Updated collection of dependency versions (#101)

* Updated collection of dependency versions * Fix docker build process
Axual · Apr 23, 2024 · 7f4239c · 7f4239c
1 parent d04b86b
commit 7f4239c
Show file tree

Hide file tree

Showing 16 changed files with 347 additions and 265 deletions.
diff --git a/graalpy-module-collection/NOTICE.txt b/graalpy-module-collection/NOTICE.txt
@@ -3,21 +3,21 @@ Lists of 21 third-party dependencies.
      (Bouncy Castle Licence) Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs (org.bouncycastle:bcpkix-jdk18on:1.76 - https://www.bouncycastle.org/java.html)
      (Bouncy Castle Licence) Bouncy Castle Provider (org.bouncycastle:bcprov-jdk18on:1.76 - https://www.bouncycastle.org/java.html)
      (Bouncy Castle Licence) Bouncy Castle ASN.1 Extension and Utility APIs (org.bouncycastle:bcutil-jdk18on:1.76 - https://www.bouncycastle.org/java.html)
-     (New BSD License (3-clause BSD license)) Sulong API (org.graalvm.llvm:llvm-api:23.1.1 - http://www.graalvm.org/)
-     (Universal Permissive License, Version 1.0) Polyglot (org.graalvm.polyglot:polyglot:23.1.1 - https://github.com/oracle/graal)
-     (MIT License) (Python Software Foundation License) (Universal Permissive License, Version 1.0) Graalpython (org.graalvm.python:python-language:23.1.1 - http://www.graalvm.org/)
-     (MIT License) (Python Software Foundation License) (Universal Permissive License, Version 1.0) Graalpython Resources (org.graalvm.python:python-resources:23.1.1 - http://www.graalvm.org/)
-     (Universal Permissive License, Version 1.0) Tregex (org.graalvm.regex:regex:23.1.1 - http://www.graalvm.org/)
-     (Universal Permissive License, Version 1.0) Collections (org.graalvm.sdk:collections:23.1.1 - https://github.com/oracle/graal)
-     (Universal Permissive License, Version 1.0) Jniutils (org.graalvm.sdk:jniutils:23.1.1 - https://github.com/oracle/graal)
-     (Universal Permissive License, Version 1.0) Nativeimage (org.graalvm.sdk:nativeimage:23.1.1 - https://github.com/oracle/graal)
-     (Universal Permissive License, Version 1.0) Word (org.graalvm.sdk:word:23.1.1 - https://github.com/oracle/graal)
-     (Unicode/ICU License) Truffle Icu4j (org.graalvm.shadowed:icu4j:23.1.1 - http://openjdk.java.net/projects/graal)
-     (Universal Permissive License, Version 1.0) Truffle Json (org.graalvm.shadowed:json:23.1.1 - http://openjdk.java.net/projects/graal)
-     (GNU General Public License, version 2, with the Classpath Exception) Truffle Profiler (org.graalvm.tools:profiler-tool:23.1.1 - http://openjdk.java.net/projects/graal)
-     (Universal Permissive License, Version 1.0) Truffle API (org.graalvm.truffle:truffle-api:23.1.1 - http://openjdk.java.net/projects/graal)
-     (Universal Permissive License, Version 1.0) Truffle Compiler (org.graalvm.truffle:truffle-compiler:23.1.1 - http://openjdk.java.net/projects/graal)
-     (Universal Permissive License, Version 1.0) Truffle Nfi (org.graalvm.truffle:truffle-nfi:23.1.1 - http://openjdk.java.net/projects/graal)
-     (Universal Permissive License, Version 1.0) Truffle Nfi Libffi (org.graalvm.truffle:truffle-nfi-libffi:23.1.1 - http://openjdk.java.net/projects/graal)
-     (Universal Permissive License, Version 1.0) Truffle Runtime (org.graalvm.truffle:truffle-runtime:23.1.1 - http://openjdk.java.net/projects/graal)
+     (New BSD License (3-clause BSD license)) Sulong API (org.graalvm.llvm:llvm-api:23.1.2 - http://www.graalvm.org/)
