#22: Fixed transitive dependency with vulnerability (#23)

Fixes #22.

Co-authored-by: jakobbraun <jakob.braun@posteo.de>

Author: morazow

.github/workflows/broken_links_checker.yml

@@ -10,8 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-      - name: lychee Link Checker
-        id: lc
-        uses: lycheeverse/lychee-action@v1.0.6
-      - name: Fail if there were link errors
-        run: exit ${{ steps.lc.outputs.exit_code }}
+      - uses: gaurav-nelson/github-action-markdown-link-check@v1
+        with:
+          use-quiet-mode: 'yes'
+          use-verbose-mode: 'yes'

.github/workflows/ci-build.yml

@@ -0,0 +1,30 @@
+name: CI Build
+
+on:
+  - push
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Set up JDK 11
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+      - name: Cache local Maven repository
+        uses: actions/cache@v2
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+      - name: Run tests and build with Maven
+        run: mvn --batch-mode --update-snapshots clean verify sonar:sonar --file pom.xml -DtrimStackTrace=false -Dsonar.organization=exasol -Dsonar.host.url=https://sonarcloud.io -Dsonar.login=$SONAR_TOKEN
+        env:
+          GITHUB_OAUTH: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/release_droid_upload_github_release_assets.yml

@@ -32,4 +32,9 @@ jobs:
         uses: shogo82148/actions-upload-release-asset@v1
         with:
           upload_url: ${{ github.event.inputs.upload_url }}
-          asset_path: target/*.jar
+          asset_path: target/*.jar
+      - name: Upload error-code-report
+        uses: shogo82148/actions-upload-release-asset@v1
+        with:
+          upload_url: ${{ github.event.inputs.upload_url }}
+          asset_path: target/error_code_report.json

.travis.yml

@@ -1,10 +1,8 @@
 # parquet-io-java
 
-[![Build Status](https://travis-ci.com/exasol/parquet-io-java.svg?branch=main)](https://travis-ci.com/exasol/parquet-io-java)
+[![Build Status](https://github.com/exasol/parquet-io-java/actions/workflows/ci-build.yml/badge.svg)](https://github.com/exasol/parquet-io-java/actions/workflows/ci-build.yml)
 [![Maven Central](https://img.shields.io/maven-central/v/com.exasol/parquet-io-java)](https://search.maven.org/artifact/com.exasol/parquet-io-java)
 
-SonarCloud results:
-
 [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=com.exasol%3Aparquet-io-java&metric=alert_status)](https://sonarcloud.io/dashboard?id=com.exasol%3Aparquet-io-java)
 
 [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=com.exasol%3Aparquet-io-java&metric=security_rating)](https://sonarcloud.io/dashboard?id=com.exasol%3Aparquet-io-java)

README.md

@@ -35,7 +35,7 @@
 | [Apache Maven Enforcer Plugin][33]                      | [Apache License, Version 2.0][2]          |
 | [OpenFastTrace Maven Plugin][35]                        | [GNU General Public License v3.0][36]     |
 | [Maven Failsafe Plugin][37]                             | [Apache License, Version 2.0][2]          |
-| [Apache Maven GPG Plugin][39]                           | [Apache License, Version 2.0][1]          |
+| [Apache Maven GPG Plugin][39]                           | [Apache License, Version 2.0][2]          |
 | [Apache Maven Deploy Plugin][41]                        | [Apache License, Version 2.0][2]          |
 | [Nexus Staging Maven Plugin][43]                        | [Eclipse Public License][44]              |
 | [Apache Maven Source Plugin][45]                        | [Apache License, Version 2.0][2]          |
@@ -48,7 +48,6 @@
 | [Apache Maven Install Plugin][59]                       | [Apache License, Version 2.0][1]          |
 | [Apache Maven Site Plugin][61]                          | [Apache License, Version 2.0][2]          |
 
-[27]: https://www.eclemma.org/jacoco/index.html
 [51]: https://github.com/exasol/project-keeper-maven-plugin
 [16]: http://www.apache.org/licenses/LICENSE-2.0
 [1]: http://www.apache.org/licenses/LICENSE-2.0.txt
@@ -62,7 +61,6 @@
 [29]: http://www.mojohaus.org/versions-maven-plugin/
 [14]: http://opensource.org/licenses/BSD-3-Clause
 [19]: https://maven.apache.org/plugins/maven-compiler-plugin/
-[39]: http://maven.apache.org/plugins/maven-gpg-plugin/
 [55]: https://maven.apache.org/plugins/maven-resources-plugin/
 [35]: https://github.com/itsallcode/openfasttrace-maven-plugin
 [53]: https://maven.apache.org/plugins/maven-clean-plugin/
@@ -73,17 +71,19 @@
 [18]: http://unlicense.org/
 [6]: https://www.apache.org/licenses/LICENSE-2.0
 [23]: https://www.scalatest.org/user_guide/using_the_scalatest_maven_plugin
+[27]: https://www.jacoco.org/jacoco/trunk/doc/maven.html
+[10]: https://github.com/mockito/mockito/blob/main/LICENSE
 [49]: http://zlika.github.io/reproducible-build-maven-plugin
 [61]: https://maven.apache.org/plugins/maven-site-plugin/
 [36]: https://www.gnu.org/licenses/gpl-3.0.html
 [0]: https://parquet.apache.org
 [2]: https://www.apache.org/licenses/LICENSE-2.0.txt
 [33]: https://maven.apache.org/enforcer/maven-enforcer-plugin/
-[10]: https://github.com/mockito/mockito/blob/release/3.x/LICENSE
 [8]: https://www.eclipse.org/legal/epl-v20.html
 [59]: http://maven.apache.org/plugins/maven-install-plugin/
 [7]: https://junit.org/junit5/
 [31]: https://sonatype.github.io/ossindex-maven/maven-plugin/
+[39]: https://maven.apache.org/plugins/maven-gpg-plugin/
 [17]: http://github.com/davidB/scala-maven-plugin
 [45]: https://maven.apache.org/plugins/maven-source-plugin/
 [13]: http://hamcrest.org/JavaHamcrest/

