plugins { id 'java' id 'org.springframework.boot' version '2.7.18' id 'io.spring.dependency-management' version '1.1.4' } java { group = 'eu.openaire.pdf_aggregation_statistics' version = '1.1.0-SNAPSHOT' sourceCompatibility = JavaVersion.VERSION_1_8 } repositories { mavenCentral() maven { name "madgik" url "https://repo.madgik.di.uoa.gr/content/repositories/thirdparty/" } } dependencies { runtimeOnly "org.springframework.boot:spring-boot-devtools" implementation "org.springframework.boot:spring-boot-starter-web" implementation("org.springframework.boot:spring-boot-starter-security") implementation("org.springframework.boot:spring-boot-starter-jdbc") implementation("org.springframework.boot:spring-boot-configuration-processor") implementation("org.springframework.boot:spring-boot-starter-actuator") implementation("org.springframework.boot:spring-boot-starter-aop") implementation("org.springframework.security:spring-security-core") implementation("org.springframework.security:spring-security-web") implementation("org.springframework.security:spring-security-config") // https://mvnrepository.com/artifact/com.cloudera.impala/jdbc implementation("com.cloudera.impala:jdbc:2.5.31") { exclude group: 'org.apache.hive', module: 'hive-exec' exclude group: 'com.twitter', module: 'parquet-hadoop-bundle' exclude group: 'org.apache.parquet', module: 'parquet-avro' exclude group: 'org.apache.avro', module: 'avro' exclude group: 'org.slf4j', module: 'slf4j-log4j12' exclude group: 'org.apache.derby', module: 'derby' exclude group: 'org.eclipse.jetty.aggregate', module: 'jetty-all' exclude group: 'ch.qos.log4j', module: 'log4j' exclude group: 'ch.qos.log4j', module: 'apache-log4j-extras' // Vulnerable dependencies: exclude group: 'log4j', module: 'log4j' exclude group: 'org.apache.ant', module: 'ant' exclude group: 'org.apache.thrift', module: 'libthrift' // This is an older version (we add the updated one later). exclude group: 'org.apache.hive', module: 'hive-metastore' // Avoid excluding 'org.apache.hive:hive-service', as this is needed and unfortunately, even adding a newer version separately, it introducing other vulnerable dependencies. } // https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-common implementation('org.apache.hadoop:hadoop-common:3.3.6') { exclude group: 'org.apache.parquet', module: 'parquet-avro' exclude group: 'org.apache.avro', module: 'avro' exclude group: 'org.slf4j', module: 'slf4j-api' exclude group: 'org.slf4j', module: 'slf4j-reload4j' exclude group: 'ch.qos.reload4j', module: 'reload4j' // Vulnerable dependencies: exclude group: 'com.google.protobuf', module: 'protobuf-java' exclude group: 'org.codehaus.jackson', module: 'jackson-core-asl' exclude group: 'org.codehaus.jackson', module: 'jackson-mapper-asl' exclude group: 'com.fasterxml.woodstox', module: 'woodstox-core' //exclude group: 'commons-collections', module: 'commons-collections' // This dependency is required in order for the program to run without errors. It is discontinued. } // https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-mapreduce-client-core implementation('org.apache.hadoop:hadoop-mapreduce-client-core:3.3.6') { exclude group: 'org.apache.parquet', module: 'parquet-avro' exclude group: 'org.apache.avro', module: 'avro' exclude group: 'org.slf4j', module: 'slf4j-api' exclude group: 'org.slf4j', module: 'slf4j-reload4j' exclude group: 'ch.qos.reload4j', module: 'reload4j' // Vulnerable dependencies: exclude group: 'com.google.protobuf', module: 'protobuf-java' exclude group: 'io.netty', module: 'netty' } // Add back some updated versions of the needed dependencies. implementation 'org.apache.thrift:libthrift:0.17.0' // Newer versions (>=0.18.X) are not compatible with JAVA 8. implementation 'com.fasterxml.woodstox:woodstox-core:6.6.1' // https://mvnrepository.com/artifact/io.micrometer/micrometer-registry-prometheus runtimeOnly 'io.micrometer:micrometer-registry-prometheus:1.12.4' testImplementation 'org.springframework.security:spring-security-test' testImplementation "org.springframework.boot:spring-boot-starter-test" }