summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTomasz Wrobel <tomasz.wrobel@nokia.com>2022-08-25 13:48:45 +0200
committerTomasz Wrobel <tomasz.wrobel@nokia.com>2022-08-29 18:41:45 +0200
commit5662ec25d8c24caa014d6988581dfca76c15fef0 (patch)
tree0033818469c12c642076e1ed46148c951564ba91
parent8929c55ec055d25a8e10c9e06983f849e2f65f40 (diff)
Fix DFC vulnerabilities1.9.0
- Update DCAE-SDK to version 1.8.10 - Update spring-boot to version 2.7.2 - Update spring to version 5.3.22 - Update tomcat-embed-core to version 9.0.65 - Update classgraph to version 4.8.149 - Update jackson-databind to version 2.13.3 - Update springdoc-openapi-ui to version 1.6.11 Issue-ID: DCAEGEN2-3211 Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com> Change-Id: Iab97ade90792708742283cdeec732ca11351ec28
-rw-r--r--Changelog.md11
-rw-r--r--datafile-app-server/pom.xml21
-rw-r--r--datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/http/HttpClientResponseHelper.java13
-rw-r--r--pom.xml26
-rw-r--r--version.properties2
5 files changed, 51 insertions, 22 deletions
diff --git a/Changelog.md b/Changelog.md
index ce4f0e08..f6733063 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -4,6 +4,17 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/)
and this project adheres to [Semantic Versioning](http://semver.org/).
+## [1.9.0] - 2022/08/26
+### Changed
+- [DCAEGEN2-3211] Fix vulnerabilities
+ - Update DCAE-SDK to version 1.8.10
+ - Update spring-boot to version 2.7.2
+ - Update spring to version 5.3.22
+ - Update tomcat-embed-core to version 9.0.65
+ - Update classgraph to version 4.8.149
+ - Update jackson-databind to version 2.13.3
+ - Update springdoc-openapi-ui to version 1.6.11
+
## [1.8.0] - 2022/06/24
### Changed
- [DCAEGEN2-3039] Make certificate dependencies configurable
diff --git a/datafile-app-server/pom.xml b/datafile-app-server/pom.xml
index 14620ed1..decf0732 100644
--- a/datafile-app-server/pom.xml
+++ b/datafile-app-server/pom.xml
@@ -27,7 +27,7 @@
<parent>
<groupId>org.onap.dcaegen2.collectors</groupId>
<artifactId>datafile</artifactId>
- <version>1.8.0-SNAPSHOT</version>
+ <version>${revision}</version>
</parent>
<groupId>org.onap.dcaegen2.collectors.datafile</groupId>
@@ -37,8 +37,9 @@
<properties>
<docker.image.name>onap/${project.groupId}.${project.artifactId}</docker.image.name>
<maven.build.timestamp.format>yyyyMMdd'T'HHmmss</maven.build.timestamp.format>
- <docker-client.version>8.7.1</docker-client.version>
- <tomcat-embed-core.version>9.0.56</tomcat-embed-core.version>
+
+ <!--Skip missing changelog-->
+ <onap-gerrit-review>-changelog-missing</onap-gerrit-review>
</properties>
<dependencies>
@@ -100,14 +101,8 @@
<artifactId>spring-webmvc</artifactId>
</dependency>
<dependency>
- <groupId>com.spotify</groupId>
- <artifactId>docker-client</artifactId>
- <version>${docker-client.version}</version>
- </dependency>
- <dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
- <version>${tomcat-embed-core.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
@@ -121,6 +116,10 @@
<groupId>org.apache.httpcomponents.core5</groupId>
<artifactId>httpcore5</artifactId>
</dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ </dependency>
<!-- Actuator dependencies -->
<dependency>
@@ -209,10 +208,6 @@
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-data-rest</artifactId>
</dependency>
- <dependency>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-databind</artifactId>
- </dependency>
</dependencies>
<build>
diff --git a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/http/HttpClientResponseHelper.java b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/http/HttpClientResponseHelper.java
index 22067d0b..c04b1a75 100644
--- a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/http/HttpClientResponseHelper.java
+++ b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/http/HttpClientResponseHelper.java
@@ -1,6 +1,6 @@
/*-
* ============LICENSE_START======================================================================
- * Copyright (C) 2020-2021 Nokia. All rights reserved.
+ * Copyright (C) 2020-2022 Nokia. All rights reserved.
