Merge pull request #595 from usc-isi-i2/security-oct-2023

Security update October

Author: punith300i

karma-common/pom.xml

@@ -22,7 +22,7 @@
 	<dependency>
 	  <groupId>com.fasterxml.jackson.core</groupId>
   		<artifactId>jackson-core</artifactId>
-  		<version>2.3.3</version>
+  		<version>2.13.4</version>
 	</dependency>
        <dependency>
         <groupId>org.glassfish.jersey.core</groupId>
@@ -143,7 +143,7 @@
 	<dependency>
 		<groupId>org.apache.avro</groupId>
 		<artifactId>avro</artifactId>
-		<version>1.7.7</version>
+		<version>1.11.3</version>
 		<exclusions>
 			<exclusion>
 				<groupId>org.xerial.snappy</groupId>
@@ -154,7 +154,7 @@
 	<dependency>
 		<groupId>org.apache.avro</groupId>
 		<artifactId>avro-compiler</artifactId>
-		<version>1.7.7</version>
+		<version>1.11.3</version>
 		<exclusions>
 			<exclusion>
 				<groupId>org.xerial.snappy</groupId>

karma-common/src/main/java/edu/isi/karma/imp/avro/AvroImport.java

@@ -15,7 +15,6 @@
 import org.apache.avro.io.EncoderFactory;
 import org.apache.avro.io.JsonEncoder;
 import org.apache.commons.io.IOUtils;
-import org.codehaus.jackson.JsonFactory;
 import org.json.JSONException;
 
 import edu.isi.karma.imp.Import;
@@ -89,17 +88,17 @@ public Worksheet generateWorksheet() throws JSONException, IOException,
 		GenericDatumWriter<GenericRecord> writer = new GenericDatumWriter<>(reader.getSchema());
 		while(reader.hasNext())
 		{
-			
+
 			GenericRecord record = reader.next();
-				JsonEncoder encoder = EncoderFactory.get().jsonEncoder(reader.getSchema(), new JsonFactory().createJsonGenerator(baos)).configure(baos);
+				JsonEncoder encoder = EncoderFactory.get().jsonEncoder(reader.getSchema(), baos).configure(baos);
 				writer.write(record, encoder);
 				encoder.flush();
 				if(reader.hasNext())
 				{
 					baos.write(',');
 				}
-				
-			
+
+
 		}
 		reader.close();
 		baos.write('\n');

karma-jsonld/pom.xml

@@ -19,7 +19,7 @@
         <dependency>
             <groupId>org.json</groupId>
             <artifactId>json</artifactId>
-            <version>20230227</version>
+            <version>20231013</version>
         </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>
@@ -40,6 +40,10 @@
                     <groupId>org.xerial.snappy</groupId>
                     <artifactId>snappy-java</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.apache.avro</groupId>
+                    <artifactId>avro</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>

karma-mr/pom.xml

@@ -183,7 +183,7 @@
         		<hive.version>0.13.0.2.1.3.0-563</hive.version>
         		<es.version>1.4.2</es.version>
         		<es.hadoop.version>2.1.0.Beta2</es.hadoop.version>
-        		<avro.version>1.7.6</avro.version>
+        		<avro.version>1.11.3</avro.version>
     		</properties>
     		<dependencies>
     		<dependency>
@@ -378,7 +378,7 @@
 			<properties>
         		<hadoop.version>2.6.0-cdh5.5.0</hadoop.version>
         		<hive.version>1.1.0-cdh5.5.0</hive.version>
-        		<avro.version>1.7.6-cdh5.5.0</avro.version>
+        		<avro.version>1.11.3-cdh5.5.0</avro.version>
         		<es.version>1.4.4</es.version>
         		<es.hadoop.version>2.1.0.Beta2</es.hadoop.version>
     		</properties>

karma-offline/pom.xml

@@ -56,7 +56,7 @@
 		<dependency>
 			<groupId>org.apache.tika</groupId>
 			<artifactId>tika-parsers</artifactId>
-			<version>1.18</version>
+			<version>1.20</version>
 		</dependency>
 		<dependency>
 			<groupId>jaxen</groupId>

karma-spark/pom.xml

@@ -109,11 +109,6 @@
 		    <artifactId>jsonld-java</artifactId>
 		    <version>0.7.0</version>
 		</dependency>
-		<dependency>
-		    <groupId>org.xerial.snappy</groupId>
-		    <artifactId>snappy-java</artifactId>
-		    <version>1.1.10.0</version>
-		</dependency>
 		<dependency>
 		    <groupId>com.holdenkarau</groupId>
 		    <artifactId>spark-testing-base_2.11</artifactId>

pom.xml

@@ -235,7 +235,7 @@
     <dependency>
     	<groupId>org.json</groupId>
     	<artifactId>json</artifactId>
-    	<version>20230227</version>
+    	<version>20231013</version>
     </dependency>
     <dependency>
     	<groupId>commons-fileupload</groupId>