diff options
| author |   Michael Arrastia <MArrasti@amdocs.com> | 2018-05-03 18:09:26 +0100 |
|---|---|---|
| committer | Michael Arrastia <MArrasti@amdocs.com> | 2018-05-03 18:09:26 +0100 |
| commit | 42480c241e5882bd2e6002004e5013a0e1bd7429 (patch) | |
| tree | 1000103085ba7ad3d7b8fdb28b5a76aba6eca852 /champ-lib | |
| parent | e8211d3d5ab9ef5fd9a66230a94b1739d9dfe64b (diff) | |
Address security vulnerabilities
This includes version upgrades for:
- logback-classic, logback-core
- commons-collections
- hadoop-common
- hbase-client: settled on version 1.0.2 as container would not start
with later versions
- httpclient
- netty, netty-all
- zookeeper
- jackson-core
Also should resolve presence of flux-examples.
Change-Id: Ifb55f5d6676a9971d1d9a46c695dc78eb1b99843
Issue-ID: AAI-1117
Signed-off-by: Michael Arrastia <MArrasti@amdocs.com>
Diffstat (limited to 'champ-lib')
| -rw-r--r-- | champ-lib/champ-core/pom.xml | 32 | ||||
| -rw-r--r-- | champ-lib/champ-janus/pom.xml | 16 | ||||
| -rw-r--r-- | champ-lib/champ-titan/pom.xml | 14 | ||||
| -rw-r--r-- | champ-lib/pom.xml | 76 |
4 files changed, 50 insertions, 88 deletions
diff --git a/champ-lib/champ-core/pom.xml b/champ-lib/champ-core/pom.xml index dbbb2b7..ee65310 100644 --- a/champ-lib/champ-core/pom.xml +++ b/champ-lib/champ-core/pom.xml @@ -25,8 +25,8 @@ limitations under the License. <modelVersion>4.0.0</modelVersion> <parent> - <artifactId>champ-lib</artifactId> <groupId>org.onap.aai</groupId> + <artifactId>champ-lib</artifactId> <version>1.2.0-SNAPSHOT</version> </parent> @@ -37,17 +37,16 @@ limitations under the License. <dependency> <groupId>org.onap.aai.event-client</groupId> <artifactId>event-client-api</artifactId> - <version>${event.client.version}</version> </dependency> + <dependency> <groupId>org.onap.aai.event-client</groupId> <artifactId>event-client-dmaap</artifactId> - <version>${event.client.version}</version> </dependency> + <dependency> <groupId>org.onap.aai.event-client</groupId> <artifactId>event-client-kafka</artifactId> - <version>${event.client.version}</version> </dependency> <!-- Event Bus Library - END --> @@ -56,11 +55,13 @@ limitations under the License. <artifactId>groovy</artifactId> <version>2.4.12</version> </dependency> + <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>2.5.3</version> </dependency> + <dependency> <groupId>org.apache.tinkerpop</groupId> <artifactId>gremlin-core</artifactId> @@ -77,17 +78,34 @@ limitations under the License. </exclusion> </exclusions> </dependency> + <dependency> <groupId>org.apache.tinkerpop</groupId> <artifactId>tinkergraph-gremlin</artifactId> <version>3.2.3</version> <optional>true</optional> </dependency> + <dependency> <groupId>com.google.code.gson</groupId> <artifactId>gson</artifactId> <version>2.8.2</version> </dependency> + + <dependency> + <groupId>org.apache.hbase</groupId> + <artifactId>hbase-client</artifactId> + <exclusions> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-log4j12</artifactId> + </exclusion> + <exclusion> + <groupId>com.google.guava</groupId> + <artifactId>guava</artifactId> + </exclusion> + </exclusions> + </dependency> </dependencies> <build> @@ -111,7 +129,6 @@ limitations under the License. <skip>true</skip> </configuration> </plugin> - <!-- Uncomment to add a license header to source files <plugin> <groupId>com.mycila</groupId> <artifactId>license-maven-plugin</artifactId> @@ -132,17 +149,18 @@ limitations under the License. <include>**/*aaiconfig*.properties</include> <include>**/*titan*.properties</include> </includes> + <skipExistingHeaders>true</skipExistingHeaders> </configuration> <executions> <execution> <goals> - <goal>format</goal> + <!