diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml
index c4ff3be..82ec1cd 100644
--- a/.github/workflows/broken_links_checker.yml
+++ b/.github/workflows/broken_links_checker.yml
@@ -15,16 +15,18 @@ jobs:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Configure broken links checker
run: |
mkdir -p ./target
echo '{"aliveStatusCodes": [429, 200], "ignorePatterns": [' \
'{"pattern": "^https?://(www|dev).mysql.com/"},' \
'{"pattern": "^https?://(www.)?opensource.org"}' \
+ '{"pattern": "^https?://(www.)?eclipse.org"}' \
+ '{"pattern": "^https?://projects.eclipse.org"}' \
']}' > ./target/broken_links_checker.json
- uses: gaurav-nelson/github-action-markdown-link-check@v1
with:
- use-quiet-mode: 'yes'
- use-verbose-mode: 'yes'
+ use-quiet-mode: "yes"
+ use-verbose-mode: "yes"
config-file: ./target/broken_links_checker.json
diff --git a/.github/workflows/ci-build-next-java.yml b/.github/workflows/ci-build-next-java.yml
index e0c15cf..7cbab08 100644
--- a/.github/workflows/ci-build-next-java.yml
+++ b/.github/workflows/ci-build-next-java.yml
@@ -14,15 +14,15 @@ jobs:
cancel-in-progress: true
steps:
- name: Checkout the repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
- distribution: 'temurin'
+ distribution: "temurin"
java-version: 17
- cache: 'maven'
+ cache: "maven"
- name: Run tests and build with Maven
run: |
mvn --batch-mode --update-snapshots clean package -DtrimStackTrace=false \
diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
index e520870..7c42d6d 100644
--- a/.github/workflows/ci-build.yml
+++ b/.github/workflows/ci-build.yml
@@ -13,16 +13,22 @@ jobs:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
steps:
+ - name: Free Disk Space
+ run: |
+ sudo rm -rf /usr/local/lib/android
+ sudo rm -rf /usr/share/dotnet
- name: Checkout the repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
fetch-depth: 0
- - name: Set up JDK 11
+ - name: Set up JDK 11 & 17
uses: actions/setup-java@v3
with:
- distribution: 'temurin'
- java-version: 11
- cache: 'maven'
+ distribution: "temurin"
+ java-version: |
+ 17
+ 11
+ cache: "maven"
- name: Cache SonarCloud packages
uses: actions/cache@v3
with:
@@ -33,7 +39,7 @@ jobs:
run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties"
- name: Run tests and build with Maven
run: |
- mvn --batch-mode clean verify \
+ JAVA_HOME=$JAVA_HOME_11_X64 mvn --batch-mode clean verify \
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
-DtrimStackTrace=false
- name: Publish Test Report
@@ -44,12 +50,12 @@ jobs:
- name: Sonar analysis
if: ${{ env.SONAR_TOKEN != null }}
run: |
- mvn --batch-mode org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
+ JAVA_HOME=$JAVA_HOME_17_X64 mvn --batch-mode org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
-DtrimStackTrace=false \
-Dsonar.organization=exasol \
-Dsonar.host.url=https://sonarcloud.io \
- -Dsonar.login=$SONAR_TOKEN
+ -Dsonar.token=$SONAR_TOKEN
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
\ No newline at end of file
+ SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml
index b2ab231..3059964 100644
--- a/.github/workflows/dependencies_check.yml
+++ b/.github/workflows/dependencies_check.yml
@@ -9,12 +9,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
- distribution: 'temurin'
+ distribution: "temurin"
java-version: 11
- cache: 'maven'
+ cache: "maven"
- name: Checking dependencies for vulnerabilities
- run: mvn --batch-mode org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml
\ No newline at end of file
+ run: mvn --batch-mode org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml
diff --git a/.github/workflows/release_droid_prepare_original_checksum.yml b/.github/workflows/release_droid_prepare_original_checksum.yml
index 4a980f8..aa0f78f 100644
--- a/.github/workflows/release_droid_prepare_original_checksum.yml
+++ b/.github/workflows/release_droid_prepare_original_checksum.yml
@@ -7,16 +7,20 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
+ - name: Free Disk Space
+ run: |
+ sudo rm -rf /usr/local/lib/android
+ sudo rm -rf /usr/share/dotnet
- name: Checkout the repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
