Revert "[Java] upgrade jar deps to fix cves" (#16889)

This reverts commit 25666fff81.
2025-03-05 10:01:43 -05:00 · 2021-07-06 10:33:31 -07:00 · 2021-07-06 10:33:31 -07:00 · f2308a0cdf
commit f2308a0cdf
parent d4babd69c1
7 changed files with 154 additions and 175 deletions
--- a/java/pom.xml
+++ b/java/pom.xml
@ -67,22 +67,6 @@
    <projetct.version>1.1.0-SNAPSHOT</projetct.version>
  </properties>

-  <dependencyManagement>
-    <dependencies>
-      <dependency>
-        <groupId>org.testng</groupId>
-        <artifactId>testng</artifactId>
-        <version>7.3.0</version>
-        <exclusions>
-          <exclusion>
-            <groupId>org.yaml</groupId>
-            <artifactId>snakeyaml</artifactId>
-          </exclusion>
-        </exclusions>
-      </dependency>
-    </dependencies>
-  </dependencyManagement>
-
  <profiles>
    <profile>
      <id>release</id>
--- a/streaming/java/BUILD.bazel
+++ b/streaming/java/BUILD.bazel
@ -40,28 +40,23 @@ define_java_module(
        "//java:io_ray_ray_api",
        ":io_ray_ray_streaming-state",
        ":io_ray_ray_streaming-api",
-        "@maven//:com_google_guava_guava",
-        "@maven//:org_apache_logging_log4j_log4j_api",
-        "@maven//:org_apache_logging_log4j_log4j_core",
-        "@maven//:org_apache_logging_log4j_log4j_slf4j_impl",
-        "@maven//:org_slf4j_slf4j_api",
-        "@maven//:org_testng_testng",
-        "@maven//:org_yaml_snakeyaml",
+        "@ray_streaming_maven//:com_google_guava_guava",
        "@ray_streaming_maven//:org_apache_commons_commons_lang3",
+        "@ray_streaming_maven//:org_slf4j_slf4j_api",
+        "@ray_streaming_maven//:org_slf4j_slf4j_log4j12",
+        "@ray_streaming_maven//:org_testng_testng",
    ],
    visibility = ["//visibility:public"],
    deps = [
        ":io_ray_ray_streaming-state",
        "//java:io_ray_ray_api",
        "//java:io_ray_ray_runtime",
-        "@maven//:com_google_guava_guava",
-        "@maven//:org_apache_logging_log4j_log4j_api",
-        "@maven//:org_apache_logging_log4j_log4j_core",
-        "@maven//:org_apache_logging_log4j_log4j_slf4j_impl",
-        "@maven//:org_slf4j_slf4j_api",
        "@ray_streaming_maven//:com_google_code_findbugs_jsr305",
        "@ray_streaming_maven//:com_google_code_gson_gson",
+        "@ray_streaming_maven//:com_google_guava_guava",
        "@ray_streaming_maven//:org_apache_commons_commons_lang3",
+        "@ray_streaming_maven//:org_slf4j_slf4j_api",
+        "@ray_streaming_maven//:org_slf4j_slf4j_log4j12",
    ],
 )