-- Set goal to "format" to auto update license headers --> + <goal>check</goal> </goals> <phase>process-sources</phase> </execution> </executions> </plugin> - --> </plugins> </build> </project> diff --git a/champ-lib/champ-janus/pom.xml b/champ-lib/champ-janus/pom.xml index 7d1532b..b316c27 100644 --- a/champ-lib/champ-janus/pom.xml +++ b/champ-lib/champ-janus/pom.xml @@ -25,8 +25,8 @@ limitations under the License. <modelVersion>4.0.0</modelVersion> <parent> - <artifactId>champ-lib</artifactId> <groupId>org.onap.aai</groupId> + <artifactId>champ-lib</artifactId> <version>1.2.0-SNAPSHOT</version> </parent> @@ -42,11 +42,13 @@ limitations under the License. <artifactId>tinkergraph-gremlin</artifactId> <version>${tinkerpop.version}</version> </dependency> + <dependency> <groupId>org.onap.aai</groupId> <artifactId>champ-core</artifactId> <version>1.2.0-SNAPSHOT</version> </dependency> + <dependency> <groupId>org.onap.aai</groupId> <artifactId>champ-core</artifactId> @@ -54,6 +56,7 @@ limitations under the License. <type>test-jar</type> <scope>test</scope> </dependency> + <dependency> <groupId>org.janusgraph</groupId> <artifactId>janusgraph-cassandra</artifactId> @@ -78,6 +81,7 @@ limitations under the License. </exclusion> </exclusions> </dependency> + <dependency> <groupId>org.janusgraph</groupId> <artifactId>janusgraph-hbase</artifactId> @@ -93,10 +97,6 @@ limitations under the License. <artifactId>slf4j-log4j12</artifactId> </exclusion> <exclusion> - <groupId>ch.qos.logback</groupId> - <artifactId>logback-classic</artifactId> - </exclusion> - <exclusion> <groupId>org.apache.tinkerpop</groupId> <artifactId>gremlin-core</artifactId> </exclusion> @@ -180,7 +180,6 @@ limitations under the License. <skip>true</skip> </configuration> </plugin> - <!-- Uncomment to add a license header to source files <plugin> <groupId>com.mycila</groupId> <artifactId>license-maven-plugin</artifactId> @@ -201,17 +200,18 @@ limitations under the License. <include>**/*aaiconfig*.properties</include> <include>**/*titan*.properties</include> </includes> + <skipExistingHeaders>true</skipExistingHeaders> </configuration> <executions> <execution> <goals> - <goal>format</goal> + <!-- Set goal to "format" to auto update license headers --> + <goal>check</goal> </goals> <phase>process-sources</phase> </execution> </executions> </plugin> - --> </plugins> </build> </project> diff --git a/champ-lib/champ-titan/pom.xml b/champ-lib/champ-titan/pom.xml index 5bfc860..05d862c 100644 --- a/champ-lib/champ-titan/pom.xml +++ b/champ-lib/champ-titan/pom.xml @@ -41,11 +41,13 @@ limitations under the License. <artifactId>tinkergraph-gremlin</artifactId> <version>${tinkerpop.version}</version> </dependency> + <dependency> <groupId>org.onap.aai</groupId> <artifactId>champ-core</artifactId> <version>1.2.0-SNAPSHOT</version> </dependency> + <dependency> <groupId>org.onap.aai</groupId> <artifactId>champ-core</artifactId> @@ -53,6 +55,7 @@ limitations under the License. <type>test-jar</type> <scope>test</scope> </dependency> + <dependency> <groupId>com.thinkaurelius.titan</groupId> <artifactId>titan-cassandra</artifactId> @@ -75,8 +78,13 @@ limitations under the License. <groupId>org.apache.tinkerpop</groupId> <artifactId>gremlin-core</artifactId> </exclusion> + <exclusion> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient</artifactId> + </exclusion> </exclusions> </dependency> + <dependency> <groupId>com.thinkaurelius.titan</groupId> <artifactId>titan-hbase</artifactId> @@ -179,7 +187,6 @@ limitations under the License. <skip>true</skip> </configuration> </plugin> - <!-- Uncomment to add a license header to source files <plugin> <groupId>com.mycila</groupId> <artifactId>license-maven-plugin</artifactId> @@ -200,17 +207,18 @@ limitations under the License. <include>**/*aaiconfig*.properties</include> <include>**/*titan*.properties</include> </includes> + <skipExistingHeaders>true</skipExistingHeaders> </configuration> <executions> <execution> <goals> - <goal>format</goal> + <!