Fix security vulnerabilities (#5057)

Signed-off-by: Paolo Di Tommaso <[email protected]> Signed-off-by: Ben Sherman <[email protected]> Co-authored-by: Paolo Di Tommaso <[email protected]>
nextflow-io · Jun 11, 2024 · 6d8765b · 6d8765b
1 parent e50de27
commit 6d8765b
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 12 deletions.
diff --git a/plugins/nf-amazon/build.gradle b/plugins/nf-amazon/build.gradle
@@ -47,8 +47,8 @@ dependencies {
     api ('com.amazonaws:aws-java-sdk-codecommit:1.12.429')
     api ('com.amazonaws:aws-java-sdk-sts:1.12.429')
     api ('com.amazonaws:aws-java-sdk-ses:1.12.429')
-    api ('software.amazon.awssdk:sso:2.20.89')
-    api ('software.amazon.awssdk:ssooidc:2.20.89')
+    api ('software.amazon.awssdk:sso:2.25.69')
+    api ('software.amazon.awssdk:ssooidc:2.25.69')
 
     constraints {
         api 'com.fasterxml.jackson.core:jackson-databind:2.12.7.1'

diff --git a/plugins/nf-azure/build.gradle b/plugins/nf-azure/build.gradle
@@ -36,25 +36,20 @@ dependencies {
     compileOnly project(':nextflow')
     compileOnly 'org.slf4j:slf4j-api:2.0.7'
     compileOnly 'org.pf4j:pf4j:3.10.0'
-    api('com.azure:azure-storage-blob:12.22.1') {
+    api('com.azure:azure-storage-blob:12.25.2') {
         exclude group: 'org.slf4j', module: 'slf4j-api'
     }
-    api('com.microsoft.azure:azure-batch:10.1.0') {
+    api('com.microsoft.azure:azure-batch:11.0.0') {
         exclude group: 'org.slf4j', module: 'slf4j-api'
         exclude group: 'com.google.guava', module: 'guava'
     }
-    api('com.azure:azure-identity:1.5.5') {
+    api('com.azure:azure-identity:1.11.3') {
         exclude group: 'org.slf4j', module: 'slf4j-api'
         exclude group: 'com.nimbusds', module: 'oauth2-oidc-sdk'
     }
 
     compileOnly(group: 'com.nimbusds', name: 'oauth2-oidc-sdk', version: '9.43')
 
-    constraints {
-        api 'net.minidev:json-smart:2.4.9'
-        api 'com.google.code.gson:gson:2.8.9'
-    }
-
     testImplementation(testFixtures(project(":nextflow")))
     testImplementation project(':nextflow')
     testImplementation "org.codehaus.groovy:groovy:3.0.19"

diff --git a/plugins/nf-azure/src/main/nextflow/cloud/azure/batch/AzBatchService.groovy b/plugins/nf-azure/src/main/nextflow/cloud/azure/batch/AzBatchService.groovy
@@ -37,6 +37,7 @@ import com.microsoft.azure.batch.protocol.models.CloudTask
 import com.microsoft.azure.batch.protocol.models.ComputeNodeFillType
 import com.microsoft.azure.batch.protocol.models.ContainerConfiguration
 import com.microsoft.azure.batch.protocol.models.ContainerRegistry
+import com.microsoft.azure.batch.protocol.models.ContainerType
 import com.microsoft.azure.batch.protocol.models.ElevationLevel
 import com.microsoft.azure.batch.protocol.models.ImageInformation
 import com.microsoft.azure.batch.protocol.models.JobUpdateParameter
@@ -87,6 +88,8 @@ import nextflow.util.MemoryUnit
 import nextflow.util.MustacheTemplateEngine
 import nextflow.util.Rnd
 import org.joda.time.Period
+
+import static com.microsoft.azure.batch.protocol.models.ContainerType.DOCKER_COMPATIBLE
 /**
  * Implements Azure Batch operations for Nextflow executor
  *
@@ -667,7 +670,7 @@ class AzBatchService implements Closeable {
                     .withRegistryServer(registryOpts.server)
                     .withUserName(registryOpts.userName)
                     .withPassword(registryOpts.password)
-            containerConfig.withContainerRegistries(containerRegistries).withType('dockerCompatible')
+            containerConfig.withContainerRegistries(containerRegistries).withType(DOCKER_COMPATIBLE)
             log.debug "[AZURE BATCH] Connecting Azure Batch pool to Container Registry '$registryOpts.server'"
         }
 

diff --git a/plugins/nf-google/build.gradle b/plugins/nf-google/build.gradle
@@ -39,7 +39,7 @@ dependencies {
 
     api 'com.google.apis:google-api-services-lifesciences:v2beta-rev20210527-1.31.5'
     api 'com.google.auth:google-auth-library-oauth2-http:0.18.0'
-    api 'com.google.cloud:google-cloud-batch:0.10.0'
+    api 'com.google.cloud:google-cloud-batch:0.29.0'
     api 'com.google.cloud:google-cloud-logging:3.8.0'
     api 'com.google.cloud:google-cloud-nio:0.124.8'
     api 'com.google.cloud:google-cloud-storage:2.9.3'