[Security] Upgrade the snakeyaml verion to 1.26 (#7994)

Fixes #7928 ### Motivation As https://nvd.nist.gov/vuln/detail/CVE-2017-18640 said, the `snakeyaml` < 1.26 ### Modifications In `pulsar-functions` model: - The `snakeyaml` 1.19 appears to be included from dependency on org.apache.pulsar:pulsar-functions-secrets:jar:2.6.1 based on included dependency of io.kubernetes:client-java-api:jar:2.0.0:compile Fixed in 9.0.2 - The `snakeyaml` 1.16 appears to be included from the dependency on org.apache.pulsar:pulsar-functions-instance:jar:2.6.1 based on io.prometheus.jmx:collector:jar:0.12.0 Fixed in 0.13.0 - The 1.17 org.apache.pulsar.tests:integration:test-jar:tests:2.6.1:test depends on org.elasticsearch.client:elasticsearch-rest-high-level-client:jar:6.3.2:test Fixed in elasticsearch >= 7.7.1 (7.9.1 current)
apache · Sep 8, 2020 · a223dde · a223dde
1 parent 164e0cc
commit a223dde
Showing 1 changed file with 4 additions and 7 deletions.
diff --git a/...io/elastic-search/src/main/java/org/apache/pulsar/io/elasticsearch/ElasticSearchSink.java b/...io/elastic-search/src/main/java/org/apache/pulsar/io/elasticsearch/ElasticSearchSink.java
@@ -41,10 +41,7 @@
 import org.elasticsearch.action.admin.indices.get.GetIndexRequest;
 import org.elasticsearch.action.index.IndexRequest;
 import org.elasticsearch.action.index.IndexResponse;
-import org.elasticsearch.client.Requests;
-import org.elasticsearch.client.RestClient;
-import org.elasticsearch.client.RestClientBuilder;
-import org.elasticsearch.client.RestHighLevelClient;
+import org.elasticsearch.client.*;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.xcontent.XContentType;
 
@@ -86,7 +83,7 @@ public void write(Record<byte[]> record) {
         indexRequest.source(keyValue.getValue(), XContentType.JSON);
 
         try {
-        IndexResponse indexResponse = getClient().index(indexRequest);
+        IndexResponse indexResponse = getClient().index(indexRequest, RequestOptions.DEFAULT);
             if (indexResponse.getResult().equals(DocWriteResponse.Result.CREATED)) {
                 record.ack();
             } else {
@@ -105,7 +102,7 @@ public KeyValue<String, byte[]> extractKeyValue(Record<byte[]> record) {
     private void createIndexIfNeeded() throws IOException {
         GetIndexRequest request = new GetIndexRequest();
         request.indices(elasticSearchConfig.getIndexName());
-        boolean exists = getClient().indices().exists(request);
+        boolean exists = getClient().indices().exists(request, RequestOptions.DEFAULT);
 
         if (!exists) {
             CreateIndexRequest cireq = new CreateIndexRequest(elasticSearchConfig.getIndexName());
@@ -114,7 +111,7 @@ private void createIndexIfNeeded() throws IOException {
                .put("index.number_of_shards", elasticSearchConfig.getIndexNumberOfShards())
                .put("index.number_of_replicas", elasticSearchConfig.getIndexNumberOfReplicas()));
 
-            CreateIndexResponse ciresp = getClient().indices().create(cireq);
+            CreateIndexResponse ciresp = getClient().indices().create(cireq, RequestOptions.DEFAULT);
             if (!ciresp.isAcknowledged() || !ciresp.isShardsAcknowledged()) {
                 throw new RuntimeException("Unable to create index.");
             }