From 08ccae3c8e8bbaecf270d8d65de0f66d545cb775 Mon Sep 17 00:00:00 2001
From: Siddhartha Agarwal <pulsid.agarwal@gmail.com>
Date: Wed, 3 Aug 2022 01:06:17 +0530
Subject: [PATCH 1/3] CCMSG-2014: cve-fix - update parquet-format version

---
 .../dependency-reduced-pom.xml                | 116 ++++++++++++++++++
 pom.xml                                       |   2 +-
 2 files changed, 117 insertions(+), 1 deletion(-)
 create mode 100644 htrace-core4-shaded/dependency-reduced-pom.xml

diff --git a/htrace-core4-shaded/dependency-reduced-pom.xml b/htrace-core4-shaded/dependency-reduced-pom.xml
new file mode 100644
index 000000000..d466ce6ba
--- /dev/null
+++ b/htrace-core4-shaded/dependency-reduced-pom.xml
@@ -0,0 +1,116 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <parent>
+    <artifactId>kafka-connect-storage-common-parent</artifactId>
+    <groupId>io.confluent</groupId>
+    <version>5.4.10-SNAPSHOT</version>
+  </parent>
+  <modelVersion>4.0.0</modelVersion>
+  <artifactId>kafka-connect-storage-common-htrace-core4-shaded</artifactId>
+  <name>kafka-connect-storage-common-htrace-core4-shaded</name>
+  <description>htrace-core4 shaded to replace jackson dependencies without CVEs</description>
+  <inceptionYear>2020</inceptionYear>
+  <build>
+    <plugins>
+      <plugin>
+        <artifactId>maven-jar-plugin</artifactId>
+      </plugin>
+      <plugin>
+        <artifactId>maven-shade-plugin</artifactId>
+        <version>3.2.4</version>
+        <executions>
+          <execution>
+            <phase>package</phase>
+            <goals>
+              <goal>shade</goal>
+            </goals>
+            <configuration>
+              <artifactSet>
+                <includes>
+                  <include>org.apache.htrace:*</include>
+                  <include>com.fasterxml.jackson.core:*</include>
+                </includes>
+              </artifactSet>
+              <filters>
+                <filter>
+                  <artifact>org.apache.htrace:htrace-core4</artifact>
+                  <includes>
+                    <include>**</include>
+                  </includes>
+                  <excludes>
+                    <exclude>META-INF/services/**</exclude>
+                    <exclude>META-INF/maven/com.fasterxml.jackson.core/**</exclude>
+                    <exclude>org/apache/htrace/shaded/fasterxml/jackson/**</exclude>
+                  </excludes>
+                </filter>
+                <filter>
+                  <artifact>io.confluent:*</artifact>
+                  <excludes>
+                    <exlude>**</exlude>
+                  </excludes>
+                </filter>
+                <filter>
+                  <artifact>com.fasterxml.jackson.core:*</artifact>
+                  <includes>
+                    <include>**</include>
+                  </includes>
+                  <excludes>
+                    <exclude>META-INF/MANIFEST.MF</exclude>
+                    <exclude>META-INF/LICENSE</exclude>
+                    <exclude>META-INF/NOTICE</exclude>
+                    <exclude>META-INF/services/**</exclude>
+                    <exclude>META-INF/maven/com.fasterxml.jackson.core/**</exclude>
+                    <exclude>org/apache/htrace/shaded/fasterxml/jackson/**</exclude>
+                  </excludes>
+                </filter>
+              </filters>
+              <relocations>
+                <relocation>
+                  <pattern>com.fasterxml.jackson</pattern>
+                  <shadedPattern>org.apache.htrace.shaded.fasterxml.jackson</shadedPattern>
+                </relocation>
+              </relocations>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.kafka</groupId>
+      <artifactId>connect-api</artifactId>
+      <version>5.4.10-ccs-SNAPSHOT</version>
+      <scope>provided</scope>
+    </dependency>
+    <dependency>
+      <groupId>jline</groupId>
+      <artifactId>jline</artifactId>
+      <version>2.12.1</version>
+      <scope>compile</scope>
+    </dependency>
+    <dependency>
+      <groupId>io.confluent</groupId>
+      <artifactId>confluent-log4j</artifactId>
+      <version>1.2.17-cp2</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>io.confluent</groupId>
+      <artifactId>common-utils</artifactId>
+      <version>5.4.10-SNAPSHOT</version>
+      <scope>compile</scope>
+    </dependency>
+    <dependency>
+      <groupId>io.confluent</groupId>
+      <artifactId>assembly-plugin-boilerplate</artifactId>
+      <version>5.4.10-SNAPSHOT</version>
+      <type>zip</type>
+      <classifier>resources</classifier>
+      <scope>provided</scope>
+    </dependency>
+  </dependencies>
+  <properties>
+    <htrace.version>4.1.0-incubating</htrace.version>
+  </properties>
+</project>
diff --git a/pom.xml b/pom.xml
index 77daa05ad..74f8f3017 100644
--- a/pom.xml
+++ b/pom.xml
@@ -77,7 +77,7 @@
         <hive.version>1.2.2</hive.version>
         <joda.version>2.9.6</joda.version>
         <licenses.version>5.4.10-SNAPSHOT</licenses.version>
-        <parquet.version>1.11.1</parquet.version>
+        <parquet.version>1.11.2</parquet.version>
         <httpclient.version>4.5.13</httpclient.version>
         <httpcore.version>4.4.4</httpcore.version>
         <jackson.version>2.13.2</jackson.version>

