From bc67c407c4dc21e023f56ba17e4fd1f66d0bf8a9 Mon Sep 17 00:00:00 2001 From: Dan Timoney Date: Thu, 5 Aug 2021 10:46:18 -0400 Subject: Package upgrades Upgrade third party packages to address security vulnerabilities. Provide new parent pom for spring boot 2.5, which is not backward compatible with spring boot 2.3 Issue-ID: CCSDK-3415 Signed-off-by: Dan Timoney Change-Id: Iffbfffb6709aeec48c35dd604b9293fb3af34a10 --- springboot/pom.xml | 1 + springboot/spring-boot-setup/pom.xml | 35 + .../src/main/properties/springboot1.properties | 11 +- .../src/main/properties/springboot2.properties | 11 +- .../src/main/properties/springboot25.properties | 14 + .../src/main/resources/pom-template.xml | 22 +- springboot/springboot1/pom.xml | 8 + springboot/springboot2/pom.xml | 8 + springboot/springboot25/pom.xml | 1084 ++++++++++++++++++++ 9 files changed, 1185 insertions(+), 9 deletions(-) create mode 100644 springboot/spring-boot-setup/src/main/properties/springboot25.properties create mode 100644 springboot/springboot25/pom.xml (limited to 'springboot') diff --git a/springboot/pom.xml b/springboot/pom.xml index 8ef623af..e727b3fd 100755 --- a/springboot/pom.xml +++ b/springboot/pom.xml @@ -19,6 +19,7 @@ spring-boot-setup springboot1 springboot2 + springboot25 diff --git a/springboot/spring-boot-setup/pom.xml b/springboot/spring-boot-setup/pom.xml index d41913b0..fe5a295d 100644 --- a/springboot/spring-boot-setup/pom.xml +++ b/springboot/spring-boot-setup/pom.xml @@ -71,6 +71,30 @@ UTF-8 + + create-springboot25-parent-pom + + copy-resources + + validate + + ../springboot25 + + + src/main/resources + + pom-template.xml + + true + + + \ + + ${basedir}/src/main/properties/springboot25.properties + + UTF-8 + + @@ -100,6 +124,17 @@ ../springboot2/pom.xml + + rename-springboot25-parent-pom + validate + + rename + + + ../springboot25/pom-template.xml + ../springboot25/pom.xml + + diff --git a/springboot/spring-boot-setup/src/main/properties/springboot1.properties b/springboot/spring-boot-setup/src/main/properties/springboot1.properties index c4f4e011..e99c5a8c 100644 --- a/springboot/spring-boot-setup/src/main/properties/springboot1.properties +++ b/springboot/spring-boot-setup/src/main/properties/springboot1.properties @@ -2,4 +2,13 @@ springbootparent.artifactId=spring-boot-starter-parent springbootparent.groupId=org.springframework.boot springbootparent.version=1.5.22.RELEASE springboot.project.artifactId=spring-boot-1-starter-parent -spring.version=4.3.25.RELEASE \ No newline at end of file +spring.version=4.3.25.RELEASE +springboot.httpcomponents.core.version=4.4.14 +springboot.httpcomponents.client.version=4.5.13 +springboot.jackson.version=2.11.4 +springboot.logback.version=1.2.3 +springboot.netty.ssl.version=2.0.39.Final +springboot.jersey.version=2.30.1 +springboot.slf4j.version=1.7.25 +springboot.springfox.version=2.9.2 +springboot.tomcat.jdbc.version=9.0.46 \ No newline at end of file diff --git a/springboot/spring-boot-setup/src/main/properties/springboot2.properties b/springboot/spring-boot-setup/src/main/properties/springboot2.properties index 6e69d7fd..1389b933 100644 --- a/springboot/spring-boot-setup/src/main/properties/springboot2.properties +++ b/springboot/spring-boot-setup/src/main/properties/springboot2.properties @@ -2,4 +2,13 @@ springbootparent.artifactId=spring-boot-starter-parent springbootparent.groupId=org.springframework.boot