From 9add7633680aa63e4576e0de49e31b5cb78af35e Mon Sep 17 00:00:00 2001 From: manas-ctds Date: Wed, 17 Dec 2025 17:57:28 +0530 Subject: [PATCH 1/4] Upgrade dependencies --- pom.xml | 23 +++++++++++++++++++++++ pulsar-transformations/pom.xml | 2 -- streaming-ai/pom.xml | 2 -- 3 files changed, 23 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index 6a1fcf2..a08944d 100644 --- a/pom.xml +++ b/pom.xml @@ -54,6 +54,7 @@ 2.12.4 0.27 2.15.4 + 2.0 streaming-ai @@ -139,6 +140,21 @@ commons-collections4 ${commons-collections4.version} + + org.apache.commons + commons-lang3 + ${commons-lang3.version} + + + com.fasterxml.jackson.dataformat + jackson-dataformat-yaml + ${jackson.version} + + + com.fasterxml.jackson.core + jackson-core + ${jackson.version} + io.airlift @@ -153,6 +169,13 @@ ${asynchttpclient.version} runtime + + + org.yaml + snakeyaml + ${snakeyaml.version} + runtime + diff --git a/pulsar-transformations/pom.xml b/pulsar-transformations/pom.xml index 7931830..ee13e65 100644 --- a/pulsar-transformations/pom.xml +++ b/pulsar-transformations/pom.xml @@ -80,7 +80,6 @@ org.apache.commons commons-lang3 - ${commons-lang3.version} com.networknt @@ -89,7 +88,6 @@ com.fasterxml.jackson.dataformat jackson-dataformat-yaml - ${jackson.version} com.azure diff --git a/streaming-ai/pom.xml b/streaming-ai/pom.xml index d738c1e..4300487 100644 --- a/streaming-ai/pom.xml +++ b/streaming-ai/pom.xml @@ -68,7 +68,6 @@ org.apache.commons commons-lang3 - ${commons-lang3.version} com.networknt @@ -77,7 +76,6 @@ com.fasterxml.jackson.dataformat jackson-dataformat-yaml - ${jackson.version} com.azure From 1665cfe5f69116492a0cc41d9995f8e7f35845e3 Mon Sep 17 00:00:00 2001 From: manas-ctds Date: Wed, 17 Dec 2025 18:45:10 +0530 Subject: [PATCH 2/4] Upgrade commons-compress and io --- pom.xml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/pom.xml b/pom.xml index a08944d..ed37cd6 100644 --- a/pom.xml +++ b/pom.xml @@ -51,6 +51,8 @@ 10.1.4 4.4 3.18.0 + 1.26.0 + 2.14.0 2.12.4 0.27 2.15.4 @@ -176,6 +178,20 @@ ${snakeyaml.version} runtime + + + org.apache.commons + commons-compress + ${commons-compress.version} + runtime + + + + commons-io + commons-io + ${commons-io.version} + runtime + From 8d1dabdf6acea6e7236e7313e649f3761432250f Mon Sep 17 00:00:00 2001 From: manas-ctds Date: Thu, 18 Dec 2025 11:41:23 +0530 Subject: [PATCH 3/4] Add commons-codec explicitly to avoid ClassNotFoundException --- tests/pom.xml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/pom.xml b/tests/pom.xml index 49be95f..cc9c049 100644 --- a/tests/pom.xml +++ b/tests/pom.xml @@ -50,6 +50,12 @@ testng test + + commons-codec + commons-codec + 1.16.1 + test + From 7813292ceb7b1a7cddf804f32a44e97d309de05a Mon Sep 17 00:00:00 2001 From: manas-ctds Date: Thu, 18 Dec 2025 12:55:24 +0530 Subject: [PATCH 4/4] Upgrade netty dependencies to resolve the remaining vulnerabilities --- pom.xml | 29 +++++++++++++++++++++++++++++ pulsar-ai-tools/pom.xml | 7 +++++++ tests/pom.xml | 1 + 3 files changed, 37 insertions(+) diff --git a/pom.xml b/pom.xml index ed37cd6..a15de4c 100644 --- a/pom.xml +++ b/pom.xml @@ -57,6 +57,7 @@ 0.27 2.15.4 2.0 + 4.1.129.Final streaming-ai @@ -192,6 +193,34 @@ ${commons-io.version} runtime + + + io.netty + netty-codec-http2 + ${netty.version} + runtime + + + + io.netty + netty-codec-http + ${netty.version} + runtime + + + + io.netty + netty-common + ${netty.version} + runtime + + + + io.netty + netty-handler + ${netty.version} + runtime + diff --git a/pulsar-ai-tools/pom.xml b/pulsar-ai-tools/pom.xml index f9a0a59..3f57a40 100644 --- a/pulsar-ai-tools/pom.xml +++ b/pulsar-ai-tools/pom.xml @@ -80,6 +80,13 @@ org.mockito mockito-inline + + + io.netty + netty-codec + ${netty.version} + test + diff --git a/tests/pom.xml b/tests/pom.xml index cc9c049..3b30601 100644 --- a/tests/pom.xml +++ b/tests/pom.xml @@ -50,6 +50,7 @@ testng test + commons-codec commons-codec