@ -70,26 +65,22 @@ define_java_module(
    define_test_lib = True,
    test_deps = [
        ":io_ray_ray_streaming-state",
-        "@maven//:com_google_guava_guava",
-        "@maven//:org_apache_logging_log4j_log4j_api",
-        "@maven//:org_apache_logging_log4j_log4j_core",
-        "@maven//:org_apache_logging_log4j_log4j_slf4j_impl",
-        "@maven//:org_slf4j_slf4j_api",
-        "@maven//:org_testng_testng",
-        "@maven//:de_ruedigermoeller_fst",
-        "@maven//:org_yaml_snakeyaml",
-        "@ray_streaming_maven//:org_apache_commons_commons_lang3",
+        "@ray_streaming_maven//:com_google_guava_guava",
+        "@ray_streaming_maven//:org_slf4j_slf4j_api",
+        "@ray_streaming_maven//:org_slf4j_slf4j_log4j12",
+        "@ray_streaming_maven//:org_testng_testng",
        "@ray_streaming_maven//:org_mockito_mockito_all",
+        "@ray_streaming_maven//:de_ruedigermoeller_fst",
+        "@ray_streaming_maven//:org_apache_commons_commons_lang3",
    ],
    visibility = ["//visibility:public"],
    deps = [
-        "@maven//:com_google_guava_guava",
-        "@maven//:de_ruedigermoeller_fst",
-        "@maven//:org_apache_logging_log4j_log4j_api",
-        "@maven//:org_apache_logging_log4j_log4j_core",
-        "@maven//:org_apache_logging_log4j_log4j_slf4j_impl",
-        "@maven//:org_slf4j_slf4j_api",
+        "@ray_streaming_maven//:com_google_guava_guava",
+        "@ray_streaming_maven//:de_ruedigermoeller_fst",
+        "@ray_streaming_maven//:log4j_log4j",
        "@ray_streaming_maven//:org_apache_commons_commons_lang3",
+        "@ray_streaming_maven//:org_slf4j_slf4j_api",
+        "@ray_streaming_maven//:org_slf4j_slf4j_log4j12",
    ],
 )

@ -118,17 +109,14 @@ define_java_module(
        ":io_ray_ray_streaming-state",
        ":io_ray_ray_streaming-api",
        ":io_ray_ray_streaming-runtime",
-        "@maven//:com_google_guava_guava",
-        "@maven//:de_ruedigermoeller_fst",
-        "@maven//:org_apache_logging_log4j_log4j_api",
-        "@maven//:org_apache_logging_log4j_log4j_core",
-        "@maven//:org_apache_logging_log4j_log4j_slf4j_impl",
-        "@maven//:org_slf4j_slf4j_api",
-        "@maven//:org_testng_testng",
-        "@maven//:org_yaml_snakeyaml",
+        "@ray_streaming_maven//:com_google_guava_guava",
        "@ray_streaming_maven//:com_google_code_findbugs_jsr305",
-        "@ray_streaming_maven//:org_aeonbits_owner_owner",
        "@ray_streaming_maven//:org_apache_commons_commons_lang3",
+        "@ray_streaming_maven//:de_ruedigermoeller_fst",
+        "@ray_streaming_maven//:org_aeonbits_owner_owner",
+        "@ray_streaming_maven//:org_slf4j_slf4j_api",
+        "@ray_streaming_maven//:org_slf4j_slf4j_log4j12",
+        "@ray_streaming_maven//:org_testng_testng",
        "@ray_streaming_maven//:org_mockito_mockito_all",
        "@ray_streaming_maven//:org_powermock_powermock_api_mockito",
        "@ray_streaming_maven//:org_powermock_powermock_module_testng",
@ -139,20 +127,18 @@ define_java_module(
        ":io_ray_ray_streaming-state",
        "//java:io_ray_ray_api",
        "//java:io_ray_ray_runtime",
-        "@maven//:com_google_guava_guava",
-        "@maven//:com_google_protobuf_protobuf_java",
        "@maven//:commons_io_commons_io",
-        "@maven//:de_ruedigermoeller_fst",
-        "@maven//:org_apache_commons_commons_lang3",
-        "@maven//:org_apache_logging_log4j_log4j_api",
-        "@maven//:org_apache_logging_log4j_log4j_core",
-        "@maven//:org_apache_logging_log4j_log4j_slf4j_impl",
-        "@maven//:org_msgpack_msgpack_core",
-        "@maven//:org_slf4j_slf4j_api",
        "@ray_streaming_maven//:com_github_davidmoten_flatbuffers_java",
        "@ray_streaming_maven//:com_google_code_findbugs_jsr305",
+        "@ray_streaming_maven//:com_google_guava_guava",
+        "@ray_streaming_maven//:com_google_protobuf_protobuf_java",
        "@ray_streaming_maven//:commons_collections_commons_collections",
+        "@ray_streaming_maven//:de_ruedigermoeller_fst",
        "@ray_streaming_maven//:org_aeonbits_owner_owner",
+        "@ray_streaming_maven//:org_apache_commons_commons_lang3",
+        "@ray_streaming_maven//:org_msgpack_msgpack_core",
+        "@ray_streaming_maven//:org_slf4j_slf4j_api",
+        "@ray_streaming_maven//:org_slf4j_slf4j_log4j12",
    ],
 )

