diff options
author | Tomasz Wrobel <tomasz.wrobel@nokia.com> | 2022-08-25 13:48:45 +0200 |
---|---|---|
committer | Tomasz Wrobel <tomasz.wrobel@nokia.com> | 2022-08-29 18:41:45 +0200 |
commit | 5662ec25d8c24caa014d6988581dfca76c15fef0 (patch) | |
tree | 0033818469c12c642076e1ed46148c951564ba91 | |
parent | 8929c55ec055d25a8e10c9e06983f849e2f65f40 (diff) |
Fix DFC vulnerabilities1.9.0
- Update DCAE-SDK to version 1.8.10
- Update spring-boot to version 2.7.2
- Update spring to version 5.3.22
- Update tomcat-embed-core to version 9.0.65
- Update classgraph to version 4.8.149
- Update jackson-databind to version 2.13.3
- Update springdoc-openapi-ui to version 1.6.11
Issue-ID: DCAEGEN2-3211
Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com>
Change-Id: Iab97ade90792708742283cdeec732ca11351ec28
-rw-r--r-- | Changelog.md | 11 | ||||
-rw-r--r-- | datafile-app-server/pom.xml | 21 | ||||
-rw-r--r-- | datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/http/HttpClientResponseHelper.java | 13 | ||||
-rw-r--r-- | pom.xml | 26 | ||||
-rw-r--r-- | version.properties | 2 |
5 files changed, 51 insertions, 22 deletions
diff --git a/Changelog.md b/Changelog.md index ce4f0e08..f6733063 100644 --- a/Changelog.md +++ b/Changelog.md @@ -4,6 +4,17 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [1.9.0] - 2022/08/26 +### Changed +- [DCAEGEN2-3211] Fix vulnerabilities + - Update DCAE-SDK to version 1.8.10 + - Update spring-boot to version 2.7.2 + - Update spring to version 5.3.22 + - Update tomcat-embed-core to version 9.0.65 + - Update classgraph to version 4.8.149 + - Update jackson-databind to version 2.13.3 + - Update springdoc-openapi-ui to version 1.6.11 + ## [1.8.0] - 2022/06/24 ### Changed - [DCAEGEN2-3039] Make certificate dependencies configurable diff --git a/datafile-app-server/pom.xml b/datafile-app-server/pom.xml index 14620ed1..decf0732 100644 --- a/datafile-app-server/pom.xml +++ b/datafile-app-server/pom.xml @@ -27,7 +27,7 @@ <parent> <groupId>org.onap.dcaegen2.collectors</groupId> <artifactId>datafile</artifactId> - <version>1.8.0-SNAPSHOT</version> + <version>${revision}</version> </parent> <groupId>org.onap.dcaegen2.collectors.datafile</groupId> @@ -37,8 +37,9 @@ <properties> <docker.image.name>onap/${project.groupId}.${project.artifactId}</docker.image.name> <maven.build.timestamp.format>yyyyMMdd'T'HHmmss</maven.build.timestamp.format> - <docker-client.version>8.7.1</docker-client.version> - <tomcat-embed-core.version>9.0.56</tomcat-embed-core.version> + + <!--Skip missing changelog--> + <onap-gerrit-review>-changelog-missing</onap-gerrit-review> </properties> <dependencies> @@ -100,14 +101,8 @@ <artifactId>spring-webmvc</artifactId> </dependency> <dependency> - <groupId>com.spotify</groupId> - <artifactId>docker-client</artifactId> - <version>${docker-client.version}</version> - </dependency> - <dependency> <groupId>org.apache.tomcat.embed</groupId> <artifactId>tomcat-embed-core</artifactId> - <version>${tomcat-embed-core.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> @@ -121,6 +116,10 @@ <groupId>org.apache.httpcomponents.core5</groupId> <artifactId>httpcore5</artifactId> </dependency> + <dependency> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-databind</artifactId> + </dependency> <!-- Actuator dependencies --> <dependency> @@ -209,10 +208,6 @@ <groupId>org.springdoc</groupId> <artifactId>springdoc-openapi-data-rest</artifactId> </dependency> - <dependency> - <groupId>com.fasterxml.jackson.core</groupId> - <artifactId>jackson-databind</artifactId> - </dependency> </dependencies> <build> diff --git a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/http/HttpClientResponseHelper.java b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/http/HttpClientResponseHelper.java index 22067d0b..c04b1a75 100644 --- a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/http/HttpClientResponseHelper.java +++ b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/http/HttpClientResponseHelper.java @@ -1,6 +1,6 @@ /*- * ============LICENSE_START====================================================================== - * Copyright (C) 2020-2021 Nokia. All rights reserved. + * Copyright (C) 2020-2022 Nokia. All rights reserved. * =============================================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except * in compliance with the License. You may obtain a copy of the License at @@ -27,6 +27,7 @@ import org.apache.http.ProtocolVersion; import org.apache.http.StatusLine; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.params.HttpParams; +import reactor.core.publisher.Mono; import reactor.netty.http.client.HttpClientResponse; import reactor.util.context.Context; import reactor.util.context.ContextView; @@ -122,6 +123,11 @@ public class HttpClientResponseHelper { public HttpResponseStatus status() { return HttpResponseStatus.OK; } + + @Override + public Mono<HttpHeaders> trailerHeaders() { + return null; + } }; public static final HttpClientResponse RESPONSE_ANY_NO_OK = new HttpClientResponse() { @@ -193,6 +199,11 @@ public class HttpClientResponseHelper { @Override public HttpResponseStatus status() { return HttpResponseStatus.NOT_IMPLEMENTED; } + + @Override + public Mono<HttpHeaders> trailerHeaders() { + return null; + } }; public static final CloseableHttpResponse APACHE_RESPONSE_OK = new CloseableHttpResponse() { @@ -32,8 +32,7 @@ <groupId>org.onap.dcaegen2.collectors</groupId> <artifactId>datafile</artifactId> - <version>1.8.0-SNAPSHOT</version> - + <version>${revision}</version> <name>dcaegen2-collectors.datafile</name> <description>datafile collector</description> <packaging>pom</packaging> @@ -50,17 +49,20 @@ </licenses> <properties> + <revision>1.9.0-SNAPSHOT</revision> <java.version>11</java.version> - <sdk.version>1.8.8</sdk.version> + <sdk.version>1.8.10</sdk.version> <apache.httpcomponents.version>4.1.4</apache.httpcomponents.version> <apache.commons.version>3.6</apache.commons.version> <immutable.version>2.7.1</immutable.version> - <spring.version>5.3.14</spring.version> - <spring-boot.version>2.4.5</spring-boot.version> + <spring.version>5.3.22</spring.version> + <spring-boot.version>2.7.2</spring-boot.version> <commons-io.version>2.8.0</commons-io.version> <commons-net.version>3.3</commons-net.version> <projectreactor.version>2020.0.2</projectreactor.version> <httpcomponents.core5.version>5.0.3</httpcomponents.core5.version> + <tomcat-embed-core.version>9.0.65</tomcat-embed-core.version> + <io.github.classgraph.version>4.8.149</io.github.classgraph.version> <!-- LOGGING SETTINGS --> <slf4j.version>1.7.25</slf4j.version> @@ -75,7 +77,7 @@ <jcraft.version>0.1.54</jcraft.version> <springfox.version>3.0.0</springfox.version> <awaitility.version>3.1.6</awaitility.version> - <jackson-databind.version>2.11.4</jackson-databind.version> + <jackson-databind.version>2.13.3</jackson-databind.version> <powermock.version>2.0.9</powermock.version> <!-- Plugin versions --> @@ -86,7 +88,7 @@ <sonar.coverage.jacoco.xmlReportPaths> ${project.reporting.outputDirectory}/jacoco-ut/jacoco.xml </sonar.coverage.jacoco.xmlReportPaths> - <springdoc-openapi-ui.version>1.5.3</springdoc-openapi-ui.version> + <springdoc-openapi-ui.version>1.6.11</springdoc-openapi-ui.version> </properties> <dependencyManagement> @@ -133,6 +135,11 @@ <version>${immutable.version}</version> </dependency> <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-core</artifactId> + <version>${tomcat-embed-core.version}</version> + </dependency> + <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> <version>${spring.version}</version> @@ -165,6 +172,11 @@ <scope>import</scope> </dependency> <dependency> + <groupId>io.github.classgraph</groupId> + <artifactId>classgraph</artifactId> + <version>${io.github.classgraph.version}</version> + </dependency> + <dependency> <groupId>commons-io</groupId> <artifactId>commons-io</artifactId> <version>${commons-io.version}</version> diff --git a/version.properties b/version.properties index 3c572001..f9146bd6 100644 --- a/version.properties +++ b/version.properties @@ -1,5 +1,5 @@ major=1
-minor=8
+minor=9
patch=0
base_version=${major}.${minor}.${patch}
release_version=${base_version}
|