springbootparent.version=2.3.12.RELEASE springboot.project.artifactId=spring-boot-starter-parent -spring.version=5.2.15.RELEASE \ No newline at end of file +spring.version=5.2.15.RELEASE +springboot.httpcomponents.core.version=4.4.14 +springboot.httpcomponents.client.version=4.5.13 +springboot.jackson.version=2.11.4 +springboot.logback.version=1.2.3 +springboot.netty.ssl.version=2.0.39.Final +springboot.jersey.version=2.30.1 +springboot.slf4j.version=1.7.25 +springboot.springfox.version=2.9.2 +springboot.tomcat.jdbc.version=9.0.46 diff --git a/springboot/spring-boot-setup/src/main/properties/springboot25.properties b/springboot/spring-boot-setup/src/main/properties/springboot25.properties new file mode 100644 index 00000000..2681cb06 --- /dev/null +++ b/springboot/spring-boot-setup/src/main/properties/springboot25.properties @@ -0,0 +1,14 @@ +springbootparent.artifactId=spring-boot-starter-parent +springbootparent.groupId=org.springframework.boot +springbootparent.version=2.5.3 +springboot.project.artifactId=spring-boot-25-starter-parent +spring.version=5.3.9 +springboot.httpcomponents.core.version=4.4.14 +springboot.httpcomponents.client.version=4.5.13 +springboot.jackson.version=2.12.4 +springboot.logback.version=1.2.4 +springboot.netty.ssl.version=2.0.40.Final +springboot.jersey.version=2.33 +springboot.slf4j.version=1.7.32 +springboot.springfox.version=3.0.0 +springboot.tomcat.jdbc.version=9.0.50 \ No newline at end of file diff --git a/springboot/spring-boot-setup/src/main/resources/pom-template.xml b/springboot/spring-boot-setup/src/main/resources/pom-template.xml index 845ea8a5..1c10ad7c 100644 --- a/springboot/spring-boot-setup/src/main/resources/pom-template.xml +++ b/springboot/spring-boot-setup/src/main/resources/pom-template.xml @@ -119,23 +119,24 @@ 4.8-1 2.6 - 4.4.14 - 4.5.13 + ${springboot.httpcomponents.core.version} + ${springboot.httpcomponents.client.version} 10.14.2.0 1.0.0 1.25.0 - 2.0.39.Final + ${springboot.netty.ssl.version} 3.10.0 3.10.0 - 2.30.1 - 2.30.1 + ${springboot.jersey.version} + ${springboot.jersey.version} 1.3.8 1.2.3 2.7.3 2.4.0 - 1.7.25 + ${springboot.slf4j.version} + ${springboot.springfox.version} 6.14.3 - 9.0.46 + ${springboot.tomcat.jdbc.version} direct-dependencies.txt @@ -151,6 +152,13 @@ pom import + + com.fasterxml.jackson + jackson-bom + ${springboot.jackson.version} + pom + import + org.onap.ccsdk.sli.core sli-common diff --git a/springboot/springboot1/pom.xml b/springboot/springboot1/pom.xml index 20a22762..8a01d17b 100644 --- a/springboot/springboot1/pom.xml +++ b/springboot/springboot1/pom.xml @@ -134,6 +134,7 @@ 2.7.3 2.4.0 1.7.25 + 2.9.2 6.14.3 9.0.46 direct-dependencies.txt @@ -151,6 +152,13 @@ pom import + + com.fasterxml.jackson + jackson-bom + 2.11.4 + pom + import + org.onap.ccsdk.sli.core sli-common diff --git a/springboot/springboot2/pom.xml b/springboot/springboot2/pom.xml index ef34740a..d70ee688 100644 --- a/springboot/springboot2/pom.xml +++ b/springboot/springboot2/pom.xml @@ -134,6 +134,7 @@ 2.7.3 2.4.0 1.7.25 + 2.9.2 6.14.3 9.0.46 direct-dependencies.txt @@ -151,6 +152,13 @@ pom import + + com.fasterxml.jackson + jackson-bom + 2.11.4 + pom + import + org.onap.ccsdk.sli.core sli-common diff --git a/springboot/springboot25/pom.xml b/springboot/springboot25/pom.xml new file mode 100644 index 00000000..cfe2298e --- /dev/null +++ b/springboot/springboot25/pom.xml @@ -0,0 +1,1084 @@ + + + 4.0.0 + + + + org.springframework.boot + spring-boot-starter-parent + 2.5.3 + + + + org.onap.ccsdk.parent + spring-boot-25-starter-parent + 2.2.0-SNAPSHOT + pom + + ONAP :: ${project.groupId} :: ${project.artifactId} + Root POM to be used in place of spring-boot parent for CCSDK based projects + http://wiki.onap.org + + ONAP + + + + JIRA + https://jira.onap.org/ + + + + + ecomp-releases + ${onap.nexus.release-url} + + + ecomp-snapshots + ${onap.nexus.snapshot-url} + + + + + + 3.7.0.1746 + 3.2 + jacoco + + ${project.reporting.outputDirectory}/jacoco-ut/jacoco.xml,${project.reporting.outputDirectory}/jacoco-it/jacoco.xml + + **/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/** + + + 0.8.5 + + + 1.8 + 1.8 + UTF-8 + UTF-8 + + /content/sites/site/${project.groupId}/${project.artifactId}/${project.version} + + + ${basedir}/src/main/resources/swagger.properties + + ${basedir}/src/main/resources/swagger.json + + + + https://nexus.onap.org + nexus.onap.org + 443 + https + https://nexus.onap.org/content/groups/public + https://nexus.onap.org/content/groups/staging + https://nexus.onap.org/content/repositories/releases + https://nexus.onap.org/content/repositories/snapshots + ecomp-staging + 176c31dfe190a + + 1.8 + 1.8 + 2.5.0 + 2.5.1 + features.xml + src/main/yang-gen-config + src/main/yang-gen-sal + true + + + 1.6.9 + + + (1.1.99999,1.2.99999-SNAPSHOT) + (1.1.99999, 1.2.99999-SNAPSHOT) + (1.1.99999, 1.2.99999-SNAPSHOT) + (1.2.99999, 1.3.99999-SNAPSHOT) + ${ccsdk.sli.version} + ${ccsdk.sli.version} + ${ccsdk.sli.version} + ${ccsdk.sli.version} + + + 2.5.3 + 5.3.9 + + + 1.8 + 1.3.61 + 1.3.61 + 1.3.3 + 1.5.0 + 0.5.0 + 2.6.6 + 2.2.3 + 1.9.3 + + + 4.8-1 + 2.6 + 4.4.14 + 4.5.13 + 10.14.2.0 + 1.0.0 + 1.25.0 + 2.0.40.Final + 3.10.0 + 3.10.0 + 2.33 + 2.33 + 1.3.8 + 1.2.3 + 2.7.3 + 2.4.0 + 1.7.32 + 3.0.0 + 6.14.3 + 9.0.50 + direct-dependencies.txt + + + + + + + org.onap.ccsdk.parent + dependencies-bom + 2.2.0-SNAPSHOT + pom + import + + + com.fasterxml.jackson + jackson-bom + 2.12.4 + pom + import + + + org.onap.ccsdk.sli.core + sli-common + ${ccsdk.sli.core.version} + + + org.onap.ccsdk.sli.core + sli-provider + ${ccsdk.sli.core.version} + + + org.onap.ccsdk.sli.core + ccsdk-sli + ${ccsdk.sli.core.version} + xml + features + + + org.onap.ccsdk.sli.core + dblib-provider + ${ccsdk.sli.core.version} + + + org.onap.ccsdk.sli.adaptors + aai-service-provider + ${ccsdk.sli.adaptors.version} + + + org.onap.logging-analytics + logging-slf4j + ${logging-analytics.version} + + + org.onap.logging-analytics + logging-filter-base + ${logging-analytics.version} + + + + + + + onap-public + ${onap.nexus.public-url} + + true + never + + + true + always + + + + onap-staging + ${onap.nexus.staging-url} + + true + never + + + true + always + + + + ecomp-release + onap-repository-releases + ${onap.nexus.release-url} + + true + never + + + false + + + + ecomp-snapshot + onap-repository-snapshots + ${onap.nexus.snapshot-url} + + false + + + true + + + + + + + onap-public + ${onap.nexus.public-url} + + true + + + true + + + + onap-staging + ${onap.nexus.staging-url} + + true + + + true + + + + onap-snapshot + ${onap.nexus.snapshot-url} + + false + + + true + + + + + JCenter + JCenter Repository + http://jcenter.bintray.com + + + + Restlet + Restlet Repository + http://maven.restlet.com + + + + + + + + + org.apache.maven.plugins + maven-deploy-plugin + + 2.8 + + + true + + + + org.apache.maven.plugins + maven-site-plugin + 3.6 + + + org.apache.maven.wagon + wagon-webdav-jackrabbit + 2.10 + + + org.apache.maven.doxia + doxia-core + 1.7 + + + org.apache.maven.doxia + doxia-sink-api + 1.7 + + + org.apache.maven.doxia + doxia-logging-api + 1.7 + + + + + attach-descriptor + + attach-descriptor + + + + + + org.apache.maven.plugins + maven-checkstyle-plugin + 2.17 + + + org.onap.oparent + checkstyle + 1.1.1 + + + + + check-license + + check + + process-sources + + onap-checkstyle/check-license.xml + onap-checkstyle/apache-license-2.regexp.txt + false + true + false + ${project.build.sourceDirectory} + + + false + true + + + + check-style + + check + + process-sources + + + onap-checkstyle/onap-java-style.xml + + ${project.build.sourceDirectory}/src/main/java + true + true + true + + + false + true + + + + + + + org.apache.maven.plugins + maven-surefire-plugin + 2.19.1 + + + ${surefireArgLine} + + + **/IT*.java + + + + + org.apache.maven.plugins + maven-failsafe-plugin + 2.19.1 + + + + integration-tests + + integration-test + verify + + + + ${failsafeArgLine} + + + + + + org.apache.maven.plugins + maven-compiler-plugin + ${maven.compile.plugin.version} + + ${java.version.source} + ${java.version.target} + + + + org.sonarsource.scanner.maven + sonar-maven-plugin + 3.6.0.1398 + + + + + + org.apache.maven.plugins + maven-javadoc-plugin + 3.2.0 + + + + org.slf4j + slf4j-api + ${slf4j.version} + + + org.antlr + antlr4 + ${antlr.version} + + + org.antlr + antlr4-runtime + ${antlr.version} + + + com.sun.jersey + jersey-client + ${jersey.client.version} + + + com.sun.jersey + jersey-core + ${jersey.version} + + + org.apache.httpcomponents + httpcore-osgi + ${apache.httpcomponents.core.version} + + + org.apache.httpcomponents + httpclient-osgi + ${apache.httpcomponents.client.version} + + + commons-lang + commons-lang + ${commons.lang.version} + + + false + + + + aggregate + + aggregate + + site + + + + + com.github.ferstl + depgraph-maven-plugin + 3.3.0 + + text + ${dependency-list.file} + ${project.basedir} + * + true + true + + + + + + + + + org.jacoco + jacoco-maven-plugin + ${jacoco.version} + + + pre-unit-test + + prepare-agent + + + + ${project.build.directory}/code-coverage/jacoco-ut.exec + + surefireArgLine + + + + + post-unit-test + test + + report + + + + ${project.build.directory}/code-coverage/jacoco-ut.exec + + ${project.reporting.outputDirectory}/jacoco-ut + + + + pre-integration-test + pre-integration-test + + prepare-agent + + + + ${project.build.directory}/code-coverage/jacoco-it.exec + + failsafeArgLine + + + + + post-integration-test + post-integration-test + + report + + + + ${project.build.directory}/code-coverage/jacoco-it.exec + + ${project.reporting.outputDirectory}/jacoco-it + + + + default-prepare-agent + + prepare-agent + + + + default-report + prepare-package + + report + + + + default-check + + check + + + + + PACKAGE + + + COMPLEXITY + COVEREDRATIO + 0.0 + + + + + + + + + + org.apache.maven.plugins + maven-deploy-plugin + + + org.apache.maven.plugins + maven-checkstyle-plugin + + + org.codehaus.mojo + build-helper-maven-plugin + 1.12 + + + + org.apache.maven.plugins + maven-surefire-plugin + + + org.apache.maven.plugins + maven-failsafe-plugin + + + + + org.codehaus.mojo + properties-maven-plugin + 1.0.0 + + + + set-system-properties + + + + + maven.wagon.http.ssl.allowall + ${ssl.allowall} + + + maven.wagon.http.ssl.insecure + ${ssl.insecure} + + + + + + + + org.codehaus.mojo + versions-maven-plugin + 2.5 + + true + + + + maven-scm-plugin + 1.8.1 + + ${project.artifactId}-${project.version} + + + + pl.project13.maven + git-commit-id-plugin + 4.0.0 + + full + + ^git.build.