Update vulnerable package dependencies
Update version to 1.9.0
Update vulnerable packages
Fix dependency conflicts
Issue-ID: SDC-3572
Signed-off-by: ChrisC <christophe.closset@intl.att.com>
Change-Id: I2dfac9340555ff41bb8b977bd28d0ed861c19125
diff --git a/pom.xml b/pom.xml
index f6c1aef..d0f448c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
<groupId>org.onap.sdc.sdc-workflow-designer</groupId>
<artifactId>sdc-workflow-designer-parent</artifactId>
<name>sdc-sdc-workflow-designer</name>
- <version>1.8.0-SNAPSHOT</version>
+ <version>1.9.0-SNAPSHOT</version>
<packaging>pom</packaging>
<properties>
diff --git a/sdc-workflow-designer-be/pom.xml b/sdc-workflow-designer-be/pom.xml
index a25d2fb..e7be72b 100644
--- a/sdc-workflow-designer-be/pom.xml
+++ b/sdc-workflow-designer-be/pom.xml
@@ -10,14 +10,14 @@
<parent>
<groupId>org.onap.sdc.sdc-workflow-designer</groupId>
<artifactId>sdc-workflow-designer-parent</artifactId>
- <version>1.8.0-SNAPSHOT</version>
+ <version>1.9.0-SNAPSHOT</version>
</parent>
<properties>
- <spring.boot.version>2.1.0.RELEASE</spring.boot.version>
+ <spring.boot.version>2.3.10.RELEASE</spring.boot.version>
<mapstruct.version>1.3.1.Final</mapstruct.version>
<lombok.version>1.18.0</lombok.version>
- <springfox.version>2.8.0</springfox.version>
+ <springfox.version>3.0.0</springfox.version>
<jaxb.api.version>2.3.0</jaxb.api.version>
</properties>
@@ -50,7 +50,33 @@
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-validation</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-cassandra</artifactId>
+ <exclusions>
+ <exclusion>
+ <artifactId>HdrHistogram</artifactId>
+ <groupId>org.hdrhistogram</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>asm</artifactId>
+ <groupId>org.ow2.asm</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>asm-analysis</artifactId>
+ <groupId>org.ow2.asm</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>asm-commons</artifactId>
+ <groupId>org.ow2.asm</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>asm-tree</artifactId>
+ <groupId>org.ow2.asm</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
@@ -61,15 +87,16 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <artifactId>asm</artifactId>
+ <groupId>org.ow2.asm</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
- <artifactId>springfox-swagger-ui</artifactId>
- <version>${springfox.version}</version>
- </dependency>
- <dependency>
- <groupId>io.springfox</groupId>
- <artifactId>springfox-swagger2</artifactId>
+ <artifactId>springfox-boot-starter</artifactId>
<version>${springfox.version}</version>
</dependency>
<dependency>
@@ -96,6 +123,13 @@
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
+ <version>4.5.13</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>commons-codec</artifactId>
+ <groupId>commons-codec</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.mapstruct</groupId>
@@ -127,17 +161,23 @@
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
- <version>2.6</version>
+ <version>2.8.0</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
- <version>1.9</version>
+ <version>1.15</version>
</dependency>
<dependency>
<groupId>org.onap.sdc.sdc-be-common</groupId>
<artifactId>session-lib</artifactId>
<version>1.6.0</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>objenesis</artifactId>
+ <groupId>org.objenesis</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.onap.sdc.sdc-be-common</groupId>
@@ -159,6 +199,22 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-cassandra</artifactId>
</exclusion>
+ <exclusion>
+ <artifactId>jnr-posix</artifactId>
+ <groupId>com.github.jnr</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>jnr-ffi</artifactId>
+ <groupId>com.github.jnr</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>zusammen-sdk</artifactId>
+ <groupId>com.amdocs.zusammen</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>zusammen-commons-configuration</artifactId>
+ <groupId>com.amdocs.zusammen</groupId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/sdc-workflow-designer-be/src/main/java/org/onap/sdc/workflow/api/swagger/UserIdReader.java b/sdc-workflow-designer-be/src/main/java/org/onap/sdc/workflow/api/swagger/UserIdReader.java
index d16c940..0bcac29 100644
--- a/sdc-workflow-designer-be/src/main/java/org/onap/sdc/workflow/api/swagger/UserIdReader.java
