Google Git
Sign in
apache / iotdb-extras / HEAD / . / pom.xml
blob: ca88f39563678f72ee20cb7bf8a3b302f8363cfd [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.apache</groupId>
<artifactId>apache</artifactId>
<version>31</version>
</parent>
<groupId>org.apache.iotdb</groupId>
<artifactId>iotdb-extras-parent</artifactId>
<version>2.0.4-SNAPSHOT</version>
<packaging>pom</packaging>
<name>Apache IoTDB Project Extras Parent POM</name>
<description>This is the secondary repository that builds the examples and integration modules for IoTDB.</description>
<modules>
<module>connectors</module>
<module>distributions</module>
<module>iotdb-collector</module>
<module>mybatis-generator</module>
</modules>
<properties>
<!-- Explicitly set a variable used by all dependencies to the IoTDB dependencies, as the
release plugin will not update these on a release -->
<!-- This was the last version to support Java 8 -->
<airlift-units.version>1.7</airlift-units.version>
<airlift.version>206</airlift.version>
<!--airlift-stats.version>235</airlift-stats.version-->
<airline.version>0.9</airline.version>
<!-- This was the last version to support Java 8 -->
<antlr4.version>4.9.3</antlr4.version>
<!-- By default, the argLine is empty-->
<argLine/>
<awaitility.version>4.2.0</awaitility.version>
<boost.include.dir/>
<!-- This was the last version to support Java 8 -->
<caffeine.version>2.9.3</caffeine.version>
<cglib.version>3.3.0</cglib.version>
<checker-qual.version>3.38.0</checker-qual.version>
<cmake.build.type>Release</cmake.build.type>
<commons-cli.version>1.5.0</commons-cli.version>
<commons-codec.version>1.16.0</commons-codec.version>
<commons-csv.version>1.10.0</commons-csv.version>
<commons-io.version>2.14.0</commons-io.version>
<commons-jexl3.version>3.3</commons-jexl3.version>
<commons-lang3.version>3.13.0</commons-lang3.version>
<commons-math3.version>3.6.1</commons-math3.version>
<commons-pool2.version>2.11.1</commons-pool2.version>
<commons.collections4.version>4.4</commons.collections4.version>
<ctest.skip.tests>false</ctest.skip.tests>
<disruptor.version>3.4.4</disruptor.version>
<drill.freemarker.maven.plugin.version>1.21.1</drill.freemarker.maven.plugin.version>
<dropqizard.metrics.version>4.2.19</dropqizard.metrics.version>
<eclipse-collections.version>11.1.0</eclipse-collections.version>
<!-- disable enforcer by default-->
<enforcer.skip>true</enforcer.skip>
<felix.version>5.1.9</felix.version>
<findbugs.jsr305.version>3.0.2</findbugs.jsr305.version>
<flink-shaded-zookeeper-3.version>3.8.1-17.0</flink-shaded-zookeeper-3.version>
<flink.version>1.17.1</flink.version>
<fusesource-mqtt-client.version>1.16</fusesource-mqtt-client.version>
<google.java.format.version>1.22.0</google.java.format.version>
<gson.version>2.10.1</gson.version>
<guava.version>32.1.2-jre</guava.version>
<hadoop.version>3.3.6</hadoop.version>
<hive.version>3.1.3</hive.version>
<httpclient.version>4.5.14</httpclient.version>
<httpcore.version>4.4.16</httpcore.version>
<!--
This is the version of the thrift binary, that we release separately from here:
https://github.com/apache/iotdb-bin-resources/tree/main/iotdb-tools-thrift
-->
<iotdb-tools-thrift.version>0.14.1.0</iotdb-tools-thrift.version>
<iotdb.version>2.0.5</iotdb.version>
<jackson.version>2.16.2</jackson.version>
<!-- This is the last version to support the javax namespace -->
<jakarta.servlet-api.version>4.0.4</jakarta.servlet-api.version>
<!-- This is the last version to support the javax namespace -->
<jakarta.validation-api.version>2.0.2</jakarta.validation-api.version>
<!-- This is the last version to support the javax namespace -->
<jakarta.ws.rs-api.version>2.1.6</jakarta.ws.rs-api.version>
<java-websocket.version>1.5.4</java-websocket.version>
<jcip-annotations.version>1.0-1</jcip-annotations.version>
<!-- This is the last version to support the javax namespace -->
<jersey.version>2.40</jersey.version>
<!-- This was the last version to support Java 8 -->
<jetty.version>9.4.57.v20241219</jetty.version>
<jjwt.version>0.11.5</jjwt.version>
<jline.version>3.23.0</jline.version>
<jna.version>5.14.0</jna.version>
<json-smart.version>2.5.0</json-smart.version>
<jtransforms.version>3.1</jtransforms.version>
<junit.version>4.13.2</junit.version>
<kafka.version>2.8.2</kafka.version>
<!-- This was the last version to support Java 8 -->
<logback.version>1.3.15</logback.version>
<lz4-java.version>1.8.0</lz4-java.version>
<maven.assembly.version>3.6.0</maven.assembly.version>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<micrometer.version>1.11.4</micrometer.version>
<milo.version>0.6.11</milo.version>
<!-- It seems that powermock is having issues with the newest mockito versions -->
<mockito.version>2.23.4</mockito.version>
<!-- This was the last version to support Java 8 -->
<!--mockito.version>4.11.0</mockito.version-->
<moquette.version>0.17</moquette.version>
<netty.version>4.1.97.Final</netty.version>
<nimbus-jose-jwt.version>9.37.2</nimbus-jose-jwt.version>
<oauth2-oidc-sdk.version>10.15</oauth2-oidc-sdk.version>
<!-- This was the last version to support Java 8 -->
<openapi.generator.version>6.6.0</openapi.generator.version>
<orc-core.version>1.9.1</orc-core.version>
<osgi.version>7.0.0</osgi.version>
<pax-jdbc-common.version>1.5.6</pax-jdbc-common.version>
<powermock.version>2.0.9</powermock.version>
<ratis-thirdparty-misc.version>1.0.5</ratis-thirdparty-misc.version>
<!--
This is an unreleased version of a custom branch. The 8-character part after the version number
This is an unreleased version of a custom branch. The 8-character part after the version number
is for ensuring the SNAPSHOT will stay available. We should however have the Ratis folks do a
new release soon, as releasing with this version is more than sub-ideal.