dependencies.md

@@ -1,4 +1,5 @@
 # Changes
 
+* [1.0.2](changes_1.0.2.md)
 * [1.0.1](changes_1.0.1.md)
 * [1.0.0](changes_1.0.0.md)

doc/changes/changelog.md

@@ -0,0 +1,31 @@
+# Parquet for Java 1.0.2, released 2021-07-12
+
+Code name: Fixed Transitive Dependency Vulnerability
+
+## Summary
+
+This releases remove transitive dependency that contains vulnerability by updating version of `hadoop-client`. Additionally, we updated versions of other runtime and test dependencies.
+
+## Bug Fixes
+
+* #22: Fixed transitive dependency vulnerability
+
+## Dependency Updates
+
+### Compile Dependency Updates
+
+* Updated `org.apache.hadoop:hadoop-client:3.3.0` to `3.3.1`
+
+### Test Dependency Updates
+
+* Updated `org.mockito:mockito-core:3.10.0` to `3.11.2`
+* Updated `org.mockito:mockito-junit-jupiter:3.10.0` to `3.11.2`
+
+### Plugin Dependency Updates
+
+* Updated `com.exasol:project-keeper-maven-plugin:0.8.0` to `0.10.0`
+* Updated `net.alchim31.maven:scala-maven-plugin:4.4.1` to `4.5.3`
+* Updated `org.apache.maven.plugins:maven-gpg-plugin:1.6` to `3.0.1`
+* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.2.0` to `3.3.0`
+* Updated `org.itsallcode:openfasttrace-maven-plugin:1.1.0` to `1.2.0`
+* Updated `org.jacoco:jacoco-maven-plugin:0.8.6` to `0.8.7`

doc/changes/changes_1.0.2.md

@@ -4,7 +4,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.exasol</groupId>
     <artifactId>parquet-io-java</artifactId>
-    <version>1.0.1</version>
+    <version>1.0.2</version>
     <name>Parquet for Java</name>
     <description>This project provides a library that reads Parquet files into Java objects.</description>
     <url>https://github.com/exasol/parquet-io-java</url>
@@ -13,7 +13,7 @@
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <java.version>11</java.version>
         <scala.version>2.12.14</scala.version>
-        <mockito.version>3.10.0</mockito.version>
+        <mockito.version>3.11.2</mockito.version>
         <gpg.skip>true</gpg.skip>
     </properties>
     <licenses>
@@ -58,7 +58,7 @@
         <dependency>
             <groupId>org.apache.hadoop</groupId>
             <artifactId>hadoop-client</artifactId>
-            <version>3.3.0</version>
+            <version>3.3.1</version>
             <!-- Excluding transitive dependencies with vulnerabilities. -->
             <exclusions>
                 <exclusion>
@@ -143,7 +143,7 @@
             <plugin>
                 <groupId>net.alchim31.maven</groupId>
                 <artifactId>scala-maven-plugin</artifactId>
-                <version>4.4.1</version>
+                <version>4.5.3</version>
                 <executions>
                     <execution>
                         <id>scala-compile-first</id>
@@ -276,7 +276,7 @@
             <plugin>
                 <groupId>org.jacoco</groupId>
                 <artifactId>jacoco-maven-plugin</artifactId>
-                <version>0.8.6</version>
+                <version>0.8.7</version>
                 <executions>
                     <execution>
                         <id>prepare-agent</id>
@@ -373,7 +373,7 @@
             <plugin>
                 <groupId>org.itsallcode</groupId>
                 <artifactId>openfasttrace-maven-plugin</artifactId>
-                <version>1.1.0</version>
+                <version>1.2.0</version>
                 <executions>
                     <execution>
                         <id>trace-requirements</id>
@@ -416,7 +416,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-gpg-plugin</artifactId>
-                <version>1.6</version>
+                <version>3.0.1</version>
                 <executions>
                     <execution>
                         <id>sign-artifacts</id>
@@ -476,7 +476,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.2.0</version>
+                <version>3.3.0</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>
@@ -511,7 +511,7 @@
             <plugin>
                 <groupId>com.exasol</groupId>
                 <artifactId>project-keeper-maven-plugin</artifactId>
-                <version>0.8.0</version>
+                <version>0.10.0</version>
                 <executions>
                     <execution>
                         <goals>