@ -167,11 +153,10 @@ java_binary(
        ":io_ray_ray_streaming-runtime_test",
        ":io_ray_ray_streaming-state",
        "//java:io_ray_ray_runtime",
-        "@maven//:org_testng_testng",
-        "@maven//:org_yaml_snakeyaml",
        "@ray_streaming_maven//:org_mockito_mockito_all",
        "@ray_streaming_maven//:org_powermock_powermock_api_mockito",
        "@ray_streaming_maven//:org_powermock_powermock_module_testng",
+        "@ray_streaming_maven//:org_testng_testng",
    ],
 )

@ -205,7 +190,6 @@ genrule(
        WORK_DIR="$$(pwd)"
        cp -f $(location //streaming/java:io_ray_ray_streaming-api_pom) "$$WORK_DIR/streaming/java/streaming-api/pom.xml"
        cp -f $(location //streaming/java:io_ray_ray_streaming-runtime_pom) "$$WORK_DIR/streaming/java/streaming-runtime/pom.xml"
-        cp -f $(location //streaming/java:io_ray_ray_streaming-state_pom) "$$WORK_DIR/streaming/java/streaming-state/pom.xml"
        date > $@
    """,
    local = 1,
--- a/streaming/java/dependencies.bzl
+++ b/streaming/java/dependencies.bzl
@ -4,14 +4,24 @@ def gen_streaming_java_deps():
    maven_install(
        name = "ray_streaming_maven",
        artifacts = [
+            "com.google.guava:guava:27.0.1-jre",
            "com.google.code.findbugs:jsr305:3.0.2",
            "com.google.code.gson:gson:2.8.5",
            "com.github.davidmoten:flatbuffers-java:1.9.0.1",
+            "com.google.protobuf:protobuf-java:3.8.0",
            "org.apache.commons:commons-lang3:3.4",
+            "de.ruedigermoeller:fst:2.57",
            "org.aeonbits.owner:owner:1.0.10",
+            "org.slf4j:slf4j-api:1.7.12",
+            "org.slf4j:slf4j-log4j12:1.7.25",
+            "org.apache.logging.log4j:log4j-core:2.8.2",
+            "org.testng:testng:7.3.0",
+            "log4j:log4j:1.2.17",
            "org.mockito:mockito-all:1.10.19",
            "org.apache.commons:commons-lang3:3.3.2",
-            "org.mockito:mockito-all:1.10.19",
+            "org.msgpack:msgpack-core:0.8.20",
+            "org.testng:testng:7.3.0",
+	        "org.mockito:mockito-all:1.10.19",
 	        "org.powermock:powermock-module-testng:1.6.6",
 	        "org.powermock:powermock-api-mockito:1.6.6",
            "commons-collections:commons-collections:3.2.2",
--- a/streaming/java/pom.xml
+++ b/streaming/java/pom.xml
@ -64,7 +64,11 @@
    <java.version>1.8</java.version>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <projetct.version>1.1.0-SNAPSHOT</projetct.version>
+    <slf4j.version>1.7.25</slf4j.version>
+    <log4j.version>1.2.17</log4j.version>
+    <testng.version>7.3.0</testng.version>
    <mockito.version>1.10.19</mockito.version>
+    <guava.version>27.0.1-jre</guava.version>
    <fst.version>2.57</fst.version>
  </properties>
  <profiles>
@ -94,21 +98,28 @@
    </profile>
  </profiles>