-->
<ratis.version>3.1.0-a6a21d5-SNAPSHOT</ratis.version>
<reactive-streams.version>1.0.4</reactive-streams.version>
<reactor-netty.version>1.1.13</reactor-netty.version>
<reactor.version>3.5.10</reactor.version>
<reflections.version>0.10.2</reflections.version>
<rocketmq-client.version>5.1.3</rocketmq-client.version>
<scala.library.version>2.12.19</scala.library.version>
<scala.version>2.12</scala.version>
<!-- Newer version requires refactoring of testsuite -->
<scalatest.version>3.0.9</scalatest.version>
<slf4j.version>2.0.9</slf4j.version>
<snappy-java.version>1.1.10.4</snappy-java.version>
<sonar.coverage.jacoco.xmlReportPaths>target/jacoco-merged-reports/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
<!-- Exclude all generated code -->
<sonar.exclusions>**/generated-sources</sonar.exclusions>
<!-- URL of the ASF SonarQube server -->
<sonar.host.url>https://sonarcloud.io</sonar.host.url>
<sonar.java.checkstyle.reportPaths>target/checkstyle-report.xml</sonar.java.checkstyle.reportPaths>
<sonar.junit.reportPaths>target/surefire-reports,target/failsafe-reports</sonar.junit.reportPaths>
<sonar.organization>apache</sonar.organization>
<spark-scala.2.11.version>2.4.8</spark-scala.2.11.version>
<spark-scala.2.12.version>3.5.0</spark-scala.2.12.version>
<!-- Override this to `true`, if you want to disable spotless -->
<spotless.skip>false</spotless.skip>
<spotless.version>2.43.0</spotless.version>
<!-- This is the matching version of spring-boot for spring 5.3.30 -->
<spring-boot.version>2.7.18</spring-boot.version>
<!-- This is the last version to support the javax namespace -->
<spring.version>5.3.39</spring.version>
<sqlite.version>3.49.1.0</sqlite.version>
<!-- This was the last version to support Java 8 -->
<swagger.version>1.6.14</swagger.version>
<thrift.exec-cmd.executable>chmod</thrift.exec-cmd.executable>
<thrift.exec.absolute.path/>
<!--
Thrift 0.17.0 was the last version that could be used in Java 8 applications,
However Thrift 0.17.0 has an invalid entry in the META-INF/MANIFEST.mf file.
All versions between 0.17.0 and 0.14.1 have know vulnerabilities, so for now
we'll stay at 0.14.1.
-->
<thrift.version>0.14.1</thrift.version>
<!-- This was the last version to support Java 8 -->
<tomcat.version>9.0.86</tomcat.version>
<tsfile.version>2.1.1</tsfile.version>
<xz.version>1.9</xz.version>
<zeppelin.version>0.11.1</zeppelin.version>
<zstd-jni.version>1.5.5-5</zstd-jni.version>
</properties>
<!--
if we claim dependencies in dependencyManagement, then we do not claim
their version in subproject's pom, but we have to claim themselves again
in subprojects
-->
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot</artifactId>
<version>${spring-boot.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-autoconfigure</artifactId>
<version>${spring-boot.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${slf4j.version}</version>
</dependency>
<dependency>
<groupId>org.apache.thrift</groupId>
<artifactId>libthrift</artifactId>
<version>${thrift.version}</version>
<exclusions>
<!-- Seemed suspicious to have this dependency in -->
<exclusion>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
</exclusion>
<!-- We don't want the old javax packages -->
<exclusion>
<groupId>javax.annotation</groupId>
<artifactId>javax.annotation-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>${commons-lang3.version}</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>${junit.version}</version>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>${mockito.version}</version>
</dependency>
<dependency>
<groupId>org.osgi</groupId>
<artifactId>osgi.cmpn</artifactId>
<version>${osgi.version}</version>
</dependency>
<dependency>
<groupId>org.apache.flink</groupId>
<artifactId>flink-clients</artifactId>
<version>${flink.version}</version>
</dependency>
<dependency>
<groupId>org.apache.flink</groupId>
<artifactId>flink-core</artifactId>
<version>${flink.version}</version>
</dependency>
<dependency>
<groupId>org.apache.flink</groupId>
<artifactId>flink-hadoop-fs</artifactId>
<version>${flink.version}</version>
</dependency>
<dependency>
<groupId>org.apache.flink</groupId>
<artifactId>flink-java</artifactId>
<version>${flink.version}</version>
</dependency>
<dependency>
<groupId>org.apache.flink</groupId>
<artifactId>flink-streaming-java</artifactId>
<version>${flink.version}</version>
<exclusions>
<!-- This dependency pulls in loads of duplicate versions of all sorts of libraries -->
<exclusion>
<groupId>org.apache.flink</groupId>
<artifactId>flink-shaded-zookeeper-3</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.flink</groupId>
<artifactId>flink-table-api-java-bridge</artifactId>
<version>${flink.version}</version>
</dependency>
<dependency>
<groupId>org.apache.flink</groupId>
<artifactId>flink-table-common</artifactId>
<version>${flink.version}</version>
</dependency>
<dependency>
<groupId>org.apache.flink</groupId>
<artifactId>flink-table-test-utils</artifactId>
<version>${flink.version}</version>
</dependency>
<dependency>
<groupId>org.apache.flink</groupId>
<artifactId>flink-shaded-zookeeper-3</artifactId>
<version>${flink-shaded-zookeeper-3.version}</version>
</dependency>
<dependency>
<groupId>org.apache.flink</groupId>
<artifactId>flink-table-api-java</artifactId>
<version>${flink.version}</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>${guava.version}</version>
</dependency>
<dependency>
<groupId>org.java-websocket</groupId>
<artifactId>Java-WebSocket</artifactId>
<version>${java-websocket.version}</version>
</dependency>
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
<version>${findbugs.jsr305.version}</version>
</dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-client</artifactId>
<version>${hadoop.version}</version>
<exclusions>
<exclusion>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-common</artifactId>
<version>${hadoop.version}</version>
<exclusions>
<!-- This is a fork of log4j 1, and it duplicates all sorts of classes -->
<exclusion>
<groupId>ch.qos.reload4j</groupId>
<artifactId>reload4j</artifactId>
</exclusion>
<!-- This is a fork of log4j 1, and it duplicates all sorts of classes -->
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-reload4j</artifactId>
</exclusion>
<!-- Multiple CVEs reported for this, however we are not using Log4j -->
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
<exclusion>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
</exclusion>
<exclusion>
<groupId>javax.ws.rs</groupId>
<artifactId>jsr311-api</artifactId>
</exclusion>
<exclusion>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-server</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-client-runtime</artifactId>
<version>${hadoop.version}</version>
<exclusions>
<!-- This is a fork of log4j 1, and it duplicates all sorts of classes -->
<exclusion>
<groupId>ch.qos.reload4j</groupId>
<artifactId>reload4j</artifactId>
</exclusion>
<!-- This is a fork of log4j 1, and it duplicates all sorts of classes -->
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-reload4j</artifactId>
</exclusion>
<!-- Multiple CVEs reported for this, however we are not using Log4j -->
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-mapreduce-client-core</artifactId>
<version>${hadoop.version}</version>
<exclusions>
<!-- This is a fork of log4j 1, and it duplicates all sorts of classes -->
