SNOW-1196967 SNOW-1196966 Update vulnerable dependencies

snowflakedb · Mar 21, 2024 · 2b2c8e7 · 2b2c8e7
1 parent e3356bd
commit 2b2c8e7
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/pom.xml b/pom.xml
@@ -35,7 +35,7 @@
 
   <!-- Set our Language Level to Java 8 -->
   <properties>
-    <bouncycastle.version>1.74</bouncycastle.version>
+    <bouncycastle.version>1.77</bouncycastle.version>
     <codehaus.version>1.9.13</codehaus.version>
     <commonscodec.version>1.15</commonscodec.version>
     <commonscollections.version>3.2.2</commonscollections.version>
@@ -441,6 +441,10 @@
       <groupId>net.snowflake</groupId>
       <artifactId>snowflake-jdbc</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.apache.commons</groupId>
+      <artifactId>commons-compress</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.apache.hadoop</groupId>
       <artifactId>hadoop-common</artifactId>
@@ -695,6 +699,12 @@
             <configuration>
               <failOnWarning>true</failOnWarning>
               <ignoreNonCompile>true</ignoreNonCompile>
+              <ignoredDependencies>
+                <!-- We defined common-compress as a direct dependency (as opposed to just declaring it in dependencyManagement)
+                to workaround https://issues.apache.org/jira/browse/MNG-7982. Now the dependency analyzer complains that
+                the dependency is unused, so we ignore it here-->
+                <ignoredDependency>org.apache.commons:commons-compress</ignoredDependency>
+              </ignoredDependencies>
             </configuration>
           </execution>
         </executions>