From c192055aaaa8af184716d071356e75d5b68ce9bc Mon Sep 17 00:00:00 2001
From: vv770d <vv770d@att.com>
Date: Wed, 23 Feb 2022 18:38:50 +0000
Subject: [DCAEMOD/Helm-gen] Vulnerability updates

Change-Id: I0b5398ccb0af01bfbaf6c600eef5623810ce95c3
Signed-off-by: vv770d <vv770d@att.com>
Issue-ID: DCAEGEN2-3052
Signed-off-by: vv770d <vv770d@att.com>
---
 mod2/helm-generator/Changelog.md                   |   3 +
 mod2/helm-generator/helmchartgenerator-cli/pom.xml |  24 +-
 .../helm-generator/helmchartgenerator-core/pom.xml |  21 +-
 mod2/helm-generator/pom.xml                        | 280 +++++++++++----------
 mod2/helm-generator/version.properties             |   2 +-
 5 files changed, 186 insertions(+), 144 deletions(-)

diff --git a/mod2/helm-generator/Changelog.md b/mod2/helm-generator/Changelog.md
index fb4b06f..2dabb70 100644
--- a/mod2/helm-generator/Changelog.md
+++ b/mod2/helm-generator/Changelog.md
@@ -5,6 +5,9 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [1.0.3]- 2022-02-23
+*  [DCAEGEN2-3052] Vulnerability fixes for okhttp & commons-io modules
+
 ## [1.0.2]- 2021-11-05
 *  [DCAEGEN2-2936] Convert streams_publishes and streams_subscribes json strings under applicationConfig to map
 *  [DCAEGEN2-2948] Spec schema changes: Change Cluster to ClusterIP, make policy-id as required field
diff --git a/mod2/helm-generator/helmchartgenerator-cli/pom.xml b/mod2/helm-generator/helmchartgenerator-cli/pom.xml
index a9dd0ee..3229e94 100644
--- a/mod2/helm-generator/helmchartgenerator-cli/pom.xml
+++ b/mod2/helm-generator/helmchartgenerator-cli/pom.xml
@@ -1,14 +1,31 @@
 <?xml version="1.0"?>
+<!--
+  ~ # ============LICENSE_START=======================================================
+  ~ # Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved.
+  ~ # ================================================================================
+  ~ # Licensed under the Apache License, Version 2.0 (the "License");
+  ~ # you may not use this file except in compliance with the License.
+  ~ # You may obtain a copy of the License at
+  ~ #
+  ~ #      http://www.apache.org/licenses/LICENSE-2.0
+  ~ #
+  ~ # Unless required by applicable law or agreed to in writing, software
+  ~ # distributed under the License is distributed on an "AS IS" BASIS,
+  ~ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ # See the License for the specific language governing permissions and
+  ~ # limitations under the License.
+  ~ # ============LICENSE_END=========================================================
+  -->
 <project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <modelVersion>4.0.0</modelVersion>
   <parent>
     <groupId>org.onap.dcaegen2.platform</groupId>
     <artifactId>helmchartgenerator</artifactId>
-    <version>1.0.2-SNAPSHOT</version>
+    <version>1.0.3-SNAPSHOT</version>
   </parent>
   <artifactId>helmchartgenerator-cli</artifactId>
-  <version>1.0.2-SNAPSHOT</version>
+  <version>1.0.3-SNAPSHOT</version>
   <name>helmchartgenerator-cli</name>
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -17,7 +34,7 @@
     <dependency>
       <groupId>org.onap.dcaegen2.platform</groupId>
       <artifactId>helmchartgenerator-core</artifactId>
-      <version>1.0.2-SNAPSHOT</version>
+      <version>1.0.3-SNAPSHOT</version>
     </dependency>
   </dependencies>
   <build>
@@ -25,6 +42,7 @@
       <plugin>
           <groupId>org.springframework.boot</groupId>
           <artifactId>spring-boot-maven-plugin</artifactId>
+          <version>2.6.2</version>
           <executions>
               <execution>
                   <goals>
diff --git a/mod2/helm-generator/helmchartgenerator-core/pom.xml b/mod2/helm-generator/helmchartgenerator-core/pom.xml
index 0ced9dd..1b9dc35 100644
--- a/mod2/helm-generator/helmchartgenerator-core/pom.xml
+++ b/mod2/helm-generator/helmchartgenerator-core/pom.xml
@@ -1,14 +1,31 @@
 <?xml version="1.0"?>
+<!--
+  ~ # ============LICENSE_START=======================================================
+  ~ # Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved.