<exclusion>
<groupId>ch.qos.reload4j</groupId>
<artifactId>reload4j</artifactId>
</exclusion>
<!-- This is a fork of log4j 1, and it duplicates all sorts of classes -->
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-reload4j</artifactId>
</exclusion>
<exclusion>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
</exclusion>
<exclusion>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-server</artifactId>
</exclusion>
<!-- Multiple CVEs are reported for this version, but we're using a newer version -->
<exclusion>
<groupId>io.netty</groupId>
<artifactId>netty</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>${gson.version}</version>
</dependency>
<dependency>
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<version>${jakarta.servlet-api.version}</version>
</dependency>
<dependency>
<groupId>org.apache.hive</groupId>
<artifactId>hive-exec</artifactId>
<version>${hive.version}</version>
<!-- Using the default adds a shaded version with loads of duplicate classes -->
<classifier>core</classifier>
<exclusions>
<!-- This seems to only be available in a version with included protobuf and slf4j -->
<exclusion>
<groupId>org.apache.calcite.avatica</groupId>
<artifactId>avatica</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-1.2-api</artifactId>
</exclusion>
<exclusion>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
</exclusion>
<!-- There is no way on earth that I can imagine that ivy is really needed (CVEs reported) -->
<exclusion>
<groupId>org.apache.ivy</groupId>
<artifactId>ivy</artifactId>
</exclusion>
<!-- There is no way on earth that I can imagine that ivy is really needed (CVEs reported) -->
<exclusion>
<groupId>org.apache.ant</groupId>
<artifactId>ant</artifactId>
</exclusion>
<!-- CVEs reported, but most probably not needed -->
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</exclusion>
<!-- CVEs reported, but most probably not needed -->
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
</exclusion>
<!-- CVEs reported, but most probably not needed -->
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
<!-- CVEs reported, but most probably not needed -->
<exclusion>
<groupId>com.cedarsoftware</groupId>
<artifactId>json-io</artifactId>
</exclusion>
<!-- CVEs reported, but most probably not needed -->
<exclusion>
<groupId>org.apache.calcite</groupId>
<artifactId>calcite-core</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.hive</groupId>
<artifactId>hive-serde</artifactId>
<version>${hive.version}</version>
<exclusions>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-slf4j-impl</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.hive</groupId>
<artifactId>hive-common</artifactId>
<version>${hive.version}</version>
<exclusions>
<exclusion>
<groupId>org.javolution</groupId>
<artifactId>javolution</artifactId>
</exclusion>
<exclusion>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-1.2-api</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-slf4j-impl</artifactId>
</exclusion>
<!-- There is no way on earth that I can imagine that ivy is really needed (CVEs reported) -->
<exclusion>
<groupId>org.apache.ant</groupId>
<artifactId>ant</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.spark</groupId>
<artifactId>spark-core_2.11</artifactId>
<version>${spark-scala.2.11.version}</version>
<exclusions>
<exclusion>
<groupId>ch.qos.reload4j</groupId>
<artifactId>reload4j</artifactId>
</exclusion>
<exclusion>
<groupId>javax.activation</groupId>
<artifactId>activation</artifactId>
</exclusion>
<exclusion>
<groupId>javax.ws.rs</groupId>
<artifactId>javax.ws.rs-api</artifactId>
</exclusion>
<exclusion>
<groupId>org.glassfish.hk2.external</groupId>
<artifactId>javax.inject</artifactId>
</exclusion>
<exclusion>
<groupId>org.glassfish.hk2.external</groupId>
<artifactId>aopalliance-repackaged</artifactId>
</exclusion>
<exclusion>
<groupId>org.glassfish.hk2.external</groupId>
<artifactId>jakarta.inject</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-reload4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.spark-project.spark</groupId>
<artifactId>unused</artifactId>
</exclusion>
<!-- There is no way on earth that I can imagine that ivy is really needed (CVEs reported) -->
<exclusion>
<groupId>org.apache.ivy</groupId>
<artifactId>ivy</artifactId>
</exclusion>
<!-- CVEs reported, but most probably not needed -->
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
<!-- Multiple CVEs are reported for this version, but we're using a newer version -->
<exclusion>
<groupId>io.netty</groupId>
<artifactId>netty</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.spark</groupId>
<artifactId>spark-sql_2.11</artifactId>
<version>${spark-scala.2.11.version}</version>
<exclusions>
<exclusion>
<groupId>org.spark-project.spark</groupId>
<artifactId>unused</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.spark</groupId>
<artifactId>spark-catalyst_2.11</artifactId>
<version>${spark-scala.2.11.version}</version>
<exclusions>
<exclusion>
<groupId>org.spark-project.spark</groupId>
<artifactId>unused</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.spark</groupId>
<artifactId>spark-core_2.12</artifactId>
<version>${spark-scala.2.12.version}</version>
<exclusions>
<!-- There is no way on earth that I can imagine that ivy is really needed (CVEs reported) -->
<exclusion>
<groupId>org.apache.ivy</groupId>
<artifactId>ivy</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.spark</groupId>
<artifactId>spark-common-utils_2.12</artifactId>
<version>${spark-scala.2.12.version}</version>
<exclusions>
<!-- We don't want this in the classpath as we're using logback as provider -->
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-slf4j2-impl</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.spark</groupId>
<artifactId>spark-sql_2.12</artifactId>
<version>${spark-scala.2.12.version}</version>
</dependency>
<dependency>
<groupId>org.apache.spark</groupId>
<artifactId>spark-catalyst_2.12</artifactId>
<version>${spark-scala.2.12.version}</version>
</dependency>
<dependency>
<groupId>org.apache.spark</groupId>
<artifactId>spark-sql-api_2.12</artifactId>
<version>${spark-scala.2.12.version}</version>
</dependency>
<dependency>
<groupId>org.scala-lang</groupId>
<artifactId>scala-library</artifactId>
<version>${scala.library.version}</version>
</dependency>
<dependency>
<groupId>org.scalatest</groupId>
<artifactId>scalatest_2.11</artifactId>
<version>${scalatest.version}</version>
</dependency>
<dependency>
<groupId>org.scalatest</groupId>
<artifactId>scalatest_2.12</artifactId>
<version>${scalatest.version}</version>
</dependency>
<dependency>
<groupId>org.scalactic</groupId>
<artifactId>scalactic_2.12</artifactId>
<version>3.0.9</version>
</dependency>
<dependency>
<groupId>org.scalactic</groupId>
<artifactId>scalactic_2.11</artifactId>
<version>${scalatest.version}</version>
</dependency>
<dependency>
<groupId>org.apache.zeppelin</groupId>
<artifactId>zeppelin-interpreter</artifactId>
<version>${zeppelin.version}</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
</exclusion>
<!-- CVEs reported, but most probably not needed -->
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.eclipse.milo</groupId>
<artifactId>stack-core</artifactId>
<version>${milo.version}</version>
<exclusions>
<exclusion>
