Fix HV-VES static code vulnerabilities

- Update kafka-clients version - Update SDK version - Update reactor-bom version Issue-ID: DCAEGEN2-1823 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com> Change-Id: Ib2d49c46e2d1b58d5131b9af6fc27804d443da71
author: Joanna Jeremicz <joanna.jeremicz@nokia.com> 2019-11-19 07:47:26 +0100
committer: Joanna Jeremicz <joanna.jeremicz@nokia.com> 2019-11-22 10:08:32 +0100
commit: 489978b1ff839d3ea02b0e76b933afc55fdea1d3 (patch)
tree: 1b79793fde21efcc97738371c3b460333dcb1a28
parent: 73889b15a3b4de4b13bfdd8a219a263f6b4a8d2a (diff)
2 files changed, 14 insertions, 4 deletions
diff --git a/pom.xml b/pom.xml
index 8b5d165d..f36c5e8c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -57,7 +57,7 @@
         <build-helper-maven-plugin.version>1.7</build-helper-maven-plugin.version>
         <jacoco.version>0.8.2</jacoco.version>
         <detekt.version>1.0.0-RC14</detekt.version>
-        <sdk.version>1.1.4</sdk.version>
+        <sdk.version>1.3.2</sdk.version>
 
         <!-- Protocol buffers -->
         <protobuf.version>3.6.1</protobuf.version>
@@ -477,10 +477,20 @@
                 <groupId>io.projectreactor</groupId>
                 <artifactId>reactor-bom</artifactId>
                 <!-- remember to update netty native bindings versions -->
-                <version>Californium-SR8</version>
+                <version>Dysprosium-SR1</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
+            <!-- Due to security reasons, override transitive kafka-clients dependency version (2.0.0 -> 2.3.1) -->
+            <dependency>
+                <groupId>org.apache.kafka</groupId>
+                <artifactId>kafka-clients</artifactId>
+                <version>2.3.1</version>
+            </dependency>
+            <!--
+            Disable native extension (epoll) on production for now.
+            Might be reintroduced if performance tests prove there is some performance issue.
+            -->
             <!--
             <dependency>
                 <groupId>io.netty</groupId>
diff --git a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/api/ConfigurationModule.kt b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/api/ConfigurationModule.kt
index 35adfe79..c913555a 100644
--- a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/api/ConfigurationModule.kt
+++ b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/api/ConfigurationModule.kt
@@ -34,7 +34,7 @@ import org.onap.dcae.collectors.veshv.utils.logging.Logger
 import org.onap.dcae.collectors.veshv.utils.logging.MappedDiagnosticContext
 import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.CbsClient
 import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.CbsClientFactory
-import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.model.EnvProperties
+import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.model.CbsClientConfiguration
 import reactor.core.publisher.Flux
 import reactor.core.publisher.Mono
 import reactor.retry.Jitter
@@ -52,7 +52,7 @@ class ConfigurationModule internal constructor(private val configStateListener:
 
     constructor(configStateListener: ConfigurationStateListener) : this(
             configStateListener,
-            CbsClientFactory.createCbsClient(EnvProperties.fromEnvironment())
+            CbsClientFactory.createCbsClient(CbsClientConfiguration.fromEnvironment())
     )
 
     fun healthCheckPort(args: Array<String>): Int = cmd.getHealthcheckPort(args)
author	Joanna Jeremicz <joanna.jeremicz@nokia.com>	2019-11-19 07:47:26 +0100
committer	Joanna Jeremicz <joanna.jeremicz@nokia.com>	2019-11-22 10:08:32 +0100
commit	489978b1ff839d3ea02b0e76b933afc55fdea1d3 (patch)
tree	1b79793fde21efcc97738371c3b460333dcb1a28
parent	73889b15a3b4de4b13bfdd8a219a263f6b4a8d2a (diff)