-- Set goal to "format" to auto update license headers --> + <goal>check</goal> </goals> <phase>process-sources</phase> </execution> </executions> </plugin> - --> </plugins> </build> </project> diff --git a/champ-lib/pom.xml b/champ-lib/pom.xml index 4f82dff..d69f971 100644 --- a/champ-lib/pom.xml +++ b/champ-lib/pom.xml @@ -22,17 +22,15 @@ limitations under the License. xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> - <groupId>org.onap.aai</groupId> - <artifactId>champ-lib</artifactId> - <packaging>pom</packaging> - <version>1.2.0-SNAPSHOT</version> - <parent> <groupId>org.onap.aai</groupId> <artifactId>champ</artifactId> <version>1.2.0-SNAPSHOT</version> </parent> + <artifactId>champ-lib</artifactId> + <packaging>pom</packaging> + <modules> <module>champ-core</module> <module>champ-titan</module> @@ -41,8 +39,6 @@ limitations under the License. <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> - <event.client.version>1.2.1</event.client.version> - <!--<absoluteDistFilesRoot>/appl/${project.artifactId}</absoluteDistFilesRoot>--> <!--<!– For NO Versioning, REMOVE the /${project.version} from the <distFilesRoot>--> @@ -53,26 +49,6 @@ limitations under the License. <!--<distFilesRoot>/appl/${project.artifactId}/${project.version}</distFilesRoot>--> </properties> - <dependencyManagement> - <dependencies> - <dependency> - <groupId>org.onap.aai.event-client</groupId> - <artifactId>event-client-api</artifactId> - <version>${event.client.version}</version> - </dependency> - <dependency> - <groupId>org.onap.aai.event-client</groupId> - <artifactId>event-client-dmaap</artifactId> - <version>${event.client.version}</version> - </dependency> - <dependency> - <groupId>org.onap.aai.event-client</groupId> - <artifactId>event-client-kafka</artifactId> - <version>${event.client.version}</version> - </dependency> - </dependencies> - </dependencyManagement> - <dependencies> <dependency> <groupId>junit</groupId> @@ -81,27 +57,6 @@ limitations under the License. <scope>test</scope> </dependency> <dependency> - <groupId>ch.qos.logback</groupId> - <artifactId>logback-classic</artifactId> - <version>1.2.1</version> - <optional>true</optional> - </dependency> - <dependency> - <groupId>org.apache.hbase</groupId> - <artifactId>hbase-client</artifactId> - <version>0.98.4-hadoop2</version> - <exclusions> - <exclusion> - <groupId>org.slf4j</groupId> - <artifactId>slf4j-log4j12</artifactId> - </exclusion> - <exclusion> - <groupId>com.google.guava</groupId> - <artifactId>guava</artifactId> - </exclusion> - </exclusions> - </dependency> - <dependency> <groupId>jdk.tools</groupId> <artifactId>jdk.tools</artifactId> <version>1.8</version> @@ -198,25 +153,6 @@ limitations under the License. </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-assembly-plugin</artifactId> - <version>3.0.0</version> - <configuration> - <descriptorRefs> - <descriptorRef>jar-with-dependencies</descriptorRef> - </descriptorRefs> - </configuration> - <executions> - <execution> - <id>make-jar-with-dependencies</id> - <phase>package</phase> - <goals> - <goal>single</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <version>3.6.1</version> <configuration> @@ -278,7 +214,6 @@ limitations under the License. <skip>true</skip> </configuration> </plugin> - <!-- Uncomment to add a license header to source files <plugin> <groupId>com.mycila</groupId> <artifactId>license-maven-plugin</artifactId> @@ -299,17 +234,18 @@ limitations under the License. <include>**/*aaiconfig*.properties</include> <include>**/*titan*.properties</include> </includes> + <skipExistingHeaders>true</skipExistingHeaders> </configuration> <executions> <execution> <goals> - <goal>format</goal> + <!-- Set goal to "format" to auto update license headers --> + <goal>check</goal> </goals> <phase>process-sources</phase> </execution> </executions> </plugin> - --> </plugins> </build> </project> |