- distribution: 'temurin'
+ distribution: "temurin"
java-version: 11
- cache: 'maven'
+ cache: "maven"
- name: Enable testcontainer reuse
run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties"
- name: Run tests and build with Maven
@@ -28,4 +32,4 @@ jobs:
with:
name: original_checksum
retention-days: 5
- path: original_checksum
\ No newline at end of file
+ path: original_checksum
diff --git a/.github/workflows/release_droid_print_quick_checksum.yml b/.github/workflows/release_droid_print_quick_checksum.yml
index 8add957..aed4444 100644
--- a/.github/workflows/release_droid_print_quick_checksum.yml
+++ b/.github/workflows/release_droid_print_quick_checksum.yml
@@ -8,17 +8,16 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
- distribution: 'temurin'
+ distribution: "temurin"
java-version: 11
- cache: 'maven'
+ cache: "maven"
- name: Build with Maven skipping tests
run: mvn --batch-mode clean verify -DskipTests
- name: Print checksum
run: echo 'checksum_start==';find target -maxdepth 1 -name *.jar -exec sha256sum "{}" + | xargs;echo '==checksum_end'
-
diff --git a/.github/workflows/release_droid_release_on_maven_central.yml b/.github/workflows/release_droid_release_on_maven_central.yml
index b467607..dfdbd6a 100644
--- a/.github/workflows/release_droid_release_on_maven_central.yml
+++ b/.github/workflows/release_droid_release_on_maven_central.yml
@@ -8,15 +8,15 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Maven Central Repository
uses: actions/setup-java@v3
with:
- distribution: 'temurin'
+ distribution: "temurin"
java-version: 11
- cache: 'maven'
+ cache: "maven"
server-id: ossrh
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
@@ -27,4 +27,4 @@ jobs:
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
- MAVEN_GPG_PASSPHRASE: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
\ No newline at end of file
+ MAVEN_GPG_PASSPHRASE: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
diff --git a/.github/workflows/release_droid_upload_github_release_assets.yml b/.github/workflows/release_droid_upload_github_release_assets.yml
index 7350faf..7ae8bbb 100644
--- a/.github/workflows/release_droid_upload_github_release_assets.yml
+++ b/.github/workflows/release_droid_upload_github_release_assets.yml
@@ -4,7 +4,7 @@ on:
workflow_dispatch:
inputs:
upload_url:
- description: 'Assets upload URL'
+ description: "Assets upload URL"
required: true
jobs:
@@ -12,15 +12,15 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
- distribution: 'temurin'
+ distribution: "temurin"
java-version: 11
- cache: 'maven'
+ cache: "maven"
- name: Build with Maven skipping tests
run: mvn --batch-mode clean verify -DskipTests
- name: Generate sha256sum files
diff --git a/.gitignore b/.gitignore
index 8e08d81..b000c8b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@ pom.xml.versionsBackup
# .settings : we need Eclipse settings for code formatter and clean-up rules
.settings/org.eclipse.core.resources.prefs
.settings/org.eclipse.jdt.apt.core.prefs
+.settings/org.eclipse.m2e.core.prefs
target
.cache
dependency-reduced-pom.xml
diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs
index 8b5a9aa..bb40c3f 100644
--- a/.settings/org.eclipse.jdt.core.prefs
+++ b/.settings/org.eclipse.jdt.core.prefs
@@ -111,7 +111,7 @@ org.eclipse.jdt.core.compiler.problem.unusedPrivateMember=warning
org.eclipse.jdt.core.compiler.problem.unusedTypeParameter=ignore
org.eclipse.jdt.core.compiler.problem.unusedWarningToken=warning
org.eclipse.jdt.core.compiler.problem.varargsArgumentNeedCast=warning
-org.eclipse.jdt.core.compiler.processAnnotations=enabled
+org.eclipse.jdt.core.compiler.processAnnotations=disabled
org.eclipse.jdt.core.compiler.release=disabled
org.eclipse.jdt.core.compiler.source=11
org.eclipse.jdt.core.formatter.align_assignment_statements_on_columns=false
diff --git a/dependencies.md b/dependencies.md
index 1012312..b08d42d 100644
--- a/dependencies.md
+++ b/dependencies.md
@@ -6,8 +6,8 @@
| Dependency | License |
| ------------------------------- | --------------------------------------------- |