+  ~ # ================================================================================
+  ~ # Licensed under the Apache License, Version 2.0 (the "License");
+  ~ # you may not use this file except in compliance with the License.
+  ~ # You may obtain a copy of the License at
+  ~ #
+  ~ #      http://www.apache.org/licenses/LICENSE-2.0
+  ~ #
+  ~ # Unless required by applicable law or agreed to in writing, software
+  ~ # distributed under the License is distributed on an "AS IS" BASIS,
+  ~ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ # See the License for the specific language governing permissions and
+  ~ # limitations under the License.
+  ~ # ============LICENSE_END=========================================================
+  -->
 <project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
     <modelVersion>4.0.0</modelVersion>
     <parent>
         <groupId>org.onap.dcaegen2.platform</groupId>
         <artifactId>helmchartgenerator</artifactId>
-        <version>1.0.2-SNAPSHOT</version>
+        <version>1.0.3-SNAPSHOT</version>
     </parent>
     <artifactId>helmchartgenerator-core</artifactId>
-    <version>1.0.2-SNAPSHOT</version>
+    <version>1.0.3-SNAPSHOT</version>
     <name>helmchartgenerator-core</name>
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
diff --git a/mod2/helm-generator/pom.xml b/mod2/helm-generator/pom.xml
index 8409274..52d1427 100644
--- a/mod2/helm-generator/pom.xml
+++ b/mod2/helm-generator/pom.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
   ~ # ============LICENSE_START=======================================================
-  ~ # Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+  ~ # Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved.
   ~ # ================================================================================
   ~ # Licensed under the Apache License, Version 2.0 (the "License");
   ~ # you may not use this file except in compliance with the License.
@@ -18,143 +18,147 @@
   -->
 
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-		 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-	<packaging>pom</packaging>
-	<modules>
-		<module>helmchartgenerator-core</module>
-		<module>helmchartgenerator-cli</module>
-	</modules>
-	<parent>
-		<groupId>org.onap.oparent</groupId>
-		<artifactId>oparent</artifactId>
-		<version>2.0.0</version>
-	</parent>
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <packaging>pom</packaging>
+    <modules>
+        <module>helmchartgenerator-core</module>
+        <module>helmchartgenerator-cli</module>
+    </modules>
+    <parent>
+        <groupId>org.onap.oparent</groupId>
+        <artifactId>oparent</artifactId>
+        <version>2.0.0</version>
+    </parent>
 
-	<groupId>org.onap.dcaegen2.platform</groupId>
-	<artifactId>helmchartgenerator</artifactId>
-	<version>1.0.2-SNAPSHOT</version>
-	<name>helm-chart-generator</name>
-	<description>Helm chart generator</description>
-	<properties>
-		<java.version>11</java.version>
-		<maven.compiler.source>${java.version}</maven.compiler.source>
-		<maven.compiler.target>${java.version}</maven.compiler.target>
-		<spring-boot.version>2.4.0</spring-boot.version>
-		<sonar.maven.plugin>3.0.2</sonar.maven.plugin>
-		<sonar.junit.reportsPath>${project.basedir}/target/surefire-reports
-		</sonar.junit.reportsPath>
-		<sonar.surefire.reportsPath>${project.basedir}/target/surefire-reports
-		</sonar.surefire.reportsPath>
-		<sonar.coverage.jacoco.xmlReportPaths>${project.basedir}/target/site/jacoco-ut/jacoco.xml
-		</sonar.coverage.jacoco.xmlReportPaths>
-	</properties>
-	<dependencies>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-test</artifactId>
-			<scope>test</scope>
-			<exclusions>
-				<exclusion>
-					<groupId>org.junit.vintage</groupId>
-					<artifactId>junit-vintage-engine</artifactId>
-				</exclusion>
-			</exclusions>
-		</dependency>
-		<dependency>
-			<groupId>commons-io</groupId>
