7.10](changes_2.7.10.md) * [2.7.9](changes_2.7.9.md) diff --git a/doc/changes/changes_2.7.12.md b/doc/changes/changes_2.7.12.md new file mode 100644 index 00000000..f819408e --- /dev/null +++ b/doc/changes/changes_2.7.12.md @@ -0,0 +1,45 @@ +# Cloud Storage Extension 2.7.12, released 2024-04-18 + +Code name: Dependency upgrades + +## Summary +Dependencies upgraded to fix CVE-2024-29131, CVE-2024-29133 and CVE-2024-29025 + +## Features + +* #303: CVE-2024-29131: org.apache.commons:commons-configuration2:jar:2.8.0:compile +* #304: CVE-2024-29133: org.apache.commons:commons-configuration2:jar:2.8.0:compile +* #306: CVE-2024-29025: io.netty:netty-codec-http:jar:4.1.100.Final:compile + +## Dependency Updates + +### Cloud Storage Extension + +#### Compile Dependency Updates + +* Updated `com.exasol:parquet-io-java:2.0.6` to `2.0.8` +* Added `io.netty:netty-codec-http2:4.1.108.Final` +* Removed `io.netty:netty-handler:4.1.101.Final` +* Added `org.apache.commons:commons-configuration2:2.10.1` +* Added `org.glassfish.jersey.containers:jersey-container-servlet-core:2.41` +* Added `org.glassfish.jersey.containers:jersey-container-servlet:2.41` +* Added `org.glassfish.jersey.core:jersey-client:2.41` +* Added `org.glassfish.jersey.core:jersey-common:2.41` +* Added `org.glassfish.jersey.core:jersey-server:2.41` +* Added `org.glassfish.jersey.inject:jersey-hk2:2.41` + +#### Test Dependency Updates + +* Updated `com.exasol:exasol-testcontainers:7.0.0` to `7.0.1` +* Updated `com.exasol:hamcrest-resultset-matcher:1.6.3` to `1.6.5` +* Updated `com.exasol:test-db-builder-java:3.5.3` to `3.5.4` +* Removed `org.glassfish.jersey.core:jersey-common:2.41` + +#### Plugin Dependency Updates + +* Updated `com.exasol:error-code-crawler-maven-plugin:2.0.0` to `2.0.2` +* Updated `com.exasol:project-keeper-maven-plugin:4.1.0` to `4.3.0` +* Updated `org.apache.maven.plugins:maven-assembly-plugin:3.6.0` to `3.7.1` +* Updated `org.apache.maven.plugins:maven-compiler-plugin:3.12.1` to `3.13.0` +* Updated `org.jacoco:jacoco-maven-plugin:0.8.11` to `0.8.12` +* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594` to `3.11.0.3922` diff --git a/doc/user_guide/user_guide.md b/doc/user_guide/user_guide.md index d6fc965f..b6f1ff91 100644 --- a/doc/user_guide/user_guide.md +++ b/doc/user_guide/user_guide.md @@ -150,7 +150,7 @@ downloaded jar file is the same as the checksum provided in the releases. To check the SHA256 result of the local jar, run the command: ```sh -sha256sum exasol-cloud-storage-extension-2.7.11.jar +sha256sum exasol-cloud-storage-extension-2.7.12.jar ``` ### Building From Source @@ -180,7 +180,7 @@ mvn clean package -DskipTests=true ``` The assembled jar file should be located at -`target/exasol-cloud-storage-extension-2.7.11.jar`. +`target/exasol-cloud-storage-extension-2.7.12.jar`. ### Create an Exasol Bucket @@ -202,7 +202,7 @@ for the HTTP protocol. Upload the jar file using curl command: ```sh -curl -X PUT -T exasol-cloud-storage-extension-2.7.11.jar \ +curl -X PUT -T exasol-cloud-storage-extension-2.7.12.jar \ http://w:@exasol.datanode.domain.com:2580// ``` @@ -234,7 +234,7 @@ OPEN SCHEMA CLOUD_STORAGE_EXTENSION; CREATE OR REPLACE JAVA SET SCRIPT IMPORT_PATH(...) EMITS (...) AS %scriptclass com.exasol.cloudetl.scriptclasses.FilesImportQueryGenerator; - %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.7.11.jar; + %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.7.12.jar; / CREATE OR REPLACE JAVA SCALAR SCRIPT IMPORT_METADATA(...) EMITS ( @@ -244,12 +244,12 @@ CREATE OR REPLACE JAVA SCALAR SCRIPT IMPORT_METADATA(...) EMITS ( end_index DECIMAL(36, 0) ) AS %scriptclass com.exasol.cloudetl.scriptclasses.FilesMetadataReader; - %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.7.11.jar; + %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.7.12.jar; / CREATE OR REPLACE JAVA SET SCRIPT IMPORT_FILES(...) EMITS (...) AS %scriptclass com.exasol.cloudetl.scriptclasses.FilesDataImporter; - %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.7.11.jar; + %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.7.12.jar; / ``` @@ -268,12 +268,12 @@ OPEN SCHEMA CLOUD_STORAGE_EXTENSION; CREATE OR REPLACE JAVA SET SCRIPT EXPORT_PATH(...) EMITS (...) AS %scriptclass com.exasol.cloudetl.scriptclasses.TableExportQueryGenerator; - %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.7.11.jar; + %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.7.12.jar; / CREATE