| [Apache Parquet Hadoop][0] | [The Apache Software License, Version 2.0][1] |
-| Apache Hadoop Client Aggregator | [Apache License, Version 2.0][2] |
-| [snappy-java][3] | [Apache-2.0][4] |
+| [snappy-java][2] | [Apache-2.0][3] |
+| Apache Hadoop Client Aggregator | [Apache License, Version 2.0][4] |
| [Scala Library][5] | [Apache-2.0][6] |
| [error-reporting-java][7] | [MIT License][8] |
@@ -26,23 +26,23 @@
| Dependency | License |
| ------------------------------------------------------- | --------------------------------------------- |
| [SonarQube Scanner for Maven][17] | [GNU LGPL 3][18] |
-| [Apache Maven Compiler Plugin][19] | [Apache-2.0][2] |
-| [Apache Maven Enforcer Plugin][20] | [Apache-2.0][2] |
-| [Maven Flatten Plugin][21] | [Apache Software Licenese][2] |
+| [Apache Maven Compiler Plugin][19] | [Apache-2.0][4] |
+| [Apache Maven Enforcer Plugin][20] | [Apache-2.0][4] |
+| [Maven Flatten Plugin][21] | [Apache Software Licenese][4] |
| [org.sonatype.ossindex.maven:ossindex-maven-plugin][22] | [ASL2][1] |
-| [Maven Surefire Plugin][23] | [Apache-2.0][2] |
-| [Versions Maven Plugin][24] | [Apache License, Version 2.0][2] |
+| [Maven Surefire Plugin][23] | [Apache-2.0][4] |
+| [Versions Maven Plugin][24] | [Apache License, Version 2.0][4] |
| [scala-maven-plugin][25] | [Public domain (Unlicense)][26] |
| [ScalaTest Maven Plugin][27] | [the Apache License, ASL Version 2.0][16] |
| [OpenFastTrace Maven Plugin][28] | [GNU General Public License v3.0][29] |
| [Project keeper maven plugin][30] | [The MIT License][31] |
| [duplicate-finder-maven-plugin Maven Mojo][32] | [Apache License 2.0][33] |
-| [Apache Maven Deploy Plugin][34] | [Apache-2.0][2] |
-| [Apache Maven GPG Plugin][35] | [Apache License, Version 2.0][2] |
-| [Apache Maven Source Plugin][36] | [Apache License, Version 2.0][2] |
-| [Apache Maven Javadoc Plugin][37] | [Apache-2.0][2] |
+| [Apache Maven Deploy Plugin][34] | [Apache-2.0][4] |
+| [Apache Maven GPG Plugin][35] | [Apache-2.0][4] |
+| [Apache Maven Source Plugin][36] | [Apache License, Version 2.0][4] |
+| [Apache Maven Javadoc Plugin][37] | [Apache-2.0][4] |
| [Nexus Staging Maven Plugin][38] | [Eclipse Public License][39] |
-| [Maven Failsafe Plugin][40] | [Apache-2.0][2] |
+| [Maven Failsafe Plugin][40] | [Apache-2.0][4] |
| [JaCoCo :: Maven Plugin][41] | [Eclipse Public License 2.0][42] |
| [error-code-crawler-maven-plugin][43] | [MIT License][44] |
| [Reproducible Build Maven Plugin][45] | [Apache 2.0][1] |
@@ -54,9 +54,9 @@
[0]: https://parquet.apache.org
[1]: http://www.apache.org/licenses/LICENSE-2.0.txt
-[2]: https://www.apache.org/licenses/LICENSE-2.0.txt
-[3]: https://github.com/xerial/snappy-java
-[4]: https://www.apache.org/licenses/LICENSE-2.0.html
+[2]: https://github.com/xerial/snappy-java
+[3]: https://www.apache.org/licenses/LICENSE-2.0.html
+[4]: https://www.apache.org/licenses/LICENSE-2.0.txt
[5]: https://www.scala-lang.org/
[6]: https://www.apache.org/licenses/LICENSE-2.0
[7]: https://github.com/exasol/error-reporting-java/
@@ -84,7 +84,7 @@
[29]: https://www.gnu.org/licenses/gpl-3.0.html
[30]: https://github.com/exasol/project-keeper/
[31]: https://github.com/exasol/project-keeper/blob/main/LICENSE
-[32]: https://github.com/basepom/duplicate-finder-maven-plugin
+[32]: https://basepom.github.io/duplicate-finder-maven-plugin
[33]: http://www.apache.org/licenses/LICENSE-2.0.html
[34]: https://maven.apache.org/plugins/maven-deploy-plugin/
[35]: https://maven.apache.org/plugins/maven-gpg-plugin/
diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md
index 716f2c4..866d8f8 100644
--- a/doc/changes/changelog.md
+++ b/doc/changes/changelog.md
@@ -1,5 +1,6 @@
# Changes
+* [2.0.5](changes_2.0.5.md)
* [2.0.4](changes_2.0.4.md)
* [2.0.3](changes_2.0.3.md)
* [2.0.2](changes_2.0.2.md)
diff --git a/doc/changes/changes_2.0.5.md b/doc/changes/changes_2.0.5.md
new file mode 100644
index 0000000..7409ef8
--- /dev/null
+++ b/doc/changes/changes_2.0.5.md
@@ -0,0 +1,38 @@
+# Parquet for Java 2.0.5, released 2023-09-27
+
+Code name: Fixed CVE-2023-43642
+
+## Summary
+
+This release fixes CVE-2023-43642 in `org.xerial.snappy:snappy-java`.