<groupId>com.sun.activation</groupId>
<artifactId>jakarta.activation</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.eclipse.milo</groupId>
<artifactId>sdk-core</artifactId>
<version>${milo.version}</version>
<exclusions>
<exclusion>
<groupId>com.sun.activation</groupId>
<artifactId>jakarta.activation</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.eclipse.milo</groupId>
<artifactId>stack-server</artifactId>
<version>${milo.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.milo</groupId>
<artifactId>sdk-server</artifactId>
<version>${milo.version}</version>
<exclusions>
<exclusion>
<groupId>com.sun.activation</groupId>
<artifactId>jakarta.activation</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${httpclient.version}</version>
</dependency>
<dependency>
<groupId>org.apache.rocketmq</groupId>
<artifactId>rocketmq-client</artifactId>
<version>${rocketmq-client.version}</version>
</dependency>
<dependency>
<groupId>org.fusesource.mqtt-client</groupId>
<artifactId>mqtt-client</artifactId>
<version>${fusesource-mqtt-client.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>${logback.version}</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>${logback.version}</version>
</dependency>
<dependency>
<groupId>com.rabbitmq</groupId>
<artifactId>amqp-client</artifactId>
<version>5.18.0</version>
</dependency>
<dependency>
<groupId>io.swagger</groupId>
<artifactId>swagger-annotations</artifactId>
<version>${swagger.version}</version>
</dependency>
<dependency>
<groupId>io.swagger</groupId>
<artifactId>swagger-models</artifactId>
<version>${swagger.version}</version>
</dependency>
<dependency>
<groupId>io.swagger</groupId>
<artifactId>swagger-jaxrs</artifactId>
<version>${swagger.version}</version>
<exclusions>
<exclusion>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
</exclusion>
<exclusion>
<groupId>javax.ws.rs</groupId>
<artifactId>jsr311-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.jaxrs</groupId>
<artifactId>jackson-jaxrs-json-provider</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-jsr310</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>jakarta.validation</groupId>
<artifactId>jakarta.validation-api</artifactId>
<version>${jakarta.validation-api.version}</version>
</dependency>
<dependency>
<groupId>jakarta.ws.rs</groupId>
<artifactId>jakarta.ws.rs-api</artifactId>
<version>${jakarta.ws.rs-api.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.media</groupId>
<artifactId>jersey-media-multipart</artifactId>
<version>${jersey.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
<version>${jetty.version}</version>
<exclusions>
<exclusion>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-servlet</artifactId>
<version>${jetty.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-http</artifactId>
<version>${jetty.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-util</artifactId>
<version>${jetty.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.containers</groupId>
<artifactId>jersey-container-servlet-core</artifactId>
<version>${jersey.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.inject</groupId>
<artifactId>jersey-hk2</artifactId>
<version>${jersey.version}</version>
</dependency>
<dependency>
<groupId>com.lmax</groupId>
<artifactId>disruptor</artifactId>
<version>${disruptor.version}</version>
</dependency>
<dependency>
<groupId>org.xerial</groupId>
<artifactId>sqlite-jdbc</artifactId>
<version>${sqlite.version}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-collections4</artifactId>
<version>${commons.collections4.version}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
<version>${commons-pool2.version}</version>
</dependency>
<dependency>
<groupId>org.apache.tsfile</groupId>
<artifactId>tsfile</artifactId>
<version>${tsfile.version}</version>
</dependency>
<dependency>
<groupId>org.apache.tsfile</groupId>
<artifactId>common</artifactId>
<version>${tsfile.version}</version>
</dependency>
<dependency>
<groupId>net.java.dev.jna</groupId>
<artifactId>jna</artifactId>
<version>${jna.version}</version>
</dependency>
<dependency>
<groupId>net.java.dev.jna</groupId>
<artifactId>jna-platform</artifactId>
<version>${jna.version}</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>${commons-io.version}</version>
</dependency>
<dependency>
<groupId>com.github.luben</groupId>
<artifactId>zstd-jni</artifactId>
<version>${zstd-jni.version}</version>
</dependency>
<dependency>
<groupId>com.github.ben-manes.caffeine</groupId>
<artifactId>caffeine</artifactId>
<version>${caffeine.version}</version>
</dependency>
<dependency>
<groupId>io.moquette</groupId>
<artifactId>moquette-broker</artifactId>
<version>${moquette.version}</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>${commons-codec.version}</version>
</dependency>
<dependency>
<groupId>org.apache.iotdb</groupId>
<artifactId>service-rpc</artifactId>
<version>${iotdb.version}</version>
</dependency>
<dependency>
<groupId>org.apache.iotdb</groupId>
<artifactId>iotdb-thrift-commons</artifactId>
<version>${iotdb.version}</version>
</dependency>
<dependency>
<groupId>org.apache.iotdb</groupId>
<artifactId>pipe-api</artifactId>
<version>${iotdb.version}</version>
</dependency>
<dependency>
<groupId>org.apache.iotdb</groupId>
<artifactId>iotdb-thrift</artifactId>
<version>${iotdb.version}</version>
</dependency>
<dependency>
<groupId>org.apache.iotdb</groupId>
<artifactId>iotdb-session</artifactId>
<version>${iotdb.version}</version>
</dependency>
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
<version>${kafka.version}</version>
</dependency>
<!-- Conflict:
json-smart (pulls in 9.3),
cglib (pulls in 7.1)
-
<dependency>
<groupId>org.ow2.asm</groupId>
<artifactId>asm</artifactId>
<version>9.3</version>
</dependency>
<!- - Conflict:
guava (pulls in 2.18.0),
caffeine (pulls in 2.10.0)
- ->
<dependency>
<groupId>com.google.errorprone</groupId>
<artifactId>error_prone_annotations</artifactId>
<version>2.18.0</version>
</dependency>
<!- - Conflict:
jackson-json-provider (pulls in 2.15.2),
jackson-databind (pulls in 2.15.2),
jackson-databind-jsd310 (pulls in 2.15.2),
swagger-jaxrs (pulls in 2.14.2)
- ->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>${jackson.version}</version>
</dependency>
<!- - Conflict:
jackson-dataformat-yaml (pulls in 1.33),
swagger-core (pulls in 2.ß),
swagger-jaxrs (pulls in 2.0)
- ->
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>2.0</version>
</dependency>
<!- - Conflict:
flink-core (pulls in 2.24.0)
chill-java (pulls in 2.21)
- ->
<dependency>
<groupId>com.esotericsoftware.kryo</groupId>
<artifactId>kryo</artifactId>
<version>2.24.0</version>
</dependency>
<!- - Conflict:
hadoop-common (pulls in 4.2.1)
woodstox-core (pulls in 4.2)
- ->
<dependency>
<groupId>org.codehaus.woodstox</groupId>
<artifactId>stax2-api</artifactId>
<version>4.2.1</version>
</dependency>
<!- - Conflict:
hadoop-mapreduce-client-core (pulls in 2.2.11)
jersey-json (pulls in 2.2.2)
- ->
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.2.11</version>
</dependency>
<!- - Conflict:
hadoop-mapreduce-client-core (pulls in 1.21)
hadoop-common (pulls in 1.21)
avro (pulls in 1.4.1)
- ->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId>
<version>1.26.0</version>
</dependency>
<!- - Conflict:
hadoop-mapreduce-client-core (pulls in 4.0 and 3.0)
- ->
<dependency>
