HADOOP-18924. Upgrade to grpc 1.53.0 due to CVEs (apache#6161). Contr…

…ibuted… (apache#439) * HADOOP-18924. Upgrade to grpc 1.53.0 due to CVEs (apache#6161). Contributed by PJ Fanning. Signed-off-by: Ayush Saxena <[email protected]> * fix conflicts * exclude conflicting animal-sniffer-annotations version * empty commit for ACLOVERRIDE --------- Signed-off-by: Ayush Saxena <[email protected]> Co-authored-by: PJ Fanning <[email protected]> Co-authored-by: Joseph DellAringa <[email protected]>
NyteKnight · Apr 24, 2024 · 0cf0ec7 · 0cf0ec7
1 parent bb940a5
commit 0cf0ec7
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 18 deletions.
diff --git a/LICENSE-binary b/LICENSE-binary
@@ -255,19 +255,45 @@ commons-io:commons-io:2.8.0
 commons-logging:commons-logging:1.1.3
 commons-net:commons-net:3.6
 de.ruedigermoeller:fst:2.50
-io.dropwizard.metrics:metrics-core:3.2.4
-io.grpc:grpc-api:1.26.0
-io.grpc:grpc-context:1.26.0
-io.grpc:grpc-core:1.26.0
-io.grpc:grpc-netty:1.26.0
-io.grpc:grpc-protobuf:1.26.0
-io.grpc:grpc-protobuf-lite:1.26.0
-io.grpc:grpc-stub:1.26.0
-io.netty:netty:3.10.6.Final
-io.netty:netty-all:4.1.61.Final
-io.opencensus:opencensus-api:0.24.0
-io.opencensus:opencensus-contrib-grpc-metrics:0.24.0
-io.perfmark:perfmark-api:0.19.0
+io.grpc:grpc-api:1.53.0
+io.grpc:grpc-context:1.53.0
+io.grpc:grpc-core:1.53.0
+io.grpc:grpc-netty:1.53.0
+io.grpc:grpc-protobuf:1.53.0
+io.grpc:grpc-protobuf-lite:1.53.0
+io.grpc:grpc-stub:1.53.0
+io.netty:netty-all:4.1.100.Final
+io.netty:netty-buffer:4.1.100.Final
+io.netty:netty-codec:4.1.100.Final
+io.netty:netty-codec-dns:4.1.100.Final
+io.netty:netty-codec-haproxy:4.1.100.Final
+io.netty:netty-codec-http:4.1.100.Final
+io.netty:netty-codec-http2:4.1.100.Final
+io.netty:netty-codec-memcache:4.1.100.Final
+io.netty:netty-codec-mqtt:4.1.100.Final
+io.netty:netty-codec-redis:4.1.100.Final
+io.netty:netty-codec-smtp:4.1.100.Final
+io.netty:netty-codec-socks:4.1.100.Final
+io.netty:netty-codec-stomp:4.1.100.Final
+io.netty:netty-codec-xml:4.1.100.Final
+io.netty:netty-common:4.1.100.Final
+io.netty:netty-handler:4.1.100.Final
+io.netty:netty-handler-proxy:4.1.100.Final
+io.netty:netty-resolver:4.1.100.Final
+io.netty:netty-resolver-dns:4.1.100.Final
+io.netty:netty-transport:4.1.100.Final
+io.netty:netty-transport-rxtx:4.1.100.Final
+io.netty:netty-transport-sctp:4.1.100.Final
+io.netty:netty-transport-udt:4.1.100.Final
+io.netty:netty-transport-classes-epoll:4.1.100.Final
+io.netty:netty-transport-native-unix-common:4.1.100.Final
+io.netty:netty-transport-classes-kqueue:4.1.100.Final
+io.netty:netty-resolver-dns-classes-macos:4.1.100.Final
+io.netty:netty-transport-native-epoll:4.1.100.Final
+io.netty:netty-transport-native-kqueue:4.1.100.Final
+io.netty:netty-resolver-dns-native-macos:4.1.100.Final
+io.opencensus:opencensus-api:0.12.3
+io.opencensus:opencensus-contrib-grpc-metrics:0.12.3
 io.reactivex:rxjava:1.3.8
 io.reactivex:rxjava-string:1.1.1
 io.reactivex:rxnetty:0.4.20
@@ -429,9 +455,8 @@ com.microsoft.azure:azure-keyvault-core:1.0.0
 com.microsoft.sqlserver:mssql-jdbc:6.2.1.jre7
 org.bouncycastle:bcpkix-jdk15on:1.60
 org.bouncycastle:bcprov-jdk15on:1.60
-org.checkerframework:checker-qual:2.5.2
 org.checkerframework:checker-qual:3.8.0
-org.codehaus.mojo:animal-sniffer-annotations:1.17
+org.codehaus.mojo:animal-sniffer-annotations:1.21
 org.jruby.jcodings:jcodings:1.0.13
 org.jruby.joni:joni:2.1.2
 org.ojalgo:ojalgo:43.0

diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-csi/pom.xml b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-csi/pom.xml
@@ -27,8 +27,8 @@
 
     <properties>
         <protobuf.version>3.6.1</protobuf.version>
-        <grpc.version>1.26.0</grpc.version>
-        <os-maven-plugin.version>1.5.0.Final</os-maven-plugin.version>
+        <grpc.version>1.53.0</grpc.version>
+        <animal-sniffer.version>1.21</animal-sniffer.version>
     </properties>
 
     <dependencies>
@@ -49,6 +49,17 @@
             <groupId>io.grpc</groupId>
             <artifactId>grpc-core</artifactId>
             <version>${grpc.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.codehaus.mojo</groupId>
+                    <artifactId>animal-sniffer-annotations</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.codehaus.mojo</groupId>
+            <artifactId>animal-sniffer-annotations</artifactId>
+            <version>${animal-sniffer.version}</version>
         </dependency>
         <dependency>
             <groupId>io.grpc</groupId>
@@ -59,6 +70,13 @@
             <groupId>io.grpc</groupId>
             <artifactId>grpc-stub</artifactId>
             <version>${grpc.version}</version>
+            <exclusions>
+                <!-- Exclude conflicting version of animal-sniffer-annotations -->
+                <exclusion>
+                    <groupId>org.codehaus.mojo</groupId>
+                    <artifactId>animal-sniffer-annotations</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>io.grpc</groupId>
@@ -160,7 +178,7 @@
                 <configuration>
                     <protocArtifact>com.google.protobuf:protoc:3.6.1:exe:${os.detected.classifier}</protocArtifact>
                     <pluginId>grpc-java</pluginId>
-                    <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.26.0:exe:${os.detected.classifier}</pluginArtifact>
+                    <pluginArtifact>io.grpc:protoc-gen-grpc-java:${grpc.version}:exe:${os.detected.classifier}</pluginArtifact>
                 </configuration>
                 <executions>
                     <execution>