-  <dependencyManagement>
-    <dependencies>
-      <dependency>
-        <groupId>org.testng</groupId>
-        <artifactId>testng</artifactId>
-        <version>7.3.0</version>
-        <exclusions>
-          <exclusion>
-            <groupId>org.yaml</groupId>
-            <artifactId>snakeyaml</artifactId>
-          </exclusion>
-        </exclusions>
-      </dependency>
-    </dependencies>
-  </dependencyManagement>
+  <dependencies>
+    <dependency>
+      <groupId>com.google.guava</groupId>
+      <artifactId>guava</artifactId>
+      <version>${guava.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-api</artifactId>
+      <version>${slf4j.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-log4j12</artifactId>
+      <version>${slf4j.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.testng</groupId>
+      <artifactId>testng</artifactId>
+      <version>${testng.version}</version>
+    </dependency>
+  </dependencies>

  <build>
    <pluginManagement>
--- a/streaming/java/streaming-api/pom.xml
+++ b/streaming/java/streaming-api/pom.xml
@ -45,7 +45,7 @@
 <dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
-  <version>30.0-jre</version>
+  <version>27.0.1-jre</version>
 </dependency>
 <dependency>
  <groupId>org.apache.commons</groupId>
@ -53,34 +53,19 @@
  <version>3.4</version>
 </dependency>
 <dependency>
-  <groupId>org.apache.logging.log4j</groupId>
-  <artifactId>log4j-api</artifactId>
-  <version>2.14.0</version>
-</dependency>
-<dependency>
-  <groupId>org.apache.logging.log4j</groupId>
-  <artifactId>log4j-core</artifactId>
-  <version>2.14.0</version>
-</dependency>
-<dependency>
-  <groupId>org.apache.logging.log4j</groupId>
-  <artifactId>log4j-slf4j-impl</artifactId>
-  <version>2.14.0</version>
+  <groupId>org.slf4j</groupId>
+  <artifactId>slf4j-api</artifactId>
+  <version>1.7.25</version>
 </dependency>
 <dependency>
  <groupId>org.slf4j</groupId>
-  <artifactId>slf4j-api</artifactId>
+  <artifactId>slf4j-log4j12</artifactId>
  <version>1.7.25</version>
 </dependency>
 <dependency>
  <groupId>org.testng</groupId>
  <artifactId>testng</artifactId>
  <version>7.3.0</version>
-</dependency>
-<dependency>
-  <groupId>org.yaml</groupId>
-  <artifactId>snakeyaml</artifactId>
-  <version>1.26</version>
 </dependency>
  </dependencies>
 </project>
--- a/streaming/java/streaming-runtime/pom.xml
+++ b/streaming/java/streaming-runtime/pom.xml
@ -62,12 +62,12 @@
 <dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
-  <version>30.0-jre</version>
+  <version>27.0.1-jre</version>
 </dependency>
 <dependency>
  <groupId>com.google.protobuf</groupId>
  <artifactId>protobuf-java</artifactId>
-  <version>3.16.0</version>
+  <version>3.8.0</version>
 </dependency>
 <dependency>
  <groupId>commons-collections</groupId>
@ -94,21 +94,6 @@
  <artifactId>commons-lang3</artifactId>
  <version>3.4</version>
 </dependency>
-<dependency>
-  <groupId>org.apache.logging.log4j</groupId>
-  <artifactId>log4j-api</artifactId>
-  <version>2.14.0</version>
-</dependency>
-<dependency>
-  <groupId>org.apache.logging.log4j</groupId>
-  <artifactId>log4j-core</artifactId>
-  <version>2.14.0</version>
-</dependency>
-<dependency>
-  <groupId>org.apache.logging.log4j</groupId>
-  <artifactId>log4j-slf4j-impl</artifactId>
-  <version>2.14.0</version>
-</dependency>
 <dependency>
  <groupId>org.mockito</groupId>
  <artifactId>mockito-all</artifactId>
@ -134,15 +119,15 @@
  <artifactId>slf4j-api</artifactId>
  <version>1.7.25</version>
 </dependency>
+<dependency>
+  <groupId>org.slf4j</groupId>
+  <artifactId>slf4j-log4j12</artifactId>
+  <version>1.7.25</version>
+</dependency>
 <dependency>
  <groupId>org.testng</groupId>
  <artifactId>testng</artifactId>
  <version>7.3.0</version>
-</dependency>
-<dependency>
-  <groupId>org.yaml</groupId>
-  <artifactId>snakeyaml</artifactId>
-  <version>1.26</version>
 </dependency>
  </dependencies>