<groupId>com.google.inject.extensions</groupId>
<artifactId>guice-servlet</artifactId>
<version>4.0</version>
</dependency>
<!- - Conflict:
hadoop-mapreduce-client-core (pulls in 9.4.51.v20230217)
hadoop-common (pulls in 9.4.52.v20230823)
- ->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-io</artifactId>
<version>9.4.52.v20230823</version>
</dependency>
<!- - Conflict:
hadoop-common (pulls in 1.2 and 1.1.3)
- ->
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
<!- - Conflict:
hadoop-mapreduce-client-core (pulls in 3.0 and 4.0)
- ->
<dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
<version>4.0</version>
</dependency>
<!- - Conflict:
hadoop-mapreduce-client-core (pulls in 2.12.7 and 2.15.2)
- ->
<dependency>
<groupId>com.fasterxml.jackson.module</groupId>
<artifactId>jackson-module-jaxb-annotations</artifactId>
<version>2.15.2</version>
</dependency>
<!- - Conflict:
hadoop-common (pulls in 1.9 and 1.10.0)
- ->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-text</artifactId>
<version>1.10.0</version>
</dependency>
<!- - Conflict:
hadoop-mapreduce-client-core (pulls in 1.2.2)
hadoop-common (pulls in 1.2.1)
- ->
<dependency>
<groupId>jakarta.activation</groupId>
<artifactId>jakarta.activation-api</artifactId>
<version>1.2.2</version>
</dependency>
<!- - Conflict:
spring-boot (pulls in 5.3.19)
everything else (pulls in 5.3.30)
- ->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>5.3.30</version>
</dependency>
<!- - Conflict:
hive-exec (pulls in 3.3.6 and 3.1.0)
hadoop-common (pulls in 3.3.6)
- ->
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-auth</artifactId>
<version>${hadoop.version}</version>
</dependency>
<!- - Conflict:
hive-exec (pulls in 3.3.6 and 3.1.0)
hive-connector (pulls in 3.3.6)
- ->
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-yarn-api</artifactId>
<version>${hadoop.version}</version>
</dependency>
<!- - Conflict:
hive-exec (pulls in 3.3.6 and 3.1.0)
hadoop-mapreduce-client-core (pulls in 3.3.6)
hadoop-mapreduce-client-core (pulls in 3.3.6)
- ->
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-yarn-common</artifactId>
<version>${hadoop.version}</version>
</dependency>
<!- - Conflict:
hive-serde (pulls in 3.1.0)
hadoop-mapreduce-client-core (pulls in 3.3.6)
- ->
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-yarn-server-resourcemanager</artifactId>
<version>${hadoop.version}</version>
</dependency>
<!- - Conflict:
hive-exec (pulls in 3.3.6 and 3.1.0)
hadoop-common (pulls in 3.3.6)
hadoop-mapreduce-client-core (pulls in 3.3.6)
- ->
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-annotations</artifactId>
<version>${hadoop.version}</version>
</dependency>
<!- - Conflict:
hive-serde (pulls in 1.5.4)
hadoop-common (puss in 1.1)
- ->
<dependency>
<groupId>org.codehaus.jettison</groupId>
<artifactId>jettison</artifactId>
<version>1.5.4</version>
</dependency>
<!- - Conflict:
hive-common (pulls in 9.3.20.v20170531)
hadoop-mapreduce-client-core (pulls in 9.4.51.v20230217)
- ->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-client</artifactId>
<version>9.4.51.v20230217</version>
</dependency>
<!- - Conflict:
hadoop-common (pulls in 3.6.3)
hive-exe (pulls in 3.4.6 and 3.6.3)
hive-serde (pulls in 3.4.6 and 3.6.3)
- ->
<dependency>
<groupId>org.apache.zookeeper</groupId>
<artifactId>zookeeper</artifactId>
<version>3.7.2</version>
</dependency>
<!- - Conflict:
hive-common (pulls in 9.3.20.v20170531)
hadoop-common (pulls in 9.4.51.v20230217)
- ->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-webapp</artifactId>
<version>9.4.51.v20230217</version>
</dependency>
<!- - Conflict:
hive-serde (pulls in 1.8.2)
hadoop-mapreduce-client-core (pulls in 1.7.7)
hadoop-common (pulls in 1.7.7)
- ->
<dependency>
<groupId>org.apache.avro</groupId>
<artifactId>avro</artifactId>
<version>1.11.3</version>
<exclusions>
<!- - Jackson moved from codehaus to fasterxml and is now the new version - ->
<exclusion>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-core-asl</artifactId>
</exclusion>
<exclusion>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
</exclusion>
</exclusions>
</dependency>
<!- - Security Issue:
avro-mapred (pulls in vulnerable version of jackson)
- ->
<dependency>
<groupId>org.apache.avro</groupId>
<artifactId>avro-mapred</artifactId>
<version>1.8.2</version>
<classifier>hadoop2</classifier>
<exclusions>
<!- - Jackson moved from codehaus to fasterxml and is now the new version - ->
<exclusion>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-core-asl</artifactId>
</exclusion>
<exclusion>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
</exclusion>
</exclusions>
</dependency>
<!- - Security Issue:
parquet-hadoop (pulls in vulnerable version of jackson)
- ->
<dependency>
<groupId>org.apache.parquet</groupId>
<artifactId>parquet-hadoop</artifactId>
<version>1.10.1</version>
<exclusions>
<!- - Jackson moved from codehaus to fasterxml and is now the new version and for the codehaus
version CVEs were reported - ->
<exclusion>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-core-asl</artifactId>
</exclusion>
<exclusion>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
</exclusion>
</exclusions>
</dependency>
<!- - Conflict:
hive-serde (pulls in 9.4.51.v20230217)
hive-common (pulls in 9.4.52.v20230823)
- ->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-util-ajax</artifactId>
<version>${jetty.version}</version>
</dependency>
<!- - Conflict:
hive-serde (pulls in 2.12.0)
hadoop-common (pulls in 5.2.0)
- ->
<dependency>
<groupId>org.apache.curator</groupId>
<artifactId>curator-framework</artifactId>
<version>5.2.0</version>
</dependency>
<!- - Conflict:
hive-exec (pulls in 5.2.0 and 2.12.0)
hadoop-common (pulls in 5.2.0)
- ->
<dependency>
<groupId>org.apache.curator</groupId>
<artifactId>curator-recipes</artifactId>
<version>5.2.0</version>
</dependency>
<!- - Conflict:
hive-exec (pulls in 5.2.0 and 2.12.0)
hadoop-common (pulls in 5.2.0)
- ->
<dependency>
<groupId>org.apache.curator</groupId>
<artifactId>curator-client</artifactId>
<version>5.2.0</version>
</dependency>
<!- - Conflict:
hive-serde (pulls in 1.2.22)
hadoop-mapreduce-client-core (pulls in 1.2.22 and 1.2.19)
- ->
<dependency>
<groupId>ch.qos.reload4j</groupId>
<artifactId>reload4j</artifactId>
<version>1.2.22</version>
</dependency>
<!- - Conflict:
hive-exec (pulls in 2.8.1)
hive-serde (pulls in 2.9.9)
hive-common (pulls in 2.9.9)
- ->
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
<version>2.9.9</version>
</dependency>
<!- - Conflict:
hive-exec (pulls in 3.9.0 and 3.6)
hadoop-common (pulls in 3.9.0)
- ->
<dependency>
<groupId>commons-net</groupId>
<artifactId>commons-net</artifactId>
<version>3.9.0</version>
</dependency>
<!- - Conflict:
hive-exec (pulls in 3.5.2 and 3.3)
- ->
<dependency>
<groupId>org.antlr</groupId>
<artifactId>antlr-runtime</artifactId>
<version>3.5.2</version>
</dependency>
<!- - Security Issue:
hadoop-mapreduce-client-core (pulls in vulnerable version)
- ->
<dependency>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-stdlib</artifactId>
<version>1.9.10</version>
</dependency>
<dependency>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-stdlib-common</artifactId>
<version>1.9.10</version>
</dependency>
<dependency>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-stdlib-jdk7</artifactId>
<version>1.9.10</version>