From e34e309581351ff62e9c1107aa033fb4f32e6216 Mon Sep 17 00:00:00 2001
From: Siddhartha Agarwal <pulsid.agarwal@gmail.com>
Date: Wed, 3 Aug 2022 01:10:19 +0530
Subject: [PATCH 2/3] Remove build files: reduced-dependency pom

---
 .../dependency-reduced-pom.xml                | 116 ------------------
 1 file changed, 116 deletions(-)
 delete mode 100644 htrace-core4-shaded/dependency-reduced-pom.xml

diff --git a/htrace-core4-shaded/dependency-reduced-pom.xml b/htrace-core4-shaded/dependency-reduced-pom.xml
deleted file mode 100644
index d466ce6ba..000000000
--- a/htrace-core4-shaded/dependency-reduced-pom.xml
+++ /dev/null
@@ -1,116 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-  <parent>
-    <artifactId>kafka-connect-storage-common-parent</artifactId>
-    <groupId>io.confluent</groupId>
-    <version>5.4.10-SNAPSHOT</version>
-  </parent>
-  <modelVersion>4.0.0</modelVersion>
-  <artifactId>kafka-connect-storage-common-htrace-core4-shaded</artifactId>
-  <name>kafka-connect-storage-common-htrace-core4-shaded</name>
-  <description>htrace-core4 shaded to replace jackson dependencies without CVEs</description>
-  <inceptionYear>2020</inceptionYear>
-  <build>
-    <plugins>
-      <plugin>
-        <artifactId>maven-jar-plugin</artifactId>
-      </plugin>
-      <plugin>
-        <artifactId>maven-shade-plugin</artifactId>
-        <version>3.2.4</version>
-        <executions>
-          <execution>
-            <phase>package</phase>
-            <goals>
-              <goal>shade</goal>
-            </goals>
-            <configuration>
-              <artifactSet>
-                <includes>
-                  <include>org.apache.htrace:*</include>
-                  <include>com.fasterxml.jackson.core:*</include>
-                </includes>
-              </artifactSet>
-              <filters>
-                <filter>
-                  <artifact>org.apache.htrace:htrace-core4</artifact>
-                  <includes>
-                    <include>**</include>
-                  </includes>
-                  <excludes>
-                    <exclude>META-INF/services/**</exclude>
-                    <exclude>META-INF/maven/com.fasterxml.jackson.core/**</exclude>
-                    <exclude>org/apache/htrace/shaded/fasterxml/jackson/**</exclude>
-                  </excludes>
-                </filter>
-                <filter>
-                  <artifact>io.confluent:*</artifact>
-                  <excludes>
-                    <exlude>**</exlude>
-                  </excludes>
-                </filter>
-                <filter>
-                  <artifact>com.fasterxml.jackson.core:*</artifact>
-                  <includes>
-                    <include>**</include>
-                  </includes>
-                  <excludes>
-                    <exclude>META-INF/MANIFEST.MF</exclude>
-                    <exclude>META-INF/LICENSE</exclude>
-                    <exclude>META-INF/NOTICE</exclude>
-                    <exclude>META-INF/services/**</exclude>
-                    <exclude>META-INF/maven/com.fasterxml.jackson.core/**</exclude>
-                    <exclude>org/apache/htrace/shaded/fasterxml/jackson/**</exclude>
-                  </excludes>
-                </filter>
-              </filters>
-              <relocations>
-                <relocation>
-                  <pattern>com.fasterxml.jackson</pattern>
-                  <shadedPattern>org.apache.htrace.shaded.fasterxml.jackson</shadedPattern>
-                </relocation>
-              </relocations>
-            </configuration>
-          </execution>
-        </executions>
-      </plugin>
-    </plugins>
-  </build>
-  <dependencies>
-    <dependency>
-      <groupId>org.apache.kafka</groupId>
-      <artifactId>connect-api</artifactId>
-      <version>5.4.10-ccs-SNAPSHOT</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>jline</groupId>
-      <artifactId>jline</artifactId>
-      <version>2.12.1</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>io.confluent</groupId>
-      <artifactId>confluent-log4j</artifactId>
-      <version>1.2.17-cp2</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>io.confluent</groupId>
-      <artifactId>common-utils</artifactId>
-      <version>5.4.10-SNAPSHOT</version>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>io.confluent</groupId>
-      <artifactId>assembly-plugin-boilerplate</artifactId>
-      <version>5.4.10-SNAPSHOT</version>
-      <type>zip</type>
-      <classifier>resources</classifier>
-      <scope>provided</scope>
-    </dependency>
-  </dependencies>
-  <properties>
-    <htrace.version>4.1.0-incubating</htrace.version>
-  </properties>
-</project>

From 80f2a46d5600f94b4c4a939fdf0286c2ecb6ce27 Mon Sep 17 00:00:00 2001
From: Siddhartha Agarwal <pulsid.agarwal@gmail.com>
Date: Wed, 3 Aug 2022 11:05:50 +0530
Subject: [PATCH 3/3] Bump up parquet version to latest

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 74f8f3017..92a951e88 100644
--- a/pom.xml
+++ b/pom.xml
@@ -77,7 +77,7 @@
         <hive.version>1.2.2</hive.version>
         <joda.version>2.9.6</joda.version>
         <licenses.version>5.4.10-SNAPSHOT</licenses.version>
-        <parquet.version>1.11.2</parquet.version>
+        <parquet.version>1.12.3</parquet.version>
         <httpclient.version>4.5.13</httpclient.version>
         <httpcore.version>4.4.4</httpcore.version>
         <jackson.version>2.13.2</jackson.version>