+     (Universal Permissive License, Version 1.0) Polyglot (org.graalvm.polyglot:polyglot:23.1.2 - https://github.com/oracle/graal)
+     (MIT License) (Python Software Foundation License) (Universal Permissive License, Version 1.0) Graalpython (org.graalvm.python:python-language:23.1.2 - http://www.graalvm.org/)
+     (MIT License) (Python Software Foundation License) (Universal Permissive License, Version 1.0) Graalpython Resources (org.graalvm.python:python-resources:23.1.2 - http://www.graalvm.org/)
+     (Universal Permissive License, Version 1.0) Tregex (org.graalvm.regex:regex:23.1.2 - http://www.graalvm.org/)
+     (Universal Permissive License, Version 1.0) Collections (org.graalvm.sdk:collections:23.1.2 - https://github.com/oracle/graal)
+     (Universal Permissive License, Version 1.0) Jniutils (org.graalvm.sdk:jniutils:23.1.2 - https://github.com/oracle/graal)
+     (Universal Permissive License, Version 1.0) Nativeimage (org.graalvm.sdk:nativeimage:23.1.2 - https://github.com/oracle/graal)
+     (Universal Permissive License, Version 1.0) Word (org.graalvm.sdk:word:23.1.2 - https://github.com/oracle/graal)
+     (Unicode/ICU License) Truffle Icu4j (org.graalvm.shadowed:icu4j:23.1.2 - http://openjdk.java.net/projects/graal)
+     (Universal Permissive License, Version 1.0) Truffle Json (org.graalvm.shadowed:json:23.1.2 - http://openjdk.java.net/projects/graal)
+     (GNU General Public License, version 2, with the Classpath Exception) Truffle Profiler (org.graalvm.tools:profiler-tool:23.1.2 - http://openjdk.java.net/projects/graal)
+     (Universal Permissive License, Version 1.0) Truffle API (org.graalvm.truffle:truffle-api:23.1.2 - http://openjdk.java.net/projects/graal)
+     (Universal Permissive License, Version 1.0) Truffle Compiler (org.graalvm.truffle:truffle-compiler:23.1.2 - http://openjdk.java.net/projects/graal)
+     (Universal Permissive License, Version 1.0) Truffle Nfi (org.graalvm.truffle:truffle-nfi:23.1.2 - http://openjdk.java.net/projects/graal)
+     (Universal Permissive License, Version 1.0) Truffle Nfi Libffi (org.graalvm.truffle:truffle-nfi-libffi:23.1.2 - http://openjdk.java.net/projects/graal)
+     (Universal Permissive License, Version 1.0) Truffle Runtime (org.graalvm.truffle:truffle-runtime:23.1.2 - http://openjdk.java.net/projects/graal)
      (Public Domain) XZ for Java (org.tukaani:xz:1.9 - https://tukaani.org/xz/java.html)
diff --git a/graalpy-module-collection/pom.xml b/graalpy-module-collection/pom.xml
@@ -32,19 +32,16 @@
         <dependency>
             <groupId>org.graalvm.python</groupId>
             <artifactId>python-language</artifactId>
-            <version>23.1.1</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.graalvm.python</groupId>
             <artifactId>python-resources</artifactId>
-            <version>23.1.1</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.graalvm.truffle</groupId>
             <artifactId>truffle-runtime</artifactId>
-            <version>23.1.1</version>
             <scope>provided</scope>
         </dependency>
     </dependencies>
@@ -71,5 +68,4 @@
             </plugin>
         </plugins>
     </build>
-
 </project>
diff --git a/ksml-data-avro/NOTICE.txt b/ksml-data-avro/NOTICE.txt
@@ -1,19 +1,20 @@
 
-Lists of 33 third-party dependencies.
+Lists of 35 third-party dependencies.
