Skip to content

Commit

Permalink
NIFI-10373 Set managed version for AWS 1 and 2 SDK
Browse files Browse the repository at this point in the history 
- Replaced individual AWS SDK versions with root managed dependency version
- Set AWS SDK 1 version to 1.12.299
- Set AWS SDK 2 version to 2.17.270
- Suppressed false positive dependency vulnerability for aws-sdk-swf-libraries

Signed-off-by: Pierre Villard <[email protected]>

This closes apache#6405.
  • Loading branch information
@exceptionfactory @pvillard31
exceptionfactory authored and pvillard31 committed Sep 13, 2022
1 parent a91928e commit ae14ef2
Show file tree
Hide file tree
Showing 7 changed files with 37 additions and 49 deletions.
1 change: 0 additions & 1 deletion minifi/minifi-c2/minifi-c2-cache/minifi-c2-cache-s3/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ limitations under the License.
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-s3</artifactId>
<version>${aws.sdk.version}</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
Expand Down
1 change: 0 additions & 1 deletion minifi/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,6 @@ limitations under the License.
</modules>
<properties>
<system.rules.version>1.19.0</system.rules.version>
<aws.sdk.version>1.12.267</aws.sdk.version>
<yammer.metrics.version>2.2.0</yammer.metrics.version>
</properties>

Expand Down
6 changes: 0 additions & 6 deletions nifi-commons/nifi-property-protection-aws/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,6 @@
<version>1.18.0-SNAPSHOT</version>
</parent>
<artifactId>nifi-property-protection-aws</artifactId>
<properties>
<aws.sdk.version>2.17.106</aws.sdk.version>
</properties>
<dependencies>
<dependency>
<groupId>org.apache.nifi</groupId>
Expand All @@ -46,12 +43,10 @@
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>url-connection-client</artifactId>
<version>${aws.sdk.version}</version>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>kms</artifactId>
<version>${aws.sdk.version}</version>
<exclusions>
<exclusion>
<groupId>software.amazon.awssdk</groupId>
Expand All @@ -66,7 +61,6 @@
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>secretsmanager</artifactId>
<version>${aws.sdk.version}</version>
<exclusions>
<exclusion>
<groupId>software.amazon.awssdk</groupId>
Expand Down
5 changes: 5 additions & 0 deletions nifi-dependency-check-maven/suppressions.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,4 +199,9 @@
<packageUrl regex="true">^pkg:maven/org\.apache\.avro/avro@.*$</packageUrl>
<cve>CVE-2021-43045</cve>
</suppress>
<suppress>
<notes>CVE-2022-31159 applies to AWS S3 library not the SWF libraries</notes>
<packageUrl regex="true">^pkg:maven/com\.amazonaws/aws\-java\-sdk\-swf\-libraries@.*$</packageUrl>
<cve>CVE-2022-31159</cve>
</suppress>
</suppressions>
25 changes: 0 additions & 25 deletions nifi-nar-bundles/nifi-aws-bundle/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,35 +26,10 @@
<packaging>pom</packaging>

<properties>
<!-- keep AWS 1.x until NIFI-8287 -->
<aws-java-sdk-version>1.12.267</aws-java-sdk-version>
<!-- keep KCL 1.x until NIFI-8531 (blocked by NIFI-8287) -->
<aws-kinesis-client-library-version>1.14.8</aws-kinesis-client-library-version>
</properties>

<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-bom</artifactId>
<version>${aws-java-sdk-version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-core</artifactId>
<version>${aws-java-sdk-version}</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
</dependencyManagement>

<modules>
<module>nifi-aws-processors</module>
<module>nifi-aws-nar</module>
Expand Down
16 changes: 0 additions & 16 deletions nifi-registry/nifi-registry-extensions/nifi-registry-aws/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,20 +28,4 @@
<module>nifi-registry-aws-assembly</module>
<module>nifi-registry-aws-extensions</module>
</modules>

<properties>
<aws-java-sdk-version>2.5.9</aws-java-sdk-version>
</properties>

<dependencyManagement>
<dependencies>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>bom</artifactId>
<version>${aws-java-sdk-version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
</project>
32 changes: 32 additions & 0 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,8 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<inceptionYear>2014</inceptionYear>
<com.amazonaws.version>1.12.299</com.amazonaws.version>
<software.amazon.awssdk.version>2.17.270</software.amazon.awssdk.version>
<gson.version>2.9.1</gson.version>
<kotlin.version>1.7.10</kotlin.version>
<okhttp.version>4.10.0</okhttp.version>
Expand Down Expand Up @@ -516,6 +518,36 @@
<artifactId>snakeyaml</artifactId>
<version>${snakeyaml.version}</version>
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-bom</artifactId>
<version>${com.amazonaws.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-core</artifactId>
<version>${com.amazonaws.version}</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-bundle</artifactId>
<version>${com.amazonaws.version}</version>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>bom</artifactId>
<version>${software.amazon.awssdk.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson</groupId>
<artifactId>jackson-bom</artifactId>
Expand Down

0 comments on commit ae14ef2

Please sign in to comment.