#48: Upgrade dependencies (#49)

.github/workflows/release_droid_upload_github_release_assets.yml

@@ -24,7 +24,9 @@ jobs:
       - name: Build with Maven skipping tests
         run: mvn --batch-mode clean verify -DskipTests
       - name: Generate sha256sum files
-        run: find target -maxdepth 1 -name *.jar -exec bash -c 'sha256sum {} > {}.sha256' \;
+        run: |
+          cd target
+          find . -maxdepth 1 -name \*.jar -exec bash -c 'sha256sum {} > {}.sha256' \;
       - name: Upload assets to the GitHub release draft
         uses: shogo82148/actions-upload-release-asset@v1
         with:
@@ -39,4 +41,4 @@ jobs:
         uses: shogo82148/actions-upload-release-asset@v1
         with:
           upload_url: ${{ github.event.inputs.upload_url }}
-          asset_path: target/error_code_report.json
+          asset_path: target/error_code_report.json

.vscode/settings.json

@@ -0,0 +1,21 @@
+{
+    "editor.formatOnSave": true,
+    "editor.codeActionsOnSave": {
+        "source.organizeImports": true,
+        "source.generate.finalModifiers": true,
+        "source.fixAll": true
+    },
+    "java.codeGeneration.useBlocks": true,
+    "java.saveActions.organizeImports": true,
+    "java.sources.organizeImports.starThreshold": 3,
+    "java.sources.organizeImports.staticStarThreshold": 3,
+    "java.test.config": {
+        "vmArgs": [
+            "-Djava.util.logging.config.file=src/test/resources/logging.properties"
+        ]
+    },
+    "sonarlint.connectedMode.project": {
+        "connectionId": "exasol",
+        "projectKey": "com.exasol:parquet-io-java"
+    }
+}

dependencies.md

@@ -10,7 +10,7 @@
 | [Guava: Google Core Libraries for Java][3] | [Apache License, Version 2.0][1]              |
 | [Apache Commons Compress][4]               | [Apache License, Version 2.0][2]              |
 | [Scala Library][5]                         | [Apache-2.0][6]                               |
-| [error-reporting-java][7]                  | [MIT][8]                                      |
+| [error-reporting-java][7]                  | [MIT License][8]                              |
 
