diff --git a/aggregator/src/test/scala/ai/chronon/aggregator/test/FrequentItemsTest.scala b/aggregator/src/test/scala/ai/chronon/aggregator/test/FrequentItemsTest.scala index 506675635c..90ffeec5e4 100644 --- a/aggregator/src/test/scala/ai/chronon/aggregator/test/FrequentItemsTest.scala +++ b/aggregator/src/test/scala/ai/chronon/aggregator/test/FrequentItemsTest.scala @@ -11,6 +11,7 @@ import java.util import ai.chronon.api.ScalaJavaConversions._ import org.apache.datasketches.frequencies.ErrorType import org.scalatest.matchers.should.Matchers._ +import org.scalatest.matchers.should.Matchers import scala.util.Random @@ -182,16 +183,18 @@ class FrequentItemsTest extends AnyFlatSpec { } "MostFrequentK" should "always produce nearly k elements when cardinality is > k" in { - val k = 10 - val topFrequentItems = new FrequentItems[java.lang.Long](k) - val frequentItemsIr = topFrequentItems.prepare(0) + for (i <- 0 until 900) { + val k = 10 + val topFrequentItems = new FrequentItems[java.lang.Long](k) + val frequentItemsIr = topFrequentItems.prepare(0) - createSkewedData().foreach(i => topFrequentItems.update(frequentItemsIr, i)) + createSkewedData().foreach(i => topFrequentItems.update(frequentItemsIr, i)) - val topHistogram = topFrequentItems.finalize(frequentItemsIr) + val topHistogram = topFrequentItems.finalize(frequentItemsIr) - math.abs(topHistogram.size() - k) <= 2 shouldBe true - heavyHitterElems.foreach(elem => topHistogram.containsKey(elem.toString)) + (topHistogram.size() - k) should be < 3 + heavyHitterElems.foreach(elem => topHistogram.containsKey(elem.toString)) + } } "HeavyHittersK" should "always produce only heavy hitter elements regardless of cardinality" in { diff --git a/maven_install.json b/maven_install.json index 6d3393b0f9..3801354aaf 100755 --- a/maven_install.json +++ b/maven_install.json @@ -1,7 +1,7 @@ { "__AUTOGENERATED_FILE_DO_NOT_MODIFY_THIS_FILE_MANUALLY": "THERE_IS_NO_DATA_ONLY_ZUUL", - "__INPUT_ARTIFACTS_HASH": -1299826128, - "__RESOLVED_ARTIFACTS_HASH": 1084374128, + "__INPUT_ARTIFACTS_HASH": 2090580338, + "__RESOLVED_ARTIFACTS_HASH": -2082105607, "artifacts": { "ant:ant": { "shasums": { @@ -398,10 +398,10 @@ }, "com.github.luben:zstd-jni": { "shasums": { - "jar": "793ca8734aa15687e7e64564eab8b6ae9ee2720eae27aa663074682144b1c386", - "sources": "9d7bde2572b643151355862775084cfd6485299d81e270d7078828c02f60eaaf" + "jar": "1f85db623bf653860d10e13e7b1ca6609301f66994dc93784c92a66019516bb9", + "sources": "e36b18cfa95ac7c03749c7ea4bfbd5a95c5139e3aaea729b233015f187ea4673" }, - "version": "1.5.6-4" + "version": "1.5.6-6" }, "com.github.pjfanning:jersey-json": { "shasums": { @@ -1399,10 +1399,10 @@ }, "commons-pool:commons-pool": { "shasums": { - "jar": "22095672ac3ad6503e42ec6d4cbc330cd1318040223f6c5d9605473b6d2aa0fd", - "sources": "e23cb39a3101562346c94bb4f9aef2cd1cbbe214cb382e34e9c812ed255977d3" + "jar": "46c42b4a38dc6b2db53a9ee5c92c63db103665d56694e2cfce2c95d51a6860cc", + "sources": "34b398311d20fb3cab2d6b9890c679c3b8251e9948327d9f00a509cf273a9512" }, - "version": "1.5.4" + "version": "1.6" }, "dnsjava:dnsjava": { "shasums": { @@ -1413,10 +1413,10 @@ }, "io.airlift:aircompressor": { "shasums": { - "jar": "fdbef3137a28f63bb0cb93487803080ede746a4ec3d421e36c6f0c305c35e5e4", - "sources": "7f5952d138e9cff1445a961b90228680b5714145038648e02e4433490e5f078d" + "jar": "0c2a96bf86d5fb24ff7f20c92483c61391cb10d440a4bd278c77365a2b165698", + "sources": "336d13c5e7456e039d794d0de1ef0a6ec262360fd8c158a81e9c020a9687f6ac" }, - "version": "0.27" + "version": "2.0.2" }, "io.circe:circe-core_2.12": { "shasums": { @@ -2527,13 +2527,6 @@ }, "version": "4.13.2" }, - "log4j:log4j": { - "shasums": { - "jar": "1d31696445697720527091754369082a6651bd49781b6005deb94e56753406f9", - "sources": "4d9ba787af1692aa88417c2a47a37a98125d645b91ab556252dbee0f45225493" - }, - "version": "1.2.17" - }, "net.bytebuddy:byte-buddy": { "shasums": { "jar": "7472e3961992c12a9fd4f6d67c21de4280abe18f292704dd49d7338289f8acf5", @@ -2683,10 +2676,10 @@ }, "org.apache.avro:avro": { "shasums": { - "jar": "4554aa8f8175f999fc56e35d8d294d634480992ce02406a52c650f521997e436", - "sources": "c888cdcb0e9060651f379c824e393e61fb8785f5ebdd10ca4e43ca457e828eb3" + "jar": "eeba11b77070b9aa6337d886fdf778f6695f6c4c3dcfd2a02389925c885079fa", + "sources": "0151e4f35e319f3291b7defc90e879109ad4a4b90c6a465e06617f7f2dc436b7" }, - "version": "1.11.3" + "version": "1.11.4" }, "org.apache.avro:avro-ipc": { "shasums": { @@ -3415,38 +3408,38 @@ }, "org.apache.parquet:parquet-column": { "shasums": { - "jar": "3ff4222b5da77cc85e3fee623ff9779f991a1a0987125e68bc642ff913ec5612", - "sources": "a9bfa04d7f9ec2097256b34672f8ea93cb5313f4396266f73274c46a03832536" + "jar": "c3ce722da920bfa886ee9f98028ecc9dfe3d199625cc14809c3c2fc8bcfa29ba", + "sources": "32dbc7386e61809d9edc30a6b6a818f59077415391ab0e7f48fb875da40cd936" }, - "version": "1.13.1" + "version": "1.15.1" }, "org.apache.parquet:parquet-common": { "shasums": { - "jar": "4a2d7a8eb395bbc8d202fa74b272e45374a1034b351028824ad46925366297ea", - "sources": "7e9762f617f60f8a05f4431bdeaa55076672402cf7a425fd70e355072e48232a" + "jar": "7e10373a59e4cba6efdf9f2c03da5a2b27c5fb4768cf7cb25d7905dc76b40272", + "sources": "1bac6586672f1ba87ba420186972ec45989207c81463aab7372a2857975e95fd" }, - "version": "1.13.1" + "version": "1.15.1" }, "org.apache.parquet:parquet-encoding": { "shasums": { - "jar": "0c921d275bbcc31552ee94d383ea38b2615110790d59f11ad07ffe5f3f0c23b3", - "sources": "aa5269df8aa587dd28250ae02f65594776d8762e53e7a7ffe8672770da851425" + "jar": "b6ee50330dd91ef0c7a7a0004400dea04e17748f2d69a13930b8ba9c9e314ad8", + "sources": "d7ab3f00dba85bd4d9aab6a6aedc747bfb294f09c7404f97cd7699005aeefd01" }, - "version": "1.13.1" + "version": "1.15.1" }, "org.apache.parquet:parquet-format-structures": { "shasums": { - "jar": "57b3e31e9502a1121dc481a3017fc2f20d1d6116da82dd58155a69b10b28e1e6", - "sources": "d6c733e33c2191d0a94d3f781303195168d9e9ffc7f055ee9059e27ccd9385b4" + "jar": "f5ba4d969a68eb5f5fab18a63feb4df66ea021e1f728b65834c1fe016b356c73", + "sources": "2a54c4ac657a69fd127b14d03ea359f460a5fc8cec8ddce3dc04356d624af431" }, - "version": "1.13.1" + "version": "1.15.1" }, "org.apache.parquet:parquet-hadoop": { "shasums": { - "jar": "5b86f191d0bbfe866d194bd1a336fa79d049d342fb7a05aefcf31ea266792a40", - "sources": "829f2d8e0543a18207a208a25d23beaed51dd2e84bfcc330b4585e1e49adf517" + "jar": "5c764cb6712776fa3f3b15431c3913f23610557da439ec43598094a217aa63d9", + "sources": "591dd98f1119380c112cfdf8164e73ee44e6265486f33cb356c5cdffb527f69f" }, - "version": "1.13.1" + "version": "1.15.1" }, "org.apache.parquet:parquet-hadoop-bundle": { "shasums": { @@ -3457,10 +3450,10 @@ }, "org.apache.parquet:parquet-jackson": { "shasums": { - "jar": "d1e66f2a392d1777425688d3439b7f57d08c4404a81ae95bb247a16cfc773da1", - "sources": "b924ab34328c6c19815d84076d345113ceb057858747dd81ce18c5d008181738" + "jar": "af3d6629502edca8897cd779dde602d3343f83205c446458a735060e838deb2f", + "sources": "829257576904634c548f399628ce10cebd87c04d370c35039888e572f0b39918" }, - "version": "1.13.1" + "version": "1.15.1" }, "org.apache.spark:spark-avro_2.12": { "shasums": { @@ -3637,13 +3630,6 @@ }, "version": "4.23" }, - "org.apache.yetus:audience-annotations": { - "shasums": { - "jar": "3bfbb397b06f63a2a0a361f62ed32cf199bd92ddd48ea99281f4987edec9777b", - "sources": "69bb3869e0e013d37818b2e821c04f41fd067fbb0978dfffabd0815802001845" - }, - "version": "0.13.0" - }, "org.apiguardian:apiguardian-api": { "shasums": { "jar": "b509448ac506d607319f182537f0b35d71007582ec741832a1f111e5b5b70b38", @@ -4542,10 +4528,10 @@ }, "org.xerial.snappy:snappy-java": { "shasums": { - "jar": "0f3f1857ed33116583f480b4df5c0218836c47bfbc9c6221c0d73f356decf37b", - "sources": "2560b4e91eef4c90d8ca6ce7d15961bdbcfdbd2ffbe74dbf1d1c712f52d2d6ca" + "jar": "4c766cb3f855415ee734b2392949a0b6f12a60879334a74518deaf6270d32e36", + "sources": "17d2781f5ae987ddb0355e9a2f5bd07e2df15989063756b9c63158d0136d32d0" }, - "version": "1.1.10.5" + "version": "1.1.10.7" }, "org.yaml:snakeyaml": { "shasums": { @@ -5022,7 +5008,9 @@ "com.github.jnr:jnr-posix" ], "com.github.joshelser:dropwizard-metrics-hadoop-metrics2-reporter": [ - "io.dropwizard.metrics:metrics-core" + "io.dropwizard.metrics:metrics-core", + "org.apache.hadoop:hadoop-common", + "org.slf4j:slf4j-api" ], "com.github.pjfanning:jersey-json": [ "com.sun.jersey:jersey-core", @@ -6206,17 +6194,7 @@ "org.slf4j:slf4j-api" ], "io.grpc:grpc-alts": [ - "com.google.auth:google-auth-library-oauth2-http", - "com.google.guava:guava", - "com.google.protobuf:protobuf-java", - "io.grpc:grpc-auth", - "io.grpc:grpc-context", - "io.grpc:grpc-core", - "io.grpc:grpc-grpclb", - "io.grpc:grpc-netty-shaded", - "io.grpc:grpc-protobuf", - "io.grpc:grpc-stub", - "org.conscrypt:conscrypt-openjdk-uber" + "io.grpc:grpc-context" ], "io.grpc:grpc-api": [ "com.google.code.findbugs:jsr305", @@ -6282,12 +6260,6 @@ "org.codehaus.mojo:animal-sniffer-annotations" ], "io.grpc:grpc-netty-shaded": [ - "com.google.errorprone:error_prone_annotations", - "com.google.guava:guava", - "io.grpc:grpc-api", - "io.grpc:grpc-core", - "io.grpc:grpc-util", - "io.perfmark:perfmark-api", "org.codehaus.mojo:animal-sniffer-annotations" ], "io.grpc:grpc-protobuf": [ @@ -6822,9 +6794,13 @@ "org.slf4j:slf4j-api" ], "org.apache.arrow:arrow-memory-netty": [ + "io.netty:netty-common", + "org.apache.arrow:arrow-memory-core", "org.apache.arrow:arrow-memory-netty-buffer-patch" ], "org.apache.arrow:arrow-memory-netty-buffer-patch": [ + "io.netty:netty-buffer", + "io.netty:netty-common", "org.apache.arrow:arrow-memory-core", "org.slf4j:slf4j-api" ], @@ -7258,7 +7234,6 @@ "commons-lang:commons-lang", "commons-logging:commons-logging", "javax.xml.bind:jaxb-api", - "log4j:log4j", "org.apache.hadoop:hadoop-yarn-api", "org.apache.hadoop:hadoop-yarn-common", "org.apache.hadoop:hadoop-yarn-server-applicationhistoryservice", @@ -7279,8 +7254,7 @@ ], "org.apache.hbase:hbase-annotations": [ "com.github.stephenc.findbugs:findbugs-annotations", - "junit:junit", - "log4j:log4j" + "junit:junit" ], "org.apache.hbase:hbase-client": [ "com.github.stephenc.findbugs:findbugs-annotations", @@ -7292,7 +7266,6 @@ "commons-logging:commons-logging", "io.netty:netty-all", "junit:junit", - "log4j:log4j", "org.apache.hadoop:hadoop-common", "org.apache.hbase:hbase-annotations", "org.apache.hbase:hbase-common", @@ -7312,7 +7285,6 @@ "commons-lang:commons-lang", "commons-logging:commons-logging", "junit:junit", - "log4j:log4j", "org.apache.hadoop:hadoop-common", "org.apache.hbase:hbase-annotations", "org.apache.hbase:hbase-protocol", @@ -7324,7 +7296,6 @@ "com.google.protobuf:protobuf-java", "commons-logging:commons-logging", "junit:junit", - "log4j:log4j", "org.apache.hbase:hbase-annotations" ], "org.apache.hive.shims:hive-shims-0.23": [ @@ -7394,16 +7365,14 @@ "stax:stax-api" ], "org.apache.hive:hive-llap-client": [ + "org.apache.commons:commons-lang3" + ], + "org.apache.hive:hive-llap-common": [ "org.apache.commons:commons-lang3", - "org.apache.curator:apache-curator:pom", - "org.apache.curator:curator-framework", "org.apache.hive:hive-common", - "org.apache.hive:hive-llap-common", + "org.apache.hive:hive-serde", "org.slf4j:slf4j-api" ], - "org.apache.hive:hive-llap-common": [ - "org.apache.commons:commons-lang3" - ], "org.apache.hive:hive-llap-tez": [ "org.apache.commons:commons-lang3", "org.apache.hive:hive-common", @@ -7540,12 +7509,12 @@ "org.apache.commons:commons-lang3" ], "org.apache.orc:orc-shims": [ + "org.apache.hadoop:hadoop-client-api", "org.slf4j:slf4j-api" ], "org.apache.parquet:parquet-column": [ "org.apache.parquet:parquet-common", "org.apache.parquet:parquet-encoding", - "org.apache.yetus:audience-annotations", "org.slf4j:slf4j-api" ], "org.apache.parquet:parquet-common": [ @@ -7556,14 +7525,17 @@ "org.apache.parquet:parquet-common", "org.slf4j:slf4j-api" ], + "org.apache.parquet:parquet-format-structures": [ + "javax.annotation:javax.annotation-api" + ], "org.apache.parquet:parquet-hadoop": [ "com.github.luben:zstd-jni", + "commons-pool:commons-pool", "io.airlift:aircompressor", "org.apache.parquet:parquet-column", "org.apache.parquet:parquet-common", "org.apache.parquet:parquet-format-structures", "org.apache.parquet:parquet-jackson", - "org.apache.yetus:audience-annotations", "org.slf4j:slf4j-api", "org.xerial.snappy:snappy-java" ], @@ -7784,8 +7756,6 @@ "org.apache.twill:twill-zookeeper" ], "org.apache.twill:twill-zookeeper": [ - "ch.qos.logback:logback-classic", - "ch.qos.logback:logback-core", "com.google.guava:guava", "org.apache.twill:twill-api", "org.apache.twill:twill-common", @@ -12388,29 +12358,6 @@ "org.junit.runners.parameterized", "org.junit.validator" ], - "log4j:log4j": [ - "org.apache.log4j", - "org.apache.log4j.chainsaw", - "org.apache.log4j.config", - "org.apache.log4j.helpers", - "org.apache.log4j.jdbc", - "org.apache.log4j.jmx", - "org.apache.log4j.lf5", - "org.apache.log4j.lf5.util", - "org.apache.log4j.lf5.viewer", - "org.apache.log4j.lf5.viewer.categoryexplorer", - "org.apache.log4j.lf5.viewer.configure", - "org.apache.log4j.net", - "org.apache.log4j.nt", - "org.apache.log4j.or", - "org.apache.log4j.or.jms", - "org.apache.log4j.or.sax", - "org.apache.log4j.pattern", - "org.apache.log4j.rewrite", - "org.apache.log4j.spi", - "org.apache.log4j.varia", - "org.apache.log4j.xml" - ], "net.bytebuddy:byte-buddy": [ "net.bytebuddy", "net.bytebuddy.agent.builder", @@ -18209,6 +18156,7 @@ "shaded.parquet.it.unimi.dsi.fastutil.doubles", "shaded.parquet.it.unimi.dsi.fastutil.floats", "shaded.parquet.it.unimi.dsi.fastutil.ints", + "shaded.parquet.it.unimi.dsi.fastutil.io", "shaded.parquet.it.unimi.dsi.fastutil.longs", "shaded.parquet.it.unimi.dsi.fastutil.objects", "shaded.parquet.it.unimi.dsi.fastutil.shorts", @@ -18218,6 +18166,7 @@ "org.apache.parquet", "org.apache.parquet.bytes", "org.apache.parquet.compression", + "org.apache.parquet.conf", "org.apache.parquet.glob", "org.apache.parquet.hadoop.codec", "org.apache.parquet.hadoop.metadata", @@ -18240,6 +18189,7 @@ ], "org.apache.parquet:parquet-hadoop": [ "org.apache.parquet", + "org.apache.parquet.conf", "org.apache.parquet.crypto", "org.apache.parquet.crypto.keytools", "org.apache.parquet.filter2.bloomfilterlevel", @@ -18258,6 +18208,7 @@ "org.apache.parquet.hadoop.util.counters", "org.apache.parquet.hadoop.util.counters.mapred", "org.apache.parquet.hadoop.util.counters.mapreduce", + "org.apache.parquet.hadoop.util.wrapped.io", "org.apache.parquet.internal.hadoop.metadata", "shaded.parquet.it.unimi.dsi.fastutil", "shaded.parquet.it.unimi.dsi.fastutil.booleans", @@ -18266,6 +18217,7 @@ "shaded.parquet.it.unimi.dsi.fastutil.doubles", "shaded.parquet.it.unimi.dsi.fastutil.floats", "shaded.parquet.it.unimi.dsi.fastutil.ints", + "shaded.parquet.it.unimi.dsi.fastutil.io", "shaded.parquet.it.unimi.dsi.fastutil.longs", "shaded.parquet.it.unimi.dsi.fastutil.objects", "shaded.parquet.it.unimi.dsi.fastutil.shorts" @@ -18366,7 +18318,9 @@ "shaded.parquet.com.fasterxml.jackson.core.exc", "shaded.parquet.com.fasterxml.jackson.core.filter", "shaded.parquet.com.fasterxml.jackson.core.format", + "shaded.parquet.com.fasterxml.jackson.core.internal.shaded.fdp.v2_18_1", "shaded.parquet.com.fasterxml.jackson.core.io", + "shaded.parquet.com.fasterxml.jackson.core.io.schubfach", "shaded.parquet.com.fasterxml.jackson.core.json", "shaded.parquet.com.fasterxml.jackson.core.json.async", "shaded.parquet.com.fasterxml.jackson.core.sym", @@ -18393,7 +18347,8 @@ "shaded.parquet.com.fasterxml.jackson.databind.ser.impl", "shaded.parquet.com.fasterxml.jackson.databind.ser.std", "shaded.parquet.com.fasterxml.jackson.databind.type", - "shaded.parquet.com.fasterxml.jackson.databind.util" + "shaded.parquet.com.fasterxml.jackson.databind.util", + "shaded.parquet.com.fasterxml.jackson.databind.util.internal" ], "org.apache.spark:spark-avro_2.12": [ "org.apache.spark.sql.avro", @@ -18835,10 +18790,6 @@ "org.apache.xbean.asm9.signature", "org.apache.xbean.asm9.tree" ], - "org.apache.yetus:audience-annotations": [ - "org.apache.yetus.audience", - "org.apache.yetus.audience.tools" - ], "org.apiguardian:apiguardian-api": [ "org.apiguardian.api" ], @@ -22101,8 +22052,6 @@ "joda-time:joda-time:jar:sources", "junit:junit", "junit:junit:jar:sources", - "log4j:log4j", - "log4j:log4j:jar:sources", "net.bytebuddy:byte-buddy", "net.bytebuddy:byte-buddy-agent", "net.bytebuddy:byte-buddy-agent:jar:sources", @@ -22406,8 +22355,6 @@ "org.apache.velocity:velocity", "org.apache.xbean:xbean-asm9-shaded", "org.apache.xbean:xbean-asm9-shaded:jar:sources", - "org.apache.yetus:audience-annotations", - "org.apache.yetus:audience-annotations:jar:sources", "org.apiguardian:apiguardian-api", "org.apiguardian:apiguardian-api:jar:sources", "org.assertj:assertj-core", @@ -23463,8 +23410,6 @@ "joda-time:joda-time:jar:sources", "junit:junit", "junit:junit:jar:sources", - "log4j:log4j", - "log4j:log4j:jar:sources", "net.bytebuddy:byte-buddy", "net.bytebuddy:byte-buddy-agent", "net.bytebuddy:byte-buddy-agent:jar:sources", @@ -23768,8 +23713,6 @@ "org.apache.velocity:velocity", "org.apache.xbean:xbean-asm9-shaded", "org.apache.xbean:xbean-asm9-shaded:jar:sources", - "org.apache.yetus:audience-annotations", - "org.apache.yetus:audience-annotations:jar:sources", "org.apiguardian:apiguardian-api", "org.apiguardian:apiguardian-api:jar:sources", "org.assertj:assertj-core", @@ -24825,8 +24768,6 @@ "joda-time:joda-time:jar:sources", "junit:junit", "junit:junit:jar:sources", - "log4j:log4j", - "log4j:log4j:jar:sources", "net.bytebuddy:byte-buddy", "net.bytebuddy:byte-buddy-agent", "net.bytebuddy:byte-buddy-agent:jar:sources", @@ -25130,8 +25071,6 @@ "org.apache.velocity:velocity", "org.apache.xbean:xbean-asm9-shaded", "org.apache.xbean:xbean-asm9-shaded:jar:sources", - "org.apache.yetus:audience-annotations", - "org.apache.yetus:audience-annotations:jar:sources", "org.apiguardian:apiguardian-api", "org.apiguardian:apiguardian-api:jar:sources", "org.assertj:assertj-core", diff --git a/tools/build_rules/dependencies/maven_repository.bzl b/tools/build_rules/dependencies/maven_repository.bzl index 9c04d51975..4438f71151 100644 --- a/tools/build_rules/dependencies/maven_repository.bzl +++ b/tools/build_rules/dependencies/maven_repository.bzl @@ -92,8 +92,16 @@ maven_repository = repository( "com.google.protobuf:protobuf-java:3.25.1", # Avro - "org.apache.avro:avro:1.11.3", + "org.apache.avro:avro:1.11.4", "com.linkedin.avroutil1:avro-fastserde:0.4.25", + + # Parquet - Force upgrade to 1.15.1 to address CVE in 1.13.1 + "org.apache.parquet:parquet-column:1.15.1", + "org.apache.parquet:parquet-common:1.15.1", + "org.apache.parquet:parquet-encoding:1.15.1", + "org.apache.parquet:parquet-format-structures:1.15.1", + "org.apache.parquet:parquet-hadoop:1.15.1", + "org.apache.parquet:parquet-jackson:1.15.1", # Hive "org.apache.hive:hive-metastore:2.3.9", @@ -222,6 +230,11 @@ maven_repository = repository( # Exclude scala artifacts as right versions are pulled from scala repository "org.scala-lang:scala-library", "org.scala-lang:scala-reflect", + # Exclude vulnerable log4j 1.2.17 - using reload4j 1.2.25 as a secure replacement + "log4j:log4j", ], - overrides = {}, + overrides = { + # Force reload4j as a replacement for vulnerable log4j 1.2.17 + "log4j:log4j": "ch.qos.reload4j:reload4j:1.2.25", + }, )