diff options
| author |   Timoney, Dan (dt5972) <dtimoney@att.com> | 2019-03-15 12:25:28 -0400 |
|---|---|---|
| committer | Timoney, Dan (dt5972) <dtimoney@att.com> | 2019-03-15 12:25:32 -0400 |
| commit | b46d863e9e5db30291034e8740291c70875f1f5f (patch) | |
| tree | 6766ccb15edba5807a429278bf57ed8d241d2ce8 /ccsdk-app-common/pom.xml | |
| parent | 2e98a6c64dcdc0891f3729abb045115b790a2c54 (diff) | |
Resolve security issues
This change contains the following fixes:
1) Updated ccsdk/dashboard to use ONAP's oparent parent pom
2) Removed <version> tag from dependencies managed by oparent,
where feasible (e.g. not spring, since oparent uses Spring 5
and dashboard is based on Spring 4)
3) Updated versions of third party libraries as needed to address
vulnerabilities found in nexus IQ scan.
4) Added missing license headers in source files to resolve
checkstyle error from oparent.
5) Fixed indentation (tab -> 4 spaces) to resolve oparent
checkstyle warning.
Change-Id: Ib92d5ef86dbdb78c270d0901cc0753cd5a78eb6e
Issue-ID: CCSDK-1167
Signed-off-by: Timoney, Dan (dt5972) <dtimoney@att.com>
Diffstat (limited to 'ccsdk-app-common/pom.xml')
| -rw-r--r-- | ccsdk-app-common/pom.xml | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/ccsdk-app-common/pom.xml b/ccsdk-app-common/pom.xml index e7a58c6..1f78337 100644 --- a/ccsdk-app-common/pom.xml +++ b/ccsdk-app-common/pom.xml @@ -2,6 +2,12 @@ <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.onap.ccsdk.dashboard</groupId>
+ <artifactId>ccsdk-app-parent</artifactId>
+ <version>1.1.0-SNAPSHOT</version>
+ </parent>
<groupId>org.onap.ccsdk.dashboard</groupId>
<artifactId>ccsdk-app-common</artifactId>
@@ -9,10 +15,11 @@ <packaging>jar</packaging>
<name>ONAP Operations Manager Dashboard common</name>
<description>CCSDK Dashboard common Java code</description>
+
<properties>
<encoding>UTF-8</encoding>
- <springframework.version>4.2.0.RELEASE</springframework.version>
+ <springframework.version>4.3.22.RELEASE</springframework.version>
<hibernate.version>4.3.11.Final</hibernate.version>
<eelf.version>1.0.0</eelf.version>
<epsdk.version>2.5.1</epsdk.version>
@@ -22,6 +29,7 @@ <stagingNexusPath>/content/repositories/staging/</stagingNexusPath>
<skipTests>false</skipTests>
<jacocoVersion>0.7.6.201602180812</jacocoVersion>
+ <jackson.version>2.9.8</jackson.version>
</properties>
<repositories>
@@ -136,7 +144,6 @@ <plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
- <version>${jacocoVersion}</version>
<executions>
<execution>
<id>prepare-agent</id>
@@ -182,14 +189,14 @@ <!-- For using HTTP Basic Auth in uService REST client -->
<dependency>
<groupId>org.apache.httpcomponents</groupId>
- <artifactId>httpclient</artifactId>
- <version>4.3.5</version>
+ <artifactId>httpclient</artifactId>
+ <!-- inherit version from oparent-->
</dependency>
<!-- Postgresql driver -->
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
- <version>9.3-1100-jdbc41</version>
+ <version>9.3-1104-jdbc41</version>
</dependency>
<!-- SDK components -->
<dependency>
@@ -216,32 +223,35 @@ <dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
- <version>2.9.0</version>
+ <version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
- <version>2.9.0</version>
+ <!-- oparent defines this version, but not version for other jackson -->
+ <!-- artifacts. So, defined our own property, set to value from oparent -->
+ <!-- so that jackson artifacts can be kept in sync -->
+ <version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>2.9.0</version>
+ <version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-jdk8</artifactId>
- <version>2.9.0</version>
+ <version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-yaml</artifactId>
- <version>2.9.0</version>
+ <version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.mchange</groupId>
<artifactId>c3p0</artifactId>
- <version>0.9.5.2</version>
+ <version>0.9.5.3</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
|