OR REPLACE JAVA SET SCRIPT EXPORT_TABLE(...) EMITS (ROWS_AFFECTED INT) AS %scriptclass com.exasol.cloudetl.scriptclasses.TableDataExporter; - %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.7.11.jar; + %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.7.12.jar; / ``` @@ -407,13 +407,13 @@ CREATE OR REPLACE JAVA SCALAR SCRIPT IMPORT_METADATA(...) EMITS ( ) AS %jvmoption -DHTTPS_PROXY=http://username:password@10.10.1.10:1180 %scriptclass com.exasol.cloudetl.scriptclasses.FilesMetadataReader; - %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.7.11.jar; + %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.7.12.jar; / CREATE OR REPLACE JAVA SET SCRIPT IMPORT_FILES(...) EMITS (...) AS %jvmoption -DHTTPS_PROXY=http://username:password@10.10.1.10:1180 %scriptclass com.exasol.cloudetl.scriptclasses.FilesDataImporter; - %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.7.11.jar; + %jar /buckets/bfsdefault//exasol-cloud-storage-extension-2.7.12.jar; / ``` diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom index 60d4a465..5c40e703 100644 --- a/pk_generated_parent.pom +++ b/pk_generated_parent.pom @@ -3,7 +3,7 @@ 4.0.0 com.exasol cloud-storage-extension-generated-parent - 2.7.11 + 2.7.12 pom UTF-8 @@ -39,7 +39,7 @@ org.sonarsource.scanner.maven sonar-maven-plugin - 3.10.0.2594 + 3.11.0.3922 org.apache.maven.plugins @@ -63,15 +63,14 @@ org.apache.maven.plugins maven-compiler-plugin - 3.12.1 + 3.13.0 ${java.version} ${java.version} true - - -Xlint:all,-processing - + -Xlint:all + -Werror @@ -205,7 +204,7 @@ org.apache.maven.plugins maven-assembly-plugin - 3.6.0 + 3.7.1 src/assembly/all-dependencies.xml @@ -275,7 +274,7 @@ org.jacoco jacoco-maven-plugin - 0.8.11 + 0.8.12 prepare-agent @@ -316,7 +315,7 @@ com.exasol error-code-crawler-maven-plugin - 2.0.0 + 2.0.2 verify diff --git a/pom.xml b/pom.xml index 187d52bd..54527579 100644 --- a/pom.xml +++ b/pom.xml @@ -3,14 +3,14 @@ 4.0.0 com.exasol cloud-storage-extension - 2.7.11 + 2.7.12 Cloud Storage Extension Exasol Cloud Storage Import And Export Extension https://github.com/exasol/cloud-storage-extension/ cloud-storage-extension-generated-parent com.exasol - 2.7.11 + 2.7.12 pk_generated_parent.pom @@ -36,6 +36,18 @@ commons-lang3 3.14.0 + + + org.apache.commons + commons-configuration2 + 2.10.1 + + + commons-logging + commons-logging + + + com.google.guava guava @@ -48,10 +60,10 @@ 1.60.0 - + io.netty - netty-handler - 4.1.101.Final + netty-codec-http2 + 4.1.108.Final org.xerial.snappy @@ -480,6 +492,26 @@ org.apache.orc orc-core + + org.glassfish.jersey.core + jersey-client + + + org.glassfish.jersey.core + jersey-server + + + org.glassfish.jersey.containers + jersey-container-servlet + + + org.glassfish.jersey.containers + jersey-container-servlet-core + + + org.glassfish.jersey.inject + jersey-hk2 + @@ -491,7 +523,7 @@ com.exasol parquet-io-java - 2.0.6 + 2.0.8 org.slf4j @@ -558,19 +590,19 @@ com.exasol exasol-testcontainers - 7.0.0 + 7.0.1 test com.exasol test-db-builder-java - 3.5.3 + 3.5.4 test com.exasol hamcrest-resultset-matcher - 1.6.3 + 1.6.5 test @@ -602,11 +634,56 @@ org.glassfish.jersey.core jersey-common 2.41 - test + compile + + + + org.glassfish.jersey.core + jersey-client + 2.41 + compile + + + + org.glassfish.jersey.core + jersey-server + 2.41 + compile + + + + org.glassfish.jersey.containers + jersey-container-servlet + 2.41 + compile + + + + org.glassfish.jersey.containers + jersey-container-servlet-core + 2.41 + compile + + + + org.glassfish.jersey.inject + jersey-hk2 + 2.41 + compile + + org.apache.maven.plugins + maven-compiler-plugin + + + -Xlint:all,-path,-processing + -Werror + + + net.alchim31.maven scala-maven-plugin @@ -766,9 +843,6 @@ CVE-2020-36641 - - - CVE-2023-4586 @@ -791,7 +865,7 @@ com.exasol project-keeper-maven-plugin - 4.1.0 + 4.3.0 diff --git a/src/test/java/org/apache/log4j/MDC.java b/src/test/java/org/apache/log4j/MDC.java index 6c49e6ee..768901ff 100644 --- a/src/test/java/org/apache/log4j/MDC.java +++ b/src/test/java/org/apache/log4j/MDC.java @@ -144,7 +144,8 @@ private void put0(final String key, final Object o) { if (java1 || tlm == null) { return; } else { - Hashtable ht = (Hashtable) ((ThreadLocalMap) tlm).get(); + @SuppressWarnings("unchecked") Hashtable ht = + (Hashtable) ((ThreadLocalMap) tlm).get(); if (ht == null) { ht = new Hashtable<>(HT_SIZE); ((ThreadLocalMap) tlm).set(ht);