 ## Test Dependencies
 
@@ -36,22 +36,22 @@
 | [OpenFastTrace Maven Plugin][26]                        | [GNU General Public License v3.0][27]         |
 | [Project keeper maven plugin][28]                       | [The MIT License][29]                         |
 | [org.sonatype.ossindex.maven:ossindex-maven-plugin][30] | [ASL2][1]                                     |
-| [Reproducible Build Maven Plugin][31]                   | [Apache 2.0][1]                               |
-| [Maven Surefire Plugin][32]                             | [Apache License, Version 2.0][2]              |
-| [Versions Maven Plugin][33]                             | [Apache License, Version 2.0][2]              |
-| [Apache Maven Deploy Plugin][34]                        | [Apache License, Version 2.0][2]              |
-| [Apache Maven GPG Plugin][35]                           | [Apache License, Version 2.0][2]              |
-| [Apache Maven Source Plugin][36]                        | [Apache License, Version 2.0][2]              |
-| [Apache Maven Javadoc Plugin][37]                       | [Apache License, Version 2.0][2]              |
-| [Nexus Staging Maven Plugin][38]                        | [Eclipse Public License][39]                  |
-| [Maven Failsafe Plugin][40]                             | [Apache License, Version 2.0][2]              |
-| [JaCoCo :: Maven Plugin][41]                            | [Eclipse Public License 2.0][42]              |
-| [error-code-crawler-maven-plugin][43]                   | [MIT][8]                                      |
-| [Maven Clean Plugin][44]                                | [The Apache Software License, Version 2.0][1] |
-| [Maven Resources Plugin][45]                            | [The Apache Software License, Version 2.0][1] |
-| [Maven JAR Plugin][46]                                  | [The Apache Software License, Version 2.0][1] |
-| [Maven Install Plugin][47]                              | [The Apache Software License, Version 2.0][1] |
-| [Maven Site Plugin 3][48]                               | [The Apache Software License, Version 2.0][1] |
+| [Maven Surefire Plugin][31]                             | [Apache License, Version 2.0][2]              |
+| [Versions Maven Plugin][32]                             | [Apache License, Version 2.0][2]              |
+| [Apache Maven Deploy Plugin][33]                        | [Apache License, Version 2.0][2]              |
+| [Apache Maven GPG Plugin][34]                           | [Apache License, Version 2.0][2]              |
+| [Apache Maven Source Plugin][35]                        | [Apache License, Version 2.0][2]              |
+| [Apache Maven Javadoc Plugin][36]                       | [Apache License, Version 2.0][2]              |
+| [Nexus Staging Maven Plugin][37]                        | [Eclipse Public License][38]                  |
+| [Maven Failsafe Plugin][39]                             | [Apache License, Version 2.0][2]              |
+| [JaCoCo :: Maven Plugin][40]                            | [Eclipse Public License 2.0][41]              |
+| [error-code-crawler-maven-plugin][42]                   | [MIT License][43]                             |
+| [Reproducible Build Maven Plugin][44]                   | [Apache 2.0][1]                               |
+| [Maven Clean Plugin][45]                                | [The Apache Software License, Version 2.0][1] |
+| [Maven Resources Plugin][46]                            | [The Apache Software License, Version 2.0][1] |
+| [Maven JAR Plugin][47]                                  | [The Apache Software License, Version 2.0][1] |
+| [Maven Install Plugin][48]                              | [The Apache Software License, Version 2.0][1] |
+| [Maven Site Plugin 3][49]                               | [The Apache Software License, Version 2.0][1] |
 
 [0]: https://parquet.apache.org
 [1]: http://www.apache.org/licenses/LICENSE-2.0.txt
@@ -60,8 +60,8 @@
 [4]: https://commons.apache.org/proper/commons-compress/
 [5]: https://www.scala-lang.org/
 [6]: https://www.apache.org/licenses/LICENSE-2.0
-[7]: https://github.com/exasol/error-reporting-java
-[8]: https://opensource.org/licenses/MIT
+[7]: https://github.com/exasol/error-reporting-java/
+[8]: https://github.com/exasol/error-reporting-java/blob/main/LICENSE
 [9]: https://junit.org/junit5/
 [10]: https://www.eclipse.org/legal/epl-v20.html
 [11]: https://github.com/mockito/mockito
@@ -84,21 +84,22 @@
 [28]: https://github.com/exasol/project-keeper/
 [29]: https://github.com/exasol/project-keeper/blob/main/LICENSE
 [30]: https://sonatype.github.io/ossindex-maven/maven-plugin/
-[31]: http://zlika.github.io/reproducible-build-maven-plugin
-[32]: https://maven.apache.org/surefire/maven-surefire-plugin/
-[33]: http://www.mojohaus.org/versions-maven-plugin/
-[34]: https://maven.apache.org/plugins/maven-deploy-plugin/
-[35]: https://maven.apache.org/plugins/maven-gpg-plugin/
-[36]: https://maven.apache.org/plugins/maven-source-plugin/
-[37]: https://maven.apache.org/plugins/maven-javadoc-plugin/
-[38]: http://www.sonatype.com/public-parent/nexus-maven-plugins/nexus-staging/nexus-staging-maven-plugin/
-[39]: http://www.eclipse.org/legal/epl-v10.html
-[40]: https://maven.apache.org/surefire/maven-failsafe-plugin/
-[41]: https://www.jacoco.org/jacoco/trunk/doc/maven.html
-[42]: https://www.eclipse.org/legal/epl-2.0/
-[43]: https://github.com/exasol/error-code-crawler-maven-plugin
-[44]: http://maven.apache.org/plugins/maven-clean-plugin/
-[45]: http://maven.apache.org/plugins/maven-resources-plugin/
-[46]: http://maven.apache.org/plugins/maven-jar-plugin/
-[47]: http://maven.apache.org/plugins/maven-install-plugin/
-[48]: http://maven.apache.org/plugins/maven-site-plugin/
+[31]: https://maven.apache.org/surefire/maven-surefire-plugin/
+[32]: http://www.mojohaus.org/versions-maven-plugin/
+[33]: https://maven.apache.org/plugins/maven-deploy-plugin/
+[34]: https://maven.apache.org/plugins/maven-gpg-plugin/
+[35]: https://maven.apache.org/plugins/maven-source-plugin/
+[36]: https://maven.apache.org/plugins/maven-javadoc-plugin/
+[37]: http://www.sonatype.com/public-parent/nexus-maven-plugins/nexus-staging/nexus-staging-maven-plugin/
+[38]: http://www.eclipse.org/legal/epl-v10.html
+[39]: https://maven.apache.org/surefire/maven-failsafe-plugin/
+[40]: https://www.jacoco.org/jacoco/trunk/doc/maven.html
+[41]: https://www.eclipse.org/legal/epl-2.0/
+[42]: https://github.com/exasol/error-code-crawler-maven-plugin/
+[43]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE
+[44]: http://zlika.github.io/reproducible-build-maven-plugin
+[45]: http://maven.apache.org/plugins/maven-clean-plugin/
+[46]: http://maven.apache.org/plugins/maven-resources-plugin/
+[47]: http://maven.apache.org/plugins/maven-jar-plugin/
+[48]: http://maven.apache.org/plugins/maven-install-plugin/
+[49]: http://maven.apache.org/plugins/maven-site-plugin/

