Merge pull request #8051 from fengshuaihu/users/v-shufeng/code-cleanup

fengshuaihu · web-flow · commit 053c2d3854b8 · 2023-12-07T13:23:19.000+08:00
Users/v shufeng/code cleanup
diff --git a/Utils/azure-toolkit-ide-hdinsight-libs/hdinsight-node-common/pom.xml b/Utils/azure-toolkit-ide-hdinsight-libs/hdinsight-node-common/pom.xml
@@ -226,12 +226,22 @@
                     <groupId>org.xerial.snappy</groupId>
                     <artifactId>snappy-java</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.apache.zookeeper</groupId>
+                    <artifactId>zookeeper</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency><!-- hadoop-common 3.3.3 CVE-2023-34455 -->
             <groupId>org.xerial.snappy</groupId>
             <artifactId>snappy-java</artifactId>
         </dependency>
+        <dependency><!-- hadoop-common 3.3.3 CVE-2023-44981 -->
+            <groupId>org.apache.zookeeper</groupId>
+            <artifactId>zookeeper</artifactId>
+            <scope>provided</scope>
+            <version>3.7.2</version>
+        </dependency>
         <dependency>
             <groupId>com.microsoft.azure</groupId>
             <artifactId>azure-client-runtime</artifactId>
diff --git a/Utils/azure-toolkit-ide-hdinsight-libs/spark-localrun-mock/pom.xml b/Utils/azure-toolkit-ide-hdinsight-libs/spark-localrun-mock/pom.xml
@@ -223,12 +223,22 @@
                     <groupId>org.xerial.snappy</groupId>
                     <artifactId>snappy-java</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.apache.zookeeper</groupId>
+                    <artifactId>zookeeper</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency><!-- hadoop-common 3.3.3 CVE-2023-34455 -->
             <groupId>org.xerial.snappy</groupId>
             <artifactId>snappy-java</artifactId>
         </dependency>
+        <dependency><!-- hadoop-common 3.3.3 CVE-2023-44981 -->
+            <groupId>org.apache.zookeeper</groupId>
+            <artifactId>zookeeper</artifactId>
+            <scope>provided</scope>
+            <version>3.7.2</version>
+        </dependency>
         <dependency>
             <groupId>org.jmockit</groupId>
             <artifactId>jmockit</artifactId>
@@ -322,6 +332,14 @@
                     <groupId>org.apache.ivy</groupId>
                     <artifactId>ivy</artifactId>
                 </exclusion>
+                <exclusion><!-- CVE-2023-44487 -->
+                    <groupId>io.netty</groupId>
+                    <artifactId>netty-codec-http2</artifactId>
+                </exclusion>
+                <exclusion><!-- CVE-2023-34462 -->
+                    <groupId>io.netty</groupId>
+                    <artifactId>netty-handler</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