--- a/streaming/java/streaming-state/pom.xml
+++ b/streaming/java/streaming-state/pom.xml
@ -1,8 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
-    <!-- This file is auto-generated by Bazel from pom_template.xml, do not modify it. -->
 <project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://maven.apache.org/POM/4.0.0"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <parent>
    <artifactId>ray-streaming</artifactId>
    <groupId>io.ray</groupId>
@ -13,59 +12,80 @@
  <artifactId>streaming-state</artifactId>
  <name>ray streaming state</name>
  <description>ray streaming state</description>
-  <packaging>jar</packaging>
+
+  <dependencyManagement>
+    <dependencies>
+      <dependency>
+        <groupId>org.slf4j</groupId>
+        <artifactId>slf4j-api</artifactId>
+        <version>${slf4j.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.slf4j</groupId>
+        <artifactId>slf4j-log4j12</artifactId>
+        <version>${slf4j.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>log4j</groupId>
+        <artifactId>log4j</artifactId>
+        <version>${log4j.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.testng</groupId>
+        <artifactId>testng</artifactId>
+        <version>${testng.version}</version>
+        <scope>test</scope>
+      </dependency>
+      <dependency>
+        <groupId>org.mockito</groupId>
+        <artifactId>mockito-all</artifactId>
+        <version>${mockito.version}</version>
+        <scope>test</scope>
+      </dependency>
+
+      <dependency>
+        <groupId>com.google.guava</groupId>
+        <artifactId>guava</artifactId>
+        <version>${guava.version}</version>
+      </dependency>
+    </dependencies>
+  </dependencyManagement>

  <dependencies>
    <dependency>
-  <groupId>com.google.guava</groupId>
-  <artifactId>guava</artifactId>
-  <version>30.0-jre</version>
-</dependency>
-<dependency>
-  <groupId>de.ruedigermoeller</groupId>
-  <artifactId>fst</artifactId>
-  <version>2.57</version>
-</dependency>
-<dependency>
-  <groupId>org.apache.commons</groupId>
-  <artifactId>commons-lang3</artifactId>
-  <version>3.4</version>
-</dependency>
-<dependency>
-  <groupId>org.apache.logging.log4j</groupId>
-  <artifactId>log4j-api</artifactId>
-  <version>2.14.0</version>
-</dependency>
-<dependency>
-  <groupId>org.apache.logging.log4j</groupId>
-  <artifactId>log4j-core</artifactId>
-  <version>2.14.0</version>
-</dependency>
-<dependency>
-  <groupId>org.apache.logging.log4j</groupId>
-  <artifactId>log4j-slf4j-impl</artifactId>
-  <version>2.14.0</version>
-</dependency>
-<dependency>
-  <groupId>org.mockito</groupId>
-  <artifactId>mockito-all</artifactId>
-  <version>1.10.19</version>
-</dependency>
-<dependency>
-  <groupId>org.slf4j</groupId>
-  <artifactId>slf4j-api</artifactId>
-  <version>1.7.25</version>
-</dependency>
-<dependency>
-  <groupId>org.testng</groupId>
-  <artifactId>testng</artifactId>
-  <version>7.3.0</version>
-</dependency>
-<dependency>
-  <groupId>org.yaml</groupId>
-  <artifactId>snakeyaml</artifactId>
-  <version>1.26</version>
-</dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-api</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-log4j12</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>log4j</groupId>
+      <artifactId>log4j</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.testng</groupId>
+      <artifactId>testng</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.mockito</groupId>
+      <artifactId>mockito-all</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>de.ruedigermoeller</groupId>
+      <artifactId>fst</artifactId>
+      <version>${fst.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>com.google.guava</groupId>
+      <artifactId>guava</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.commons</groupId>
+      <artifactId>commons-lang3</artifactId>
+      <version>3.3.2</version>
+    </dependency>
  </dependencies>

-</project>
+</project>