doc/changes/changelog.md

@@ -1,5 +1,6 @@
 # Changes
 
+* [1.3.3](changes_1.3.3.md)
 * [1.3.2](changes_1.3.2.md)
 * [1.3.1](changes_1.3.1.md)
 * [1.3.0](changes_1.3.0.md)

doc/changes/changes_1.3.3.md

@@ -0,0 +1,32 @@
+# Parquet for Java 1.3.3, released 2022-09-26
+
+Code name: Fix vulnerabilities in dependencies
+
+## Summary
+
+This release fixes [sonatype-2022-5401](https://ossindex.sonatype.org/vulnerability/sonatype-2022-5401) in reload4j.
+
+## Features
+
+* #48: Fixed vulnerabilities in dependency
+
+## Dependency Updates
+
+### Compile Dependency Updates
+
+* Updated `com.exasol:error-reporting-java:0.4.1` to `1.0.0`
+* Updated `org.apache.hadoop:hadoop-client:3.3.3` to `3.3.4`
+* Updated `org.scala-lang:scala-library:2.13.8` to `2.13.9`
+
+### Test Dependency Updates
+
+* Updated `org.junit.jupiter:junit-jupiter:5.8.2` to `5.9.1`
+* Updated `org.mockito:mockito-core:4.6.1` to `4.8.0`
+* Updated `org.mockito:mockito-junit-jupiter:4.6.1` to `4.8.0`
+
+### Plugin Dependency Updates
+
+* Updated `com.exasol:error-code-crawler-maven-plugin:1.1.1` to `1.1.2`
+* Updated `com.exasol:project-keeper-maven-plugin:2.5.0` to `2.8.0`
+* Updated `net.alchim31.maven:scala-maven-plugin:4.6.2` to `4.6.3`
+* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.0.0` to `3.1.0`

