Merge pull request #589 from usc-isi-i2/sept23-exclude-snappy-java

Exclude vuln snappy-java

karma-commands/commands-bloom/pom.xml

@@ -70,6 +70,10 @@
 		            <groupId>com.fasterxml.jackson.core</groupId>
 		            <artifactId>jackson.core</artifactId>
 		        </exclusion>
+				<exclusion>
+					<groupId>org.xerial.snappy</groupId>
+					<artifactId>snappy-java</artifactId>
+				</exclusion>
 				<exclusion>
 		            <artifactId>jackson-jaxrs</artifactId>
 		            <groupId>org.codehaus.jackson</groupId>

karma-common/pom.xml

@@ -144,11 +144,23 @@
 		<groupId>org.apache.avro</groupId>
 		<artifactId>avro</artifactId>
 		<version>1.7.7</version>
+		<exclusions>
+			<exclusion>
+				<groupId>org.xerial.snappy</groupId>
+				<artifactId>snappy-java</artifactId>
+			</exclusion>
+		</exclusions>
 	</dependency>
 	<dependency>
 		<groupId>org.apache.avro</groupId>
 		<artifactId>avro-compiler</artifactId>
 		<version>1.7.7</version>
+		<exclusions>
+			<exclusion>
+				<groupId>org.xerial.snappy</groupId>
+				<artifactId>snappy-java</artifactId>
+			</exclusion>
+		</exclusions>
 
 	</dependency>
 	<dependency>

karma-jsonld/pom.xml

@@ -35,6 +35,12 @@
             <groupId>org.apache.spark</groupId>
             <artifactId>spark-core_2.11</artifactId>
             <version>2.4.5</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.xerial.snappy</groupId>
+                    <artifactId>snappy-java</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>commons-cli</groupId>

karma-mr/pom.xml

@@ -238,6 +238,10 @@
 					<groupId>com.microsoft.windowsazure.storage</groupId>
 					<artifactId>microsoft-windowsazure-storage-sdk</artifactId>
 				</exclusion>
+				<exclusion>
+					<groupId>org.xerial.snappy</groupId>
+					<artifactId>snappy-java</artifactId>
+				</exclusion>
 				<exclusion>
 		            <groupId>com.fasterxml.jackson.core</groupId>
 		            <artifactId>jackson.core</artifactId>
@@ -356,7 +360,13 @@
 			<groupId>org.apache.avro</groupId>
 			<artifactId>avro-mapred</artifactId>
 			<version>${avro.version}</version>
-			<classifier>hadoop2</classifier> 
+			<classifier>hadoop2</classifier>
+			<exclusions>
+				<exclusion>
+					<groupId>org.xerial.snappy</groupId>
+					<artifactId>snappy-java</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
     	</dependencies>
   		</profile>
@@ -421,6 +431,10 @@
 			<artifactId>hadoop-common</artifactId>
 			<version>${hadoop.version}</version>
 			<exclusions>
+				<exclusion>
+					<groupId>org.xerial.snappy</groupId>
+					<artifactId>snappy-java</artifactId>
+				</exclusion>
 				<exclusion>
 					<groupId>com.microsoft.windowsazure.storage</groupId>
 					<artifactId>microsoft-windowsazure-storage-sdk</artifactId>
@@ -543,7 +557,13 @@
 			<groupId>org.apache.avro</groupId>
 			<artifactId>avro-mapred</artifactId>
 			<version>${avro.version}</version>
-			<classifier>hadoop2</classifier> 
+			<classifier>hadoop2</classifier>
+			<exclusions>
+				<exclusion>
+					<groupId>org.xerial.snappy</groupId>
+					<artifactId>snappy-java</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
     		</dependencies>
   		</profile>

karma-offline/pom.xml

@@ -136,6 +136,10 @@
 					<groupId>com.microsoft.windowsazure.storage</groupId>
 					<artifactId>microsoft-windowsazure-storage-sdk</artifactId>
 				</exclusion>
+				<exclusion>
+					<groupId>org.xerial.snappy</groupId>
+					<artifactId>snappy-java</artifactId>
+				</exclusion>
 				<exclusion>
 		            <groupId>com.fasterxml.jackson.core</groupId>
 		            <artifactId>jackson.core</artifactId>

karma-semanticlabeling/pom.xml

@@ -74,13 +74,25 @@
             <groupId>org.apache.spark</groupId>
             <artifactId>spark-mllib_2.11</artifactId>
             <version>2.2.0</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.xerial.snappy</groupId>
+                    <artifactId>snappy-java</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>
             <groupId>org.apache.spark</groupId>
             <artifactId>spark-sql_2.12</artifactId>
             <version>3.0.0</version>
             <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.xerial.snappy</groupId>
+                    <artifactId>snappy-java</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>

karma-spark/pom.xml

@@ -170,6 +170,12 @@
 		            <groupId>org.apache.spark</groupId>
 		            <artifactId>spark-core${spark.scala.version}</artifactId>
 		            <version>${spark.version}</version>
+                    <exclusions>
+                        <exclusion>
+                            <groupId>org.xerial.snappy</groupId>
+                            <artifactId>snappy-java</artifactId>
+                        </exclusion>
+                    </exclusions>
 		        </dependency>
 	        </dependencies>
     	</profile>
@@ -191,6 +197,12 @@
 		            <groupId>org.apache.spark</groupId>
 		            <artifactId>spark-core${spark.scala.version}</artifactId>
 		            <version>${spark.version}</version>
+                    <exclusions>
+                        <exclusion>
+                            <groupId>org.xerial.snappy</groupId>
+                            <artifactId>snappy-java</artifactId>
+                        </exclusion>
+                    </exclusions>
 		        </dependency>
 	        </dependencies>
     	</profile>