aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKasperki <pawel.kasperkiewicz@nokia.com>2022-02-08 19:17:09 +0100
committerKasperki <pawel.kasperkiewicz@nokia.com>2022-02-11 12:57:03 +0100
commita7e6ea3e5f6a07748f7a78bdf59a3cb2ee85eb7c (patch)
treeb957b91c766a2e42d94799a9c4fb45fdb26693fe
parenta8e59fe8d77d5df48bcbe3899d3cefbf3f9fcd87 (diff)
Update libraries1.11.0
- netty codec http from 4.1.59.Final to 4.1.73.Final - gson from 2.8.6 to 2.8.9 - dmaap client from 1.8.7 to 1.8.8 - spring from 2.4.3 to 2.5.9 - spring boot starter log4j2 from 2.6.1 to 2.6.3 - test containers from 1.15.1 to 1.16.3 Issue-ID: DCAEGEN2-3045 Change-Id: I09f2721d75e71f0ac06c3d5c6bf1036f7cdfb0d7 Signed-off-by: Pawel <pawel.kasperkiewicz@nokia.com>
-rw-r--r--Changelog.md1
-rw-r--r--pom.xml18
2 files changed, 14 insertions, 5 deletions
diff --git a/Changelog.md b/Changelog.md
index 409bb6da..169fe36c 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -6,6 +6,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
## [1.11.0] - 2022/01/28
- [DCAEGEN2-2961] - Switch VESCollector to Integration base image(onap/integration-java11:10.0.0)
+ - [DCAEGEN2-3045] - Vulnerability addressal for VESCollector
## [1.10.3] - 2022/01/18
- [DCAEGEN2-3022] - Remediation for Log4Shell vulnerability (upgrade to 2.17.1)
diff --git a/pom.xml b/pom.xml
index 4649aa13..a59b7ba4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -53,7 +53,7 @@
</sonar.coverage.jacoco.xmlReportPaths>
<!-- DEPENDENCY RELATED SETTINGS -->
<micrometer.version>1.6.5</micrometer.version>
- <spring.version>2.4.3</spring.version>
+ <spring.version>2.5.9</spring.version>
<maven-assembly-plugin.version>3.1.0</maven-assembly-plugin.version>
<maven-javadoc-plugin.version>3.0.1</maven-javadoc-plugin.version>
<maven-project-info-reports-plugin.version>2.9</maven-project-info-reports-plugin.version>
@@ -61,23 +61,24 @@
<docker-maven-plugin.version>1.2.0</docker-maven-plugin.version>
<json-simple.version>1.1.1</json-simple.version>
<json-schema-validator.version>1.0.49</json-schema-validator.version>
- <gson.version>2.8.6</gson.version>
+ <gson.version>2.8.9</gson.version>
<json.version>20210307</json.version>
<unirest-java.version>1.4.9</unirest-java.version>
<commons-collections.version>3.2.2</commons-collections.version>
<commons-configuration.version>1.10</commons-configuration.version>
<vavr.version>0.10.3</vavr.version>
- <spring-boot-starter-log4j2.version>2.6.1</spring-boot-starter-log4j2.version>
+ <spring-boot-starter-log4j2.version>2.6.3</spring-boot-starter-log4j2.version>
<log4j.version>2.17.1</log4j.version>
<springfox-swagger2.version>3.0.0</springfox-swagger2.version>
<assertj-core.version>3.19.0</assertj-core.version>
<spring-boot-starter-test.version>2.2.13.RELEASE</spring-boot-starter-test.version>
- <sdk.version>1.8.7</sdk.version>
+ <sdk.version>1.8.8</sdk.version>
<guava.version>30.1-jre</guava.version>
<mock-server.version>5.11.1</mock-server.version>
<reactor-test.version>3.4.0</reactor-test.version>
- <testcontainers.version>1.15.1</testcontainers.version>
+ <testcontainers.version>1.16.3</testcontainers.version>
<junit-jupiter.version>1.15.1</junit-jupiter.version>
+ <netty-bom.version>4.1.73.Final</netty-bom.version>
</properties>
<build>
<pluginManagement>
@@ -274,6 +275,13 @@
<dependencyManagement>
<dependencies>
<dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-bom</artifactId>
+ <version>${netty-bom.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+ <dependency>
<!-- Import dependency management from Spring Boot -->
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>