+++ b/sdc-workflow-designer-be/src/main/java/org/onap/sdc/workflow/api/swagger/UserIdReader.java
@@ -19,7 +19,7 @@
import static org.onap.sdc.workflow.api.RestParams.USER_ID_HEADER;
import com.fasterxml.classmate.TypeResolver;
-import com.google.common.base.Optional;
+import java.util.Optional;
import org.onap.sdc.workflow.services.annotations.UserId;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
diff --git a/sdc-workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/SwaggerConfig.java b/sdc-workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/SwaggerConfig.java
index a2eca63..d6f2e3e 100644
--- a/sdc-workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/SwaggerConfig.java
+++ b/sdc-workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/SwaggerConfig.java
@@ -23,10 +23,8 @@
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spring.web.plugins.Docket;
-import springfox.documentation.swagger2.annotations.EnableSwagger2;
@Configuration
-@EnableSwagger2
public class SwaggerConfig {
@Bean
diff --git a/sdc-workflow-designer-be/src/test/java/org/onap/sdc/workflow/api/swagger/UserIdReaderTest.java b/sdc-workflow-designer-be/src/test/java/org/onap/sdc/workflow/api/swagger/UserIdReaderTest.java
index 6899e98..b82cb43 100644
--- a/sdc-workflow-designer-be/src/test/java/org/onap/sdc/workflow/api/swagger/UserIdReaderTest.java
+++ b/sdc-workflow-designer-be/src/test/java/org/onap/sdc/workflow/api/swagger/UserIdReaderTest.java
@@ -23,7 +23,7 @@
import static org.mockito.Mockito.when;
import com.fasterxml.classmate.TypeResolver;
-import com.google.common.base.Optional;
+import java.util.Optional;
import java.lang.annotation.Annotation;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -60,7 +60,7 @@
@Test
public void shouldNotCallToParameterBuilderIfUserIdAnnotationNotFound() {
when(parameterContext.resolvedMethodParameter()).thenReturn(resolvedMethodParameter);
- when(resolvedMethodParameter.findAnnotation(UserId.class)).thenReturn(Optional.absent());
+ when(resolvedMethodParameter.findAnnotation(UserId.class)).thenReturn(Optional.empty());
userIdReader.apply(parameterContext);
verify(parameterContext, times(0)).parameterBuilder();
}
@@ -70,7 +70,7 @@
doReturn(resolvedMethodParameter).when(parameterContext).resolvedMethodParameter();
doReturn(parameterBuilder).when(parameterContext).parameterBuilder();
- doReturn(parameterBuilder).when(parameterBuilder).parameterType(any());
+ doReturn(parameterBuilder).when(parameterBuilder).parameterType((String)(any()));
doReturn(parameterBuilder).when(parameterBuilder).name(any());
doReturn(parameterBuilder).when(parameterBuilder).type(any());
doReturn(Optional.of(USER_ID_ANNOTATION)).when(resolvedMethodParameter).findAnnotation(UserId.class);
diff --git a/sdc-workflow-designer-init/pom.xml b/sdc-workflow-designer-init/pom.xml
index a665e1a..178a2dd 100644
--- a/sdc-workflow-designer-init/pom.xml
+++ b/sdc-workflow-designer-init/pom.xml
@@ -10,7 +10,7 @@
<parent>
<groupId>org.onap.sdc.sdc-workflow-designer</groupId>
<artifactId>sdc-workflow-designer-parent</artifactId>
- <version>1.8.0-SNAPSHOT</version>
+ <version>1.9.0-SNAPSHOT</version>
</parent>
<profiles>
diff --git a/sdc-workflow-designer-ui/pom.xml b/sdc-workflow-designer-ui/pom.xml
index 887267b..4cfc8d1 100644
--- a/sdc-workflow-designer-ui/pom.xml
+++ b/sdc-workflow-designer-ui/pom.xml
@@ -27,7 +27,7 @@
<parent>
<groupId>org.onap.sdc.sdc-workflow-designer</groupId>
<artifactId>sdc-workflow-designer-parent</artifactId>
- <version>1.8.0-SNAPSHOT</version>
+ <version>1.9.0-SNAPSHOT</version>
</parent>
<properties>
@@ -39,7 +39,13 @@
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-proxy</artifactId>
- <version>9.4.18.v20190429</version>
+ <version>9.4.40.v20210413</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>jetty-http</artifactId>
+ <groupId>org.eclipse.jetty</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
@@ -47,6 +53,11 @@
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-http</artifactId>
+ <version>9.4.40.v20210413</version>
+ </dependency>
</dependencies>
<build>
diff --git a/version.properties b/version.properties
index 11f0383..0986d1f 100644
--- a/version.properties
+++ b/version.properties
@@ -3,7 +3,7 @@
# because they are used in Jenkins, whose plug-in doesn't support
major=1
-minor=8
+minor=9
patch=0
base_version=${major}.${minor}.${patch}