(time|version)$ + ^git.commit.id.(abbrev|full)$ + + + + + + + + + + maven-javadoc-plugin + 2.10.4 + + false + org.umlgraph.doclet.UmlGraphDoc + + org.umlgraph + umlgraph + 5.6 + + -views + true + org.opendaylight.* + + + + + javadoc-no-fork + test-javadoc-no-fork + + + + aggregate + + aggregate + test-aggregate + + + + + + org.apache.maven.plugins + maven-jxr-plugin + 2.3 + + + aggregate + + aggregate + test-aggregate + + + + + + maven-surefire-plugin + 2.17 + + + org.apache.maven.plugins + maven-changelog-plugin + 2.3 + + + dual-report + + range + 30 + + + changelog + file-activity + + + + + + org.codehaus.mojo + taglist-maven-plugin + 2.4 + + + + + + + + generate-json + + + ${swagger-properties} + + + swagger-sdk.generate-json + + + + + + org.codehaus.mojo + properties-maven-plugin + 1.0.0 + + + initialize + + read-project-properties + + + + ${basedir}/src/main/resources/swagger.properties + + + + + + + com.github.kongchen + swagger-maven-plugin + 3.1.4 + + + + ${api-rest-package} + http,https + ${api-host-ip}:${api-host-port} + ${api-base-path} + + ${api-title} + ${api-version} + ${api-description} + + ${api-license} + + + ${basedir}/src/main/resources + + + + + + compile + + generate + + + + + + org.apache.maven.plugins + maven-install-plugin + 2.3.1 + + + install-file-id + install + + install-file + + + ${basedir}/src/main/resources/swagger.json + ${project.groupId} + ${project.artifactId}-swagger-schema + ${project.version} + json + + + + + + + + + generate-sdk + + + ${swagger-json} + + + swagger-sdk.generate-java-sdk + + + + + + org.apache.maven.plugins + maven-antrun-plugin + 1.8 + + + initialize + ant-create-script + + true + + + + + + + + + + + + + + + + + + + + + + + + + + run + + + + + + ant-contrib + ant-contrib + 1.0b3 + + + ant + ant + + + + + + + io.swagger + swagger-codegen-maven-plugin + 2.2.1 + + + + generate + + + ${basedir}/src/main/resources/swagger.json + ${project.build.directory}/generated-sources + java + + joda + + jersey2 + ${project.groupId} + ${project.artifactId}-java-sdk + ${project.version} + ${project.groupId}.${project.artifactId}.client.model + ${project.groupId}.${project.artifactId}.client.api + ${project.groupId}.${project.artifactId}.client.invoker + + + + + + org.codehaus.mojo + exec-maven-plugin + 1.5.0 + + + swagger-generate-sources + generate-sources + + exec + + + ${project.build.directory}${file.separator}${swagger.sdk.script.file} + + + + + + org.apache.maven.plugins + maven-clean-plugin + 3.0.0 + + + clean-generated-files + generate-sources + + clean + + + + + ${project.build.directory}/generated-sources + + + + + + + + + + + org.onap.msb.swagger-sdk + swagger-sdk + 1.0.0 + + + + + + q + + true + true + true + + true + true + true + true + true + true + true + true + true + true + true + true + true + true + true + true + true + true + true + true + + + + sonar-jacoco-aggregate + + + onap.jacoco.aggregateFile + + + + + + org.jacoco + jacoco-maven-plugin + + + merge + + merge + + generate-resources + + ${onap.jacoco.aggregateFile} + + + ${project.basedir} + + **/target/code-coverage/*.exec + + + + + + + + + + + + + -- cgit 1.2.3-korg