</dependency>
<dependency>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-stdlib-jdk8</artifactId>
<version>1.9.10</version>
</dependency>
<!- - Security Issue:
hadoop-mapreduce-client-core (pulls in vulnerable version)
- ->
<dependency>
<groupId>com.squareup.okio</groupId>
<artifactId>okio</artifactId>
<version>3.5.0</version>
</dependency>
<!- - Security Issue:
hadoop-mapreduce-client-core (pulls in vulnerable version)
- ->
<dependency>
<groupId>com.google.protobuf</groupId>
<artifactId>protobuf-java</artifactId>
<version>3.24.3</version>
</dependency>
<dependency>
<groupId>com.google.protobuf</groupId>
<artifactId>protobuf-java-util</artifactId>
<version>3.24.3</version>
</dependency>
<!- - Security Issue:
hive-exec (pulls in vulnerable version)
- ->
<dependency>
<groupId>org.codehaus.janino</groupId>
<artifactId>janino</artifactId>
<version>3.1.10</version>
</dependency>
<dependency>
<groupId>org.codehaus.janino</groupId>
<artifactId>commons-compiler</artifactId>
<version>3.1.10</version>
</dependency>
<!- - Security Issue:
zeppelin-interpreter (pulls in vulnerable version)
- ->
<dependency>
<groupId>io.atomix</groupId>
<artifactId>atomix</artifactId>
<version>3.1.12</version>
</dependency>
<dependency>
<groupId>io.atomix</groupId>
<artifactId>atomix-primitive</artifactId>
<version>3.1.12</version>
</dependency>
<dependency>
<groupId>io.atomix</groupId>
<artifactId>atomix-storage</artifactId>
<version>3.1.12</version>
</dependency>
<dependency>
<groupId>io.atomix</groupId>
<artifactId>atomix-cluster</artifactId>
<version>3.1.12</version>
</dependency>
<dependency>
<groupId>io.atomix</groupId>
<artifactId>atomix-utils</artifactId>
<version>3.1.12</version>
</dependency>
<dependency>
<groupId>io.atomix</groupId>
<artifactId>atomix-raft</artifactId>
<version>3.1.12</version>
</dependency>
<!- - Security Issue:
zeppelin-interpreter (pulls in vulnerable version)
- ->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-configuration2</artifactId>
<version>2.10.1</version>
</dependency>
<dependency>
<groupId>org.apache.orc</groupId>
<artifactId>orc-core</artifactId>
<version>${orc-core.version}</version>
</dependency>
<dependency>
<groupId>org.apache.orc</groupId>
<artifactId>orc-core</artifactId>
<version>${orc-core.version}</version>
<classifier>nohive</classifier>
</dependency>
<dependency>
<groupId>org.apache.orc</groupId>
<artifactId>orc-mapreduce</artifactId>
<version>${orc-core.version}</version>
</dependency>
<dependency>
<groupId>org.apache.orc</groupId>
<artifactId>orc-mapreduce</artifactId>
<version>${orc-core.version}</version>
<classifier>nohive</classifier>
</dependency>
<dependency>
<groupId>org.apache.orc</groupId>
<artifactId>orc-shims</artifactId>
<version>${orc-core.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.inject</groupId>
<artifactId>jersey-hk2</artifactId>
<version>${jersey.version}</version>
</dependency-->
</dependencies>
</dependencyManagement>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.5.0</version>
<configuration>
<excludePackageNames>*thrift*</excludePackageNames>
<!--
This will suppress the generation of a hidden timestamp at the top of each generated html page
and hopefully let the site generation nod to too big updates every time.
-->
<notimestamp>true</notimestamp>
<!--Don't
fail the build, just because there were issues in the JavaDoc generation.-->
<failOnError>false</failOnError>
</configuration>
</plugin>
<!--
We need to increase the memory available to tests as we were
getting out-of-memory errors when building on windows machines.
-->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.1.2</version>
<configuration>
<argLine>${argLine} -Xmx1024m</argLine>
</configuration>
</plugin>
<!--
Plugin for doing the code analysis.
-->
<plugin>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>3.9.1.2184</version>
</plugin>
<plugin>
<groupId>org.apache.rat</groupId>
<artifactId>apache-rat-plugin</artifactId>
<version>0.16.1</version>
<configuration>
<consoleOutput>true</consoleOutput>
<excludes>
<!-- Git related files -->
<exclude>**/.git/**</exclude>
<exclude>**/.mvn/**</exclude>
<exclude>**/.gitignore</exclude>
<!-- Maven related files -->
<exclude>**/target/**</exclude>
<!-- Eclipse related files -->
<exclude>**/.project</exclude>
<exclude>**/.settings/**</exclude>
<exclude>**/.classpath</exclude>
<!-- IntelliJ related files -->
<exclude>**/.idea/**</exclude>
<exclude>**/*.iml</exclude>
<!-- Exclude CVS files -->
<exclude>**/*.cvs</exclude>
<!-- generated by Github -->
<exclude>**/.github/**</exclude>
<!-- figures -->
<exclude>**/.eps</exclude>
<exclude>**/.png</exclude>
<exclude>**/.jpg</exclude>
<exclude>**/.jpeg</exclude>
<!--Generated
by Apache Release -->
<exclude>local-snapshots-dir/**</exclude>
<!-- visualization plans -->
<exclude>**/*.plan</exclude>
<exclude>**/NOTICE-binary</exclude>
<exclude>**/LICENSE-binary</exclude>
<!-- json does not support comments-->
<exclude>**/*.json</exclude>
<!-- the zeppelin export file format-->
<exclude>**/*.zpln</exclude>
<!-- exclude go.mod, go.sum submodule-->
<exclude>**/go.mod</exclude>
<exclude>**/go.sum</exclude>
<!-- grafana plugin -->
<exclude>**/yarn.lock</exclude>
<exclude>licenses/**</exclude>
</excludes>
</configuration>
</plugin>
<plugin>
<groupId>com.diffplug.spotless</groupId>
<artifactId>spotless-maven-plugin</artifactId>
<version>${spotless.version}</version>
<configuration>
<java>
<googleJavaFormat>
<version>${google.java.format.version}</version>
<style>GOOGLE</style>
</googleJavaFormat>
<importOrder>
<order>org.apache.iotdb,,javax,java,\#</order>
</importOrder>
<removeUnusedImports/>
</java>
<lineEndings>UNIX</lineEndings>
</configuration>
<executions>
<execution>
<id>spotless-check</id>
<goals>
<goal>check</goal>
</goals>
<phase>validate</phase>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>3.3.0</version>
</plugin>
<plugin>
<groupId>org.eluder.coveralls</groupId>
<artifactId>coveralls-maven-plugin</artifactId>
<version>4.3.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.4.1</version>
</plugin>
<plugin>
<groupId>net.revelc.code.formatter</groupId>
<artifactId>formatter-maven-plugin</artifactId>
<version>2.23.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>3.3.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>3.2.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<version>3.5.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>3.6.0</version>
</plugin>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>${felix.version}</version>
</plugin>
<plugin>
<groupId>org.scala-tools</groupId>
<artifactId>maven-scala-plugin</artifactId>
<version>2.15.2</version>
</plugin>
<plugin>
<groupId>au.com.acegi</groupId>
<artifactId>xml-format-maven-plugin</artifactId>
<version>3.2.2</version>
</plugin>
<plugin>
<groupId>org.openapitools</groupId>
<artifactId>openapi-generator-maven-plugin</artifactId>
<version>${openapi.generator.version}</version>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>build-helper-maven-plugin</artifactId>
<version>3.4.0</version>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<plugin>
<groupId>com.diffplug.spotless</groupId>
<artifactId>spotless-maven-plugin</artifactId>
<configuration>
<skip>${spotless.skip}</skip>
</configuration>
</plugin>
<!--
Strange things usually happen if you run with a too low Java version.