      (MIT License) minimal-json (com.eclipsesource.minimal-json:minimal-json:0.9.5 - https://github.com/ralfstx/minimal-json)
-     (The Apache Software License, Version 2.0) Jackson-annotations (com.fasterxml.jackson.core:jackson-annotations:2.16.1 - https://github.com/FasterXML/jackson)
-     (The Apache Software License, Version 2.0) Jackson-core (com.fasterxml.jackson.core:jackson-core:2.16.1 - https://github.com/FasterXML/jackson-core)
-     (The Apache Software License, Version 2.0) jackson-databind (com.fasterxml.jackson.core:jackson-databind:2.16.1 - https://github.com/FasterXML/jackson)
-     (The Apache Software License, Version 2.0) Jackson-dataformat-CSV (com.fasterxml.jackson.dataformat:jackson-dataformat-csv:2.16.1 - https://github.com/FasterXML/jackson-dataformats-text)
-     (The Apache Software License, Version 2.0) Jackson-dataformat-YAML (com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.16.1 - https://github.com/FasterXML/jackson-dataformats-text)
+     (The Apache Software License, Version 2.0) Jackson-annotations (com.fasterxml.jackson.core:jackson-annotations:2.17.0 - https://github.com/FasterXML/jackson)
+     (The Apache Software License, Version 2.0) Jackson-core (com.fasterxml.jackson.core:jackson-core:2.17.0 - https://github.com/FasterXML/jackson-core)
+     (The Apache Software License, Version 2.0) jackson-databind (com.fasterxml.jackson.core:jackson-databind:2.17.0 - https://github.com/FasterXML/jackson)
+     (The Apache Software License, Version 2.0) Jackson-dataformat-CSV (com.fasterxml.jackson.dataformat:jackson-dataformat-csv:2.17.0 - https://github.com/FasterXML/jackson-dataformats-text)
+     (The Apache Software License, Version 2.0) Jackson-dataformat-YAML (com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.17.0 - https://github.com/FasterXML/jackson-dataformats-text)
      (BSD 2-Clause License) zstd-jni (com.github.luben:zstd-jni:1.5.5-1 - https://github.com/luben/zstd-jni)
      (The Apache Software License, Version 2.0) FindBugs-jsr305 (com.google.code.findbugs:jsr305:3.0.2 - http://findbugs.sourceforge.net/)
-     (Apache 2.0) error-prone annotations (com.google.errorprone:error_prone_annotations:2.18.0 - https://errorprone.info/error_prone_annotations)
-     (The Apache Software License, Version 2.0) Guava InternalFutureFailureAccess and InternalFutures (com.google.guava:failureaccess:1.0.1 - https://github.com/google/guava/failureaccess)
-     (Apache License, Version 2.0) Guava: Google Core Libraries for Java (com.google.guava:guava:32.0.1-jre - https://github.com/google/guava)
+     (Apache 2.0) error-prone annotations (com.google.errorprone:error_prone_annotations:2.26.1 - https://errorprone.info/error_prone_annotations)
+     (The Apache Software License, Version 2.0) Guava InternalFutureFailureAccess and InternalFutures (com.google.guava:failureaccess:1.0.2 - https://github.com/google/guava/failureaccess)
+     (Apache License, Version 2.0) Guava: Google Core Libraries for Java (com.google.guava:guava:33.1.0-jre - https://github.com/google/guava)
      (The Apache Software License, Version 2.0) Guava ListenableFuture only (com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava - https://github.com/google/guava/listenablefuture)
-     (Apache License, Version 2.0) J2ObjC Annotations (com.google.j2objc:j2objc-annotations:2.8 - https://github.com/google/j2objc/)
+     (Apache License, Version 2.0) J2ObjC Annotations (com.google.j2objc:j2objc-annotations:3.0.0 - https://github.com/google/j2objc/)
      (Go License) RE2/J (com.google.re2j:re2j:1.6 - http://github.com/google/re2j)
+     (Apache-2.0) Apache Commons Codec (commons-codec:commons-codec:1.16.1 - https://commons.apache.org/proper/commons-codec/)
      (Apache-2.0) Apache Commons IO (commons-io:commons-io:2.15.1 - https://commons.apache.org/proper/commons-io/)
      (Apache 2.0) KSML Data Library (io.axual.ksml:ksml-data:0.8.1-SNAPSHOT - https://github.com/Axual/ksml/ksml-data)
      (Apache License 2.0) utils (io.confluent:common-utils:7.6.0 - https://confluent.io/common-utils)
@@ -23,13 +24,14 @@ Lists of 33 third-party dependencies.