pk_generated_parent.pom

@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.exasol</groupId>
     <artifactId>parquet-io-java-generated-parent</artifactId>
-    <version>1.3.2</version>
+    <version>1.3.3</version>
     <packaging>pom</packaging>
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -52,7 +52,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-enforcer-plugin</artifactId>
-                <version>3.0.0</version>
+                <version>3.1.0</version>
                 <executions>
                     <execution>
                         <id>enforce-maven</id>
@@ -108,20 +108,6 @@
                     </execution>
                 </executions>
             </plugin>
-            <plugin>
-                <groupId>io.github.zlika</groupId>
-                <artifactId>reproducible-build-maven-plugin</artifactId>
-                <version>0.15</version>
-                <executions>
-                    <execution>
-                        <id>strip-jar</id>
-                        <phase>package</phase>
-                        <goals>
-                            <goal>strip-jar</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
@@ -296,7 +282,7 @@
             <plugin>
                 <groupId>com.exasol</groupId>
                 <artifactId>error-code-crawler-maven-plugin</artifactId>
-                <version>1.1.1</version>
+                <version>1.1.2</version>
                 <executions>
                     <execution>
                         <id>verify</id>
@@ -306,6 +292,20 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <groupId>io.github.zlika</groupId>
+                <artifactId>reproducible-build-maven-plugin</artifactId>
+                <version>0.15</version>
+                <executions>
+                    <execution>
+                        <id>strip-jar</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>strip-jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>
 </project>

pom.xml

@@ -3,14 +3,14 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.exasol</groupId>
     <artifactId>parquet-io-java</artifactId>
-    <version>1.3.2</version>
+    <version>1.3.3</version>
     <name>Parquet for Java</name>
     <description>This project provides a library that reads Parquet files into Java objects.</description>
     <url>https://github.com/exasol/parquet-io-java/</url>
     <properties>
-        <scala.version>2.13.8</scala.version>
+        <scala.version>2.13.9</scala.version>
         <scala.compat.version>2.13</scala.compat.version>
-        <mockito.version>4.6.1</mockito.version>
+        <mockito.version>4.8.0</mockito.version>
     </properties>
     <distributionManagement>
         <snapshotRepository>
@@ -31,7 +31,7 @@
         <dependency>
             <groupId>org.apache.hadoop</groupId>
             <artifactId>hadoop-client</artifactId>
-            <version>3.3.3</version>
+            <version>3.3.4</version>
             <!-- Excluding transitive dependencies with vulnerabilities. -->
             <exclusions>
                 <exclusion>
@@ -84,8 +84,7 @@
                     <artifactId>protobuf-java</artifactId>
                 </exclusion>
                 <exclusion>
-                    <!-- Excluded because of https://ossindex.sonatype.org/vulnerability/CVE-2021-0341
-                        and https://ossindex.sonatype.org/vulnerability/sonatype-2018-0035 -->
+                    <!-- Excluded because it is not required at runtime -->
                     <groupId>com.squareup.okhttp</groupId>
                     <artifactId>okhttp</artifactId>
                 </exclusion>
@@ -111,13 +110,13 @@
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>error-reporting-java</artifactId>
-            <version>0.4.1</version>
+            <version>1.0.0</version>
         </dependency>
         <!-- Unit test dependencies -->
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter</artifactId>
-            <version>5.8.2</version>
+            <version>5.9.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -150,7 +149,7 @@
             <plugin>
                 <groupId>net.alchim31.maven</groupId>
                 <artifactId>scala-maven-plugin</artifactId>
-                <version>4.6.2</version>
+                <version>4.6.3</version>
                 <executions>
                     <execution>
                         <id>scala-compile-first</id>
@@ -262,7 +261,7 @@
             <plugin>
                 <groupId>com.exasol</groupId>
                 <artifactId>project-keeper-maven-plugin</artifactId>
-                <version>2.5.0</version>
+                <version>2.8.0</version>
                 <executions>
                     <execution>
                         <goals>
@@ -298,7 +297,7 @@
     <parent>
         <artifactId>parquet-io-java-generated-parent</artifactId>
         <groupId>com.exasol</groupId>
-        <version>1.3.2</version>
+        <version>1.3.3</version>
         <relativePath>pk_generated_parent.pom</relativePath>
     </parent>
 </project>

release_config.yml

@@ -1,3 +1,4 @@
 release-platforms:
   - GitHub
   - Maven
+language: Java