+
+## Security
+
+* #62: Fixed CVE-2023-43642 in `org.xerial.snappy:snappy-java`
+
+## Dependency Updates
+
+### Compile Dependency Updates
+
+* Updated `org.scala-lang:scala-library:2.13.11` to `2.13.12`
+* Updated `org.xerial.snappy:snappy-java:1.1.10.1` to `1.1.10.5`
+
+### Test Dependency Updates
+
+* Updated `org.junit.jupiter:junit-jupiter:5.9.3` to `5.10.0`
+* Updated `org.mockito:mockito-core:5.4.0` to `5.5.0`
+* Updated `org.mockito:mockito-junit-jupiter:5.4.0` to `5.5.0`
+* Updated `org.scalatest:scalatest_2.13:3.2.15` to `3.3.0-SNAP4`
+
+### Plugin Dependency Updates
+
+* Updated `com.exasol:error-code-crawler-maven-plugin:1.2.3` to `1.3.0`
+* Updated `com.exasol:project-keeper-maven-plugin:2.9.7` to `2.9.12`
+* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.3.0` to `3.4.0`
+* Updated `org.apache.maven.plugins:maven-failsafe-plugin:3.0.0` to `3.1.2`
+* Updated `org.apache.maven.plugins:maven-gpg-plugin:3.0.1` to `3.1.0`
+* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.0.0` to `3.1.2`
+* Updated `org.basepom.maven:duplicate-finder-maven-plugin:1.5.1` to `2.0.1`
+* Updated `org.codehaus.mojo:flatten-maven-plugin:1.4.1` to `1.5.0`
+* Updated `org.codehaus.mojo:versions-maven-plugin:2.15.0` to `2.16.0`
+* Updated `org.jacoco:jacoco-maven-plugin:0.8.9` to `0.8.10`
diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom
index 11ca625..f9003dd 100644
--- a/pk_generated_parent.pom
+++ b/pk_generated_parent.pom
@@ -3,7 +3,7 @@
4.0.0
com.exasol
parquet-io-java-generated-parent
- 2.0.4
+ 2.0.5
pom
UTF-8
@@ -62,7 +62,7 @@
org.apache.maven.plugins
maven-enforcer-plugin
- 3.3.0
+ 3.4.0
enforce-maven
@@ -82,7 +82,7 @@
org.codehaus.mojo
flatten-maven-plugin
- 1.4.1
+ 1.5.0
true
oss
@@ -121,7 +121,7 @@
org.apache.maven.plugins
maven-surefire-plugin
- 3.0.0
+ 3.1.2
@@ -132,7 +132,7 @@
org.codehaus.mojo
versions-maven-plugin
- 2.15.0
+ 2.16.0
display-updates
@@ -150,7 +150,7 @@
org.basepom.maven
duplicate-finder-maven-plugin
- 1.5.1
+ 2.0.1
default
@@ -168,7 +168,6 @@
true
true
false
- true
true
false
@@ -184,7 +183,7 @@
org.apache.maven.plugins
maven-gpg-plugin
- 3.0.1
+ 3.1.0
sign-artifacts
@@ -204,6 +203,9 @@
org.apache.maven.plugins
maven-source-plugin
+
3.2.1
@@ -258,7 +260,7 @@
org.apache.maven.plugins
maven-failsafe-plugin
- 3.0.0
+ 3.1.2
@@ -279,7 +281,7 @@
org.jacoco
jacoco-maven-plugin
- 0.8.9
+ 0.8.10
prepare-agent
@@ -320,7 +322,7 @@
com.exasol
error-code-crawler-maven-plugin
- 1.2.3
+ 1.3.0
verify
diff --git a/pom.xml b/pom.xml
index b845a86..a7ddb7a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,20 +3,20 @@
4.0.0
com.exasol
parquet-io-java
- 2.0.4
+ 2.0.5
Parquet for Java
This project provides a library that reads Parquet files into Java objects.
https://github.com/exasol/parquet-io-java/
parquet-io-java-generated-parent
com.exasol
- 2.0.4
+ 2.0.5
pk_generated_parent.pom
- 2.13.11
+ 2.13.12
2.13
- 5.4.0
+ 5.5.0
@@ -24,6 +24,12 @@
parquet-hadoop
1.13.1
+
+
+ org.xerial.snappy
+ snappy-java
+ 1.1.10.5
+
org.apache.hadoop
hadoop-client
@@ -97,11 +103,6 @@
-
- org.xerial.snappy
- snappy-java
- 1.1.10.1
-
org.scala-lang
scala-library
@@ -116,7 +117,7 @@
org.junit.jupiter
junit-jupiter
- 5.9.3
+ 5.10.0
test
@@ -140,7 +141,7 @@
org.scalatest
scalatest_${scala.compat.version}
- 3.2.15
+ 3.3.0-SNAP4
test
@@ -236,7 +237,7 @@
com.exasol
project-keeper-maven-plugin
- 2.9.7
+ 2.9.12