      (The Apache Software License, Version 2.0) Log Redactor (io.confluent:logredactor:1.0.12 - https://github.com/confluentinc/logredactor)
      (The Apache Software License, Version 2.0) Log Redactor Metrics (io.confluent:logredactor-metrics:1.0.12 - https://github.com/confluentinc/logredactor)
      (Apache License 2.0) swagger-annotations (io.swagger.core.v3:swagger-annotations:2.1.10 - https://github.com/swagger-api/swagger-core/modules/swagger-annotations)
+     (Apache License, Version 2.0) Byte Buddy (without dependencies) (net.bytebuddy:byte-buddy:1.14.9 - https://bytebuddy.net/byte-buddy)
      (Apache-2.0) Apache Avro (org.apache.avro:avro:1.11.3 - https://avro.apache.org)
-     (Apache-2.0) Apache Commons Compress (org.apache.commons:commons-compress:1.26.0 - https://commons.apache.org/proper/commons-compress/)
+     (Apache-2.0) Apache Commons Compress (org.apache.commons:commons-compress:1.26.1 - https://commons.apache.org/proper/commons-compress/)
      (Apache-2.0) Apache Commons Lang (org.apache.commons:commons-lang3:3.14.0 - https://commons.apache.org/proper/commons-lang/)
-     (The Apache License, Version 2.0) Apache Kafka (org.apache.kafka:kafka-clients:3.6.1 - https://kafka.apache.org)
-     (The MIT License) Checker Qual (org.checkerframework:checker-qual:3.33.0 - https://checkerframework.org/)
+     (The Apache License, Version 2.0) Apache Kafka (org.apache.kafka:kafka-clients:3.6.2 - https://kafka.apache.org)
+     (The MIT License) Checker Qual (org.checkerframework:checker-qual:3.42.0 - https://checkerframework.org/)
      (The Apache Software License, Version 2.0) LZ4 and xxHash (org.lz4:lz4-java:1.8.0 - https://github.com/lz4/lz4-java)
-     (The MIT License) Project Lombok (org.projectlombok:lombok:1.18.30 - https://projectlombok.org)
-     (MIT License) SLF4J API Module (org.slf4j:slf4j-api:2.0.6 - http://www.slf4j.org)
+     (The MIT License) Project Lombok (org.projectlombok:lombok:1.18.32 - https://projectlombok.org)
+     (MIT License) SLF4J API Module (org.slf4j:slf4j-api:2.0.13 - http://www.slf4j.org)
      (Apache-2.0) snappy-java (org.xerial.snappy:snappy-java:1.1.10.5 - https://github.com/xerial/snappy-java)
      (Apache License, Version 2.0) SnakeYAML (org.yaml:snakeyaml:2.2 - https://bitbucket.org/snakeyaml/snakeyaml)
diff --git a/ksml-data-avro/pom.xml b/ksml-data-avro/pom.xml
@@ -15,9 +15,6 @@
 
     <properties>
         <!-- Compress excluded from avro CVE-2024-25710 CVE-2024-26308  -->
-        <apache.commons.compress.version>1.26.0</apache.commons.compress.version>
-
-        <apache.avro.version>1.11.3</apache.avro.version>
         <sonar.coverage.jacoco.xmlReportPaths>../ksml-reporting/target/site/jacoco-aggregate/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
     </properties>
 
@@ -31,7 +28,6 @@
         <dependency>
             <groupId>org.apache.avro</groupId>
             <artifactId>avro</artifactId>
-            <version>${apache.avro.version}</version>
             <exclusions>
                 <exclusion>
                     <groupId>org.apache.commons</groupId>
@@ -59,6 +55,10 @@
                     <groupId>org.yaml</groupId>
                     <artifactId>snakeyaml</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.apache.commons</groupId>
+                    <artifactId>commons-compress</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 
@@ -71,7 +71,6 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-compress</artifactId>
-            <version>${apache.commons.compress.version}</version>
         </dependency>
     </dependencies>