* ===============================================================================================
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
@@ -27,6 +27,7 @@ import org.apache.http.ProtocolVersion;
import org.apache.http.StatusLine;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.params.HttpParams;
+import reactor.core.publisher.Mono;
import reactor.netty.http.client.HttpClientResponse;
import reactor.util.context.Context;
import reactor.util.context.ContextView;
@@ -122,6 +123,11 @@ public class HttpClientResponseHelper {
public HttpResponseStatus status() {
return HttpResponseStatus.OK;
}
+
+ @Override
+ public Mono<HttpHeaders> trailerHeaders() {
+ return null;
+ }
};
public static final HttpClientResponse RESPONSE_ANY_NO_OK = new HttpClientResponse() {
@@ -193,6 +199,11 @@ public class HttpClientResponseHelper {
@Override public HttpResponseStatus status() {
return HttpResponseStatus.NOT_IMPLEMENTED;
}
+
+ @Override
+ public Mono<HttpHeaders> trailerHeaders() {
+ return null;
+ }
};
public static final CloseableHttpResponse APACHE_RESPONSE_OK = new CloseableHttpResponse() {
diff --git a/pom.xml b/pom.xml
index 033764cb..1b803e4e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -32,8 +32,7 @@
<groupId>org.onap.dcaegen2.collectors</groupId>
<artifactId>datafile</artifactId>
- <version>1.8.0-SNAPSHOT</version>
-
+ <version>${revision}</version>
<name>dcaegen2-collectors.datafile</name>
<description>datafile collector</description>
<packaging>pom</packaging>
@@ -50,17 +49,20 @@
</licenses>
<properties>
+ <revision>1.9.0-SNAPSHOT</revision>
<java.version>11</java.version>
- <sdk.version>1.8.8</sdk.version>
+ <sdk.version>1.8.10</sdk.version>
<apache.httpcomponents.version>4.1.4</apache.httpcomponents.version>
<apache.commons.version>3.6</apache.commons.version>
<immutable.version>2.7.1</immutable.version>
- <spring.version>5.3.14</spring.version>
- <spring-boot.version>2.4.5</spring-boot.version>
+ <spring.version>5.3.22</spring.version>
+ <spring-boot.version>2.7.2</spring-boot.version>
<commons-io.version>2.8.0</commons-io.version>
<commons-net.version>3.3</commons-net.version>
<projectreactor.version>2020.0.2</projectreactor.version>
<httpcomponents.core5.version>5.0.3</httpcomponents.core5.version>
+ <tomcat-embed-core.version>9.0.65</tomcat-embed-core.version>
+ <io.github.classgraph.version>4.8.149</io.github.classgraph.version>
<!-- LOGGING SETTINGS -->
<slf4j.version>1.7.25</slf4j.version>
@@ -75,7 +77,7 @@
<jcraft.version>0.1.54</jcraft.version>
<springfox.version>3.0.0</springfox.version>
<awaitility.version>3.1.6</awaitility.version>
- <jackson-databind.version>2.11.4</jackson-databind.version>
+ <jackson-databind.version>2.13.3</jackson-databind.version>
<powermock.version>2.0.9</powermock.version>
<!-- Plugin versions -->
@@ -86,7 +88,7 @@
<sonar.coverage.jacoco.xmlReportPaths>
${project.reporting.outputDirectory}/jacoco-ut/jacoco.xml
</sonar.coverage.jacoco.xmlReportPaths>
- <springdoc-openapi-ui.version>1.5.3</springdoc-openapi-ui.version>
+ <springdoc-openapi-ui.version>1.6.11</springdoc-openapi-ui.version>
</properties>
<dependencyManagement>
@@ -133,6 +135,11 @@
<version>${immutable.version}</version>
</dependency>
<dependency>
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-core</artifactId>
+ <version>${tomcat-embed-core.version}</version>
+ </dependency>
+ <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
@@ -165,6 +172,11 @@
<scope>import</scope>
</dependency>
<dependency>
+ <groupId>io.github.classgraph</groupId>
+ <artifactId>classgraph</artifactId>
+ <version>${io.github.classgraph.version}</version>
+ </dependency>
+ <dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>${commons-io.version}</version>
diff --git a/version.properties b/version.properties
index 3c572001..f9146bd6 100644
--- a/version.properties
+++ b/version.properties
@@ -1,5 +1,5 @@
major=1
-minor=8
+minor=9
patch=0
base_version=${major}.${minor}.${patch}
release_version=${base_version}