This plugin not only checks the minimum java version of 1.8, but also
checks all dependencies (and transitive dependencies) for reported CVEs.
-->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<dependencies>
<dependency>
<groupId>org.sonatype.ossindex.maven</groupId>
<artifactId>ossindex-maven-enforcer-rules</artifactId>
<version>3.2.0</version>
</dependency>
<dependency>
<groupId>org.codehaus.mojo</groupId>
<artifactId>extra-enforcer-rules</artifactId>
<version>1.7.0</version>
</dependency>
<dependency>
<groupId>org.apache.maven.shared</groupId>
<artifactId>maven-dependency-tree</artifactId>
<version>3.2.1</version>
</dependency>
</dependencies>
<executions>
<!-- Ensure we're not mixing dependency versions -->
<execution>
<id>enforce-version-convergence</id>
<goals>
<goal>enforce</goal>
</goals>
<phase>validate</phase>
<configuration>
<rules>
<dependencyConvergence/>
</rules>
</configuration>
</execution>
<!--
Fails the build if classes are included from multiple
artifacts and these are not identical.
-->
<execution>
<id>enforce-ban-duplicate-classes</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<banDuplicateClasses>
<scopes>
<scope>compile</scope>
<scope>provided</scope>
</scopes>
<findAllDuplicates>true</findAllDuplicates>
<ignoreWhenIdentical>true</ignoreWhenIdentical>
</banDuplicateClasses>
</rules>
<fail>true</fail>
</configuration>
</execution>
<!-- Make sure no dependencies are used for which known vulnerabilities exist. -->
<execution>
<id>vulnerability-checks</id>
<goals>
<goal>enforce</goal>
</goals>
<phase>validate</phase>
<configuration>
<!-- Just generate warnings for now -->
<fail>true</fail>
<rules>
<requireJavaVersion>
<version>1.8.0</version>
</requireJavaVersion>
<banVulnerable implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies">
<excludeCoordinates>
<!-- TODO: For this CVE no fix exists yet (Keep an eye on it) -->
<exclude>
<groupId>io.netty</groupId>
<artifactId>netty-handler</artifactId>
<version>4.1.97.Final</version>
</exclude>
<!--
CVE-2016-1000027 seems to effect the HTTP Invoker, which we are not using.
These are marked deprecated anyway and are removed in Spring 6.x. Unfortunately,
we are still stuck at 5.x due to the javax-namespace issues.
-->
<exclude>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>5.3.30</version>
</exclude>
<!--
For this CVE no fix exists and will probably never exist
(We should discuss dropping 2.11 anyway)
-->
<exclude>
<groupId>org.apache.spark</groupId>
<artifactId>spark-core_2.11</artifactId>
<version>2.4.8</version>
</exclude>
<!--
We can't update to a fixed version as we're stuck with this version
as it was the last to support the javax namespace.
-->
<exclude>
<groupId>org.glassfish.jersey.core</groupId>
<artifactId>jersey-common</artifactId>
<version>2.4.8</version>
</exclude>
<!--
TODO: For this CVE no fix exists yet, however we should keep an eye on this:
https://docs.google.com/presentation/d/1W5KU7ffh4dheR8iD54ulABImi6byAhSI-OhEKw2adRo/edit#slide=id.gaf11915f86_0_0
-->
<exclude>
<groupId>io.atomix</groupId>
<artifactId>atomix-raft</artifactId>
<version>3.1.12</version>
</exclude>
</excludeCoordinates>
</banVulnerable>
</rules>
</configuration>
</execution>
</executions>
</plugin>
<!--
Even if Maven transitively pulls in dependencies, relying on these can
quite often cause hard to find problems. So it's a good practice to make
sure everything directly required is also directly added as a dependency.
On the other side adding unused dependency only over-complicates the
dependency graph, so the maven-dependency-plugin checks we depend on
what we need and only that and that runtime dependencies are correctly
imported with runtime scope.
-->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<execution>
<id>check-dependencies</id>
<goals>
<goal>analyze-only</goal>
</goals>
<phase>verify</phase>
<configuration>
<failOnWarning>true</failOnWarning>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>net.revelc.code.formatter</groupId>
<artifactId>formatter-maven-plugin</artifactId>
</plugin>
<!--for
code style check -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<configuration>
<configLocation>checkstyle.xml</configLocation>
<includeTestSourceDirectory>true</includeTestSourceDirectory>
</configuration>
<dependencies>
<dependency>
<groupId>com.puppycrawl.tools</groupId>
<artifactId>checkstyle</artifactId>
<version>9.3</version>
<!-- Starting with version 10, checkstyle requires Java 11 -->
<!--version>10.12.3</version-->
</dependency>
</dependencies>
<executions>
<execution>
<id>validate</id>
<goals>
<goal>check</goal>
</goals>
<phase>validate</phase>
<configuration>
<outputFile>target/checkstyle-report.xml</outputFile>
<configLocation>checkstyle.xml</configLocation>
<propertyExpansion>baseDir=${project.basedir}</propertyExpansion>
</configuration>
</execution>
</executions>
</plugin>
<!--
Check if all files contain Apache headers in them.
Ignore this plugin, we use license-maven-plugin to check apache header.