-			<artifactId>commons-io</artifactId>
-			<version>2.4</version>
-		</dependency>
-		<dependency>
-			<groupId>org.projectlombok</groupId>
-			<artifactId>lombok</artifactId>
-			<version>1.18.20</version>
-		</dependency>
-		<dependency>
-			<groupId>com.fasterxml.jackson.core</groupId>
-			<artifactId>jackson-databind</artifactId>
-			<version>2.10.3</version>
-		</dependency>
-		<dependency>
-			<groupId>com.fasterxml.jackson.dataformat</groupId>
-			<artifactId>jackson-dataformat-yaml</artifactId>
-			<version>2.9.8</version>
-		</dependency>
-		<dependency>
-			<groupId>org.everit.json</groupId>
-			<artifactId>org.everit.json.schema</artifactId>
-			<version>1.3.0</version>
-		</dependency>
-		<dependency>
-			<groupId>com.vaadin.external.google</groupId>
-			<artifactId>android-json</artifactId>
-			<version>0.0.20131108.vaadin1</version>
-			<scope>compile</scope>
-		</dependency>
-		<dependency>
-			<groupId>com.squareup.okhttp3</groupId>
-			<artifactId>okhttp</artifactId>
-			<version>4.0.1</version>
-		</dependency>
-		<dependency>
-			<groupId>com.squareup.okhttp3</groupId>
-			<artifactId>mockwebserver</artifactId>
-			<version>4.0.1</version>
-			<scope>test</scope>
-		</dependency>
-	</dependencies>
-	<dependencyManagement>
-		<dependencies>
-			<dependency>
-				<!-- Import dependency management from Spring Boot -->
-				<groupId>org.springframework.boot</groupId>
-				<artifactId>spring-boot-dependencies</artifactId>
-				<version>${spring-boot.version}</version>
-				<type>pom</type>
-				<scope>import</scope>
-			</dependency>
-		</dependencies>
-	</dependencyManagement>
-	<build>
-		<plugins>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-javadoc-plugin</artifactId>
-				<version>2.10.2</version>
-				<configuration>
-					<additionalparam>-Xdoclint:all</additionalparam>
-					<additionalparam>-Xlint:all</additionalparam>
-				</configuration>
-			</plugin>
+    <groupId>org.onap.dcaegen2.platform</groupId>
+    <artifactId>helmchartgenerator</artifactId>
+    <version>1.0.3-SNAPSHOT</version>
+    <name>helm-chart-generator</name>
+    <description>Helm chart generator</description>
+    <properties>
+        <java.version>11</java.version>
+        <maven.compiler.source>${java.version}</maven.compiler.source>
+        <maven.compiler.target>${java.version}</maven.compiler.target>
+        <spring-boot.version>2.4.0</spring-boot.version>
+        <sonar.maven.plugin>3.0.2</sonar.maven.plugin>
+        <sonar.junit.reportsPath>${project.basedir}/target/surefire-reports
+        </sonar.junit.reportsPath>
+        <sonar.surefire.reportsPath>${project.basedir}/target/surefire-reports
+        </sonar.surefire.reportsPath>
+        <sonar.coverage.jacoco.xmlReportPaths>${project.basedir}/target/site/jacoco-ut/jacoco.xml
+        </sonar.coverage.jacoco.xmlReportPaths>
+    </properties>
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.junit.vintage</groupId>
+                    <artifactId>junit-vintage-engine</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-databind</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>2.11.0</version>
+        </dependency>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.18.20</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>2.10.3</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.dataformat</groupId>
+            <artifactId>jackson-dataformat-yaml</artifactId>
+            <version>2.9.8</version>
+        </dependency>
+        <dependency>
+            <groupId>org.everit.json</groupId>
+            <artifactId>org.everit.json.schema</artifactId>
+            <version>1.3.0</version>
+        </dependency>
+        <dependency>
+            <groupId>com.vaadin.external.google</groupId>
+            <artifactId>android-json</artifactId>
+            <version>0.0.20131108.vaadin1</version>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.squareup.okhttp3</groupId