aboutsummaryrefslogtreecommitdiffstats
path: root/archiva-modules/metadata
diff options
context:
space:
mode:
authorMartin Stockhammer <martin_s@apache.org>2021-08-29 21:07:38 +0200
committerMartin Stockhammer <martin_s@apache.org>2021-08-29 21:07:38 +0200
commitf40d750c006656fcfb332de8808cf63b17974ef8 (patch)
tree4b13ba23a1c8fa4ac67203df2cce41c8f0abdad8 /archiva-modules/metadata
parent7c4835ba140de0e30746852a8ff64db442e02065 (diff)
downloadarchiva-f40d750c006656fcfb332de8808cf63b17974ef8.tar.gz
archiva-f40d750c006656fcfb332de8808cf63b17974ef8.zip
Dependency changes and vulnerability check
Diffstat (limited to 'archiva-modules/metadata')
-rw-r--r--archiva-modules/metadata/metadata-store-provider/metadata-store-cassandra/pom.xml173
-rw-r--r--archiva-modules/metadata/metadata-store-provider/oak-jcr/metadata-store-jcr/src/main/java/org/apache/archiva/metadata/repository/jcr/OakRepositoryFactory.java3
-rw-r--r--archiva-modules/metadata/metadata-store-provider/oak-jcr/oak-jcr-lucene/pom.xml9
3 files changed, 15 insertions, 170 deletions
diff --git a/archiva-modules/metadata/metadata-store-provider/metadata-store-cassandra/pom.xml b/archiva-modules/metadata/metadata-store-provider/metadata-store-cassandra/pom.xml
index 5ac5c6c3b..58bb31b62 100644
--- a/archiva-modules/metadata/metadata-store-provider/metadata-store-cassandra/pom.xml
+++ b/archiva-modules/metadata/metadata-store-provider/metadata-store-cassandra/pom.xml
@@ -31,7 +31,7 @@
<properties>
<site.staging.base>${project.parent.parent.basedir}</site.staging.base>
- <cassandraVersion>4.0.0</cassandraVersion>
+ <cassandraVersion>3.11.10</cassandraVersion>
<datastax.driver.version>4.13.0</datastax.driver.version>
</properties>
@@ -103,85 +103,6 @@
<artifactId>modelmapper</artifactId>
</dependency>
- <!--
- <dependency>
- <groupId>org.yaml</groupId>
- <artifactId>snakeyaml</artifactId>
- <version>1.27</version>
- </dependency>
--->
- <dependency>
- <groupId>org.apache.cassandra</groupId>
- <artifactId>cassandra-all</artifactId>
- <version>${cassandraVersion}</version>
- <scope>test</scope>
- <exclusions>
- <exclusion>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>jcl-over-slf4j</artifactId>
- </exclusion>
- <exclusion>
- <groupId>ch.qos.logback</groupId>
- <artifactId>logback-core</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.mortbay.jetty</groupId>
- <artifactId>jetty</artifactId>
- </exclusion>
- <exclusion>
- <groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>log4j-over-slf4j</artifactId>
- </exclusion>
- <exclusion>
- <groupId>ch.qos.logback</groupId>
- <artifactId>logback-classic</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.jboss.logging</groupId>
- <artifactId>jboss-logging</artifactId>
- </exclusion>
- <exclusion>
- <groupId>javax.inject</groupId>
- <artifactId>javax.inject</artifactId>
- </exclusion>
- <exclusion>
- <groupId>javax.validation</groupId>
- <artifactId>validation-api</artifactId>
- </exclusion>
- <exclusion>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-core</artifactId>
- </exclusion>
- <!-- Brings hibernate-validator dependency with ancient version, which is vulnerable. Not necessary for archiva. -->
- <exclusion>
- <groupId>com.addthis.metrics</groupId>
- <artifactId>reporter-config3</artifactId>
- </exclusion>
- <exclusion>
- <groupId>net.openhft</groupId>
- <artifactId>chronicle-wire</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>net.openhft</groupId>
- <artifactId>chronicle-wire</artifactId>
- <version>2.21.89</version>
- <scope>test</scope>
- </dependency>
-
<dependency>
<groupId>com.datastax.oss</groupId>
<artifactId>java-driver-core</artifactId>
@@ -198,93 +119,6 @@
<version>${datastax.driver.version}</version>
</dependency>
- <!--
- <dependency>
- <groupId>org.hectorclient</groupId>
- <artifactId>hector-core</artifactId>
- <version>1.1-4</version>
- <exclusions>
- <exclusion>
- <groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
- </exclusion>
- <exclusion>
- <groupId>com.ecyrd.speed4j</groupId>
- <artifactId>speed4j</artifactId>
- </exclusion>
- <exclusion>
- <groupId>com.yammer.metrics</groupId>
- <artifactId>metrics-core</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>log4j-over-slf4j</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- -->
- <!--
- <dependency>
- <groupId>org.apache.cassandra</groupId>
- <artifactId>cassandra-thrift</artifactId>
- <version>${cassandraVersion}</version>