-->
<plugin>
<groupId>org.apache.rat</groupId>
<artifactId>apache-rat-plugin</artifactId>
<executions>
<execution>
<id>license-check</id>
<goals>
<goal>check</goal>
</goals>
<phase>verify</phase>
</execution>
</executions>
</plugin>
<plugin>
<groupId>au.com.acegi</groupId>
<artifactId>xml-format-maven-plugin</artifactId>
<executions>
<execution>
<id>xml-format</id>
<goals>
<goal>xml-format</goal>
</goals>
<phase>compile</phase>
<configuration>
<!-- configure your formatting preferences here (see link below) -->
<indentSize>4</indentSize>
<excludes>
<exclude>**/target/**</exclude>
</excludes>
</configuration>
</execution>
</executions>
</plugin>
<!--
Generate the legally required text files in the jars
-->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-remote-resources-plugin</artifactId>
<executions>
<execution>
<id>process-resource-bundles</id>
<goals>
<goal>process</goal>
</goals>
<configuration>
<resourceBundles>
<!-- Will generate META-INF/{DEPENDENCIES,LICENSE,NOTICE} -->
<resourceBundle>org.apache:apache-jar-resource-bundle:1.4</resourceBundle>
</resourceBundles>
<!-- Content in this directory will be appended to generated resources -->
<appendedResourcesDirectory>${basedir}/src/remote-resources</appendedResourcesDirectory>
</configuration>
</execution>
</executions>
</plugin>
<!-- Separates the unit tests from the integration tests. -->
<!-- TODO: Integration-Tests should be executed by the failsafe plugin -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<executions>
<execution>
<id>unit-tests</id>
<goals>
<goal>test</goal>
</goals>
<phase>test</phase>
<configuration>
<includes>
<!-- Include unit tests within integration-test phase. -->
<include>src/test/**/*Test.java</include>
</includes>
<excludes>
<!-- Exclude integration tests within (unit) test phase. -->
<exclude>src/test/**/*IT.java</exclude>
</excludes>
</configuration>
</execution>
<execution>
<id>integration-tests</id>
<goals>
<goal>test</goal>
</goals>
<phase>integration-test</phase>
<configuration>
<includes>
<!-- Include integration tests within integration-test phase. -->
<include>src/test/**/*IT.java</include>
</includes>
<excludes>
<!-- Exclude unit tests within (unit) test phase. -->
<exclude>src/test/**/*Test.java</exclude>
</excludes>
</configuration>
</execution>
</executions>
</plugin>
<!-- Also package the sources as jar -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<executions>
<execution>
<id>create-source-package</id>
<goals>
<goal>jar</goal>
</goals>
<phase>package</phase>
</execution>
</executions>
</plugin>
</plugins>
</build>
<licenses>
<license>
<name>The Apache License, Version 2.0</name>
<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
</license>
</licenses>
<mailingLists>
<mailingList>
<name>Apache IoTDB Developer List</name>
<subscribe>mailto:dev-subscribe@iotdb.apache.org</subscribe>
<unsubscribe>mailto:dev-unsubscribe@iotdb.apache.org</unsubscribe>
<post>mailto:dev@iotdb.apache.org</post>
<archive>http://mail-archives.apache.org/mod_mbox/iotdb-dev/</archive>
</mailingList>
<mailingList>
<name>IoTDB Commits List</name>
<subscribe>mailto:commit-subscribe@iotdb.apache.org</subscribe>
<unsubscribe>mailto:commits-unsubscribe@iotdb.apache.org</unsubscribe>
<post>mailto:commits@iotdb.apache.org</post>
<archive>http://mail-archives.apache.org/mod_mbox/iotdb-commits/</archive>
</mailingList>
<mailingList>
<name>IoTDB Jira Notifications List</name>
<subscribe>mailto:notifications-subscribe@iotdb.apache.org</subscribe>
<unsubscribe>mailto:notifications-unsubscribe@iotdb.apache.org</unsubscribe>
<post>mailto:notifications@iotdb.apache.org</post>
<archive>http://mail-archives.apache.org/mod_mbox/iotdb-notifications/</archive>
</mailingList>
</mailingLists>
<scm>
<connection>scm:git:ssh://git@github.com/apache/iotdb-extras.git</connection>
<developerConnection>scm:git:ssh://git@github.com/apache/iotdb-extras.git</developerConnection>
<url>ssh://git@github.com:apache/iotdb-extras.git</url>
<tag>HEAD</tag>
</scm>
<issueManagement>
<system>Jira</system>
<url>https://issues.apache.org/jira/browse/iotdb</url>
</issueManagement>
<!--
Needed for fetching lt_downsampling_java8 (which is used by library-udf)
(Adding this in the root or when building other parts, this transitive dependency can be fetched)
-->
<!--repositories>
<repository>
<id>jitpack.io</id>
<url>https://jitpack.io</url>
</repository>
</repositories-->
<profiles>
<profile>
<id>.java-9-and-above</id>
<activation>
<jdk>[9,)</jdk>
</activation>
<properties>
<maven.compiler.release>8</maven.compiler.release>
</properties>
</profile>
<!-- Current version of spotless cannot support JDK11 below -->
<profile>
<id>.java-11-below</id>
<activation>
<jdk>(,11]</jdk>
</activation>
<properties>
<!-- This was the last version to support Java 8, Just for run -->
<spotless.version>2.27.1</spotless.version>
<!-- To avoid format conflicts -->
<spotless.skip>true</spotless.skip>
</properties>
</profile>
<!--
Add argLine for Java 16 and above, due to [JEP 396: Strongly Encapsulate JDK Internals by Default]
(https://openjdk.java.net/jeps/396)
-->
<profile>
<id>.java-16</id>
<activation>
<jdk>16</jdk>
</activation>
<properties>
<argLine>--illegal-access=permit --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.net=ALL-UNNAMED --add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED --add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED --add-exports=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED --add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED --add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED</argLine>
</properties>
</profile>
<!--
Add argLine for Java 16 and above, due to [JEP 396: Strongly Encapsulate JDK Internals by Default]
(https://openjdk.java.net/jeps/396)
-->
<profile>
<id>.java-17-and-above</id>
<activation>
<jdk>[17,)</jdk>
</activation>
<properties>
<argLine>--add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.net=ALL-UNNAMED --add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED --add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED --add-exports=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED --add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED --add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED</argLine>
</properties>
</profile>
<profile>
<id>with-springboot</id>
<modules>
<module>iotdb-spring-boot-starter</module>
</modules>
</profile>
<profile>
<id>with-examples</id>
<modules>
<module>examples</module>
</modules>
</profile>
<!-- Make sure the source assembly has the right name -->
<profile>
<id>apache-release</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
<execution>
<id>source-release-assembly</id>
<goals>
<goal>single</goal>
</goals>
<phase>package</phase>
<!--
heads up: combine.self in the following is highlighted
as an error in Eclipse's xml editor view.
Just ignore that.
See https://issues.apache.org/jira/browse/MNG-5454 sigh.
-->
<configuration combine.self="append">
<finalName>apache-iotdb-extras-${project.version}</finalName>
<archive>
<manifest>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
<addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
</manifest>
</archive>
</configuration>
</execution>
</executions>
</plugin>
<!--
Generate an SBOM for the project
-->
<plugin>
<groupId>org.cyclonedx</groupId>
<artifactId>cyclonedx-maven-plugin</artifactId>
<!-- Only run this in the root module of the project -->
<inherited>false</inherited>
<configuration>
<outputName>apache-${project.artifactId}-${project.version}-sbom</outputName>
</configuration>
<executions>
<execution>
<goals>
<goal>makeAggregateBom</goal>
</goals>
<phase>package</phase>
</execution>
</executions>
</plugin>
<!--
Create SHA512 checksum files for the release artifacts.
-->
<plugin>
<groupId>net.nicoulaj.maven.plugins</groupId>
<artifactId>checksum-maven-plugin</artifactId>
<version>1.11</version>
<executions>
<execution>
<id>sign-source-release</id>
<goals>
<goal>files</goal>
</goals>
<phase>package</phase>
<configuration>
<algorithms>
<algorithm>SHA-512</algorithm>
</algorithms>
<fileSets>
<fileSet>
<directory>${project.build.directory}</directory>
<includes>
<include>apache-iotdb-extras-${project.version}-source-release.zip</include>
</includes>
</fileSet>
</fileSets>
<failIfNoFiles>false</failIfNoFiles>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>enforce</id>
<properties>
<enforcer.skip>false</enforcer.skip>
</properties>
</profile>
</profiles>
</project>