- <exclusions>
- <exclusion>
- <groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.apache.ant</groupId>
- <artifactId>ant</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- -->
- <!-- Transient dependencies of cassandra that are selected to use a higher version -->
- <!--
- <dependency>
- <groupId>org.apache.thrift</groupId>
- <artifactId>libthrift</artifactId>
- <version>0.13.0</version>
- <exclusions>
- <exclusion>
- <groupId>javax.annotation</groupId>
- <artifactId>javax.annotation-api</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.mindrot</groupId>
- <artifactId>jbcrypt</artifactId>
- <version>0.4</version>
- </dependency>
- <dependency>
- <groupId>org.apache.tika</groupId>
- <artifactId>tika-core</artifactId>
- <version>1.26</version>
- </dependency>
--->
- <!-- Transitive dependency. Declared here to increase the version. -->
- <!--
- <dependency>
- <groupId>io.netty</groupId>
- <artifactId>netty-all</artifactId>
- <version>${netty.version}</version>
- </dependency>
- -->
- <!--
- <dependency>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-core</artifactId>
- </dependency>
--->
- <!-- Is a dependency of cassandra -> hibernate-validator and replaced by new version -->
- <!--
- <dependency>
- <groupId>org.jboss.logging</groupId>
- <artifactId>jboss-logging</artifactId>
- </dependency>
- -->
<!-- TEST Scope -->
<dependency>
@@ -352,6 +186,7 @@
<filtering>true</filtering>
</testResource>
</testResources>
+
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
@@ -432,7 +267,7 @@ num_tokens: 1
<dependency>
<groupId>org.apache.cassandra</groupId>
<artifactId>cassandra-all</artifactId>
- <version>3.11.10</version>
+ <version>${cassandraVersion}</version>
</dependency>
</dependencies>
</plugin>
@@ -479,7 +314,6 @@ num_tokens: 1
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<executions>
-
</executions>
<configuration>
<skip>true</skip>
@@ -492,6 +326,7 @@ num_tokens: 1
<configuration>
<excludes>
<exclude>src/cassandra/**</exclude>
+ <exclude>src/test/resources/cassandra-test.yaml</exclude>
</excludes>
</configuration>
</plugin>
diff --git a/archiva-modules/metadata/metadata-store-provider/oak-jcr/metadata-store-jcr/src/main/java/org/apache/archiva/metadata/repository/jcr/OakRepositoryFactory.java b/archiva-modules/metadata/metadata-store-provider/oak-jcr/metadata-store-jcr/src/main/java/org/apache/archiva/metadata/repository/jcr/OakRepositoryFactory.java
index a8cb1a700..84fa5149c 100644
--- a/archiva-modules/metadata/metadata-store-provider/oak-jcr/metadata-store-jcr/src/main/java/org/apache/archiva/metadata/repository/jcr/OakRepositoryFactory.java
+++ b/archiva-modules/metadata/metadata-store-provider/oak-jcr/metadata-store-jcr/src/main/java/org/apache/archiva/metadata/repository/jcr/OakRepositoryFactory.java
@@ -131,6 +131,7 @@ public class OakRepositoryFactory
int cacheSizeInMB = 20;
int cacheExpiryInSecs = 300;
int threadPoolSize = 5;
+ long queueTimeOutMs = 60000;
private StatisticsProvider statisticsProvider;
@@ -281,7 +282,7 @@ public class OakRepositoryFactory
log.info("Hybrid indexing feature disabled");
return;
}
- documentQueue = new DocumentQueue( queueSize, tracker, getExecutorService(), statisticsProvider);
+ documentQueue = new DocumentQueue( queueSize, queueTimeOutMs, tracker, getExecutorService(), statisticsProvider);
LocalIndexObserver localIndexObserver = new LocalIndexObserver(documentQueue, statisticsProvider);
int observerQueueSize = 1000;
diff --git a/archiva-modules/metadata/metadata-store-provider/oak-jcr/oak-jcr-lucene/pom.xml b/archiva-modules/metadata/metadata-store-provider/oak-jcr/oak-jcr-lucene/pom.xml
index 067be3eda..06f38aa5a 100644
--- a/archiva-modules/metadata/metadata-store-provider/oak-jcr/oak-jcr-lucene/pom.xml
+++ b/archiva-modules/metadata/metadata-store-provider/oak-jcr/oak-jcr-lucene/pom.xml
@@ -81,6 +81,10 @@
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-suggest</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.apache.tika</groupId>
+ <artifactId>tika-core</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<!-- We reapply the original transitive dependencies -->
@@ -113,6 +117,11 @@
<groupId>org.apache.jackrabbit</groupId>
<artifactId>oak-search</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.apache.tika</groupId>
+ <artifactId>tika-core</artifactId>
+ <version>1.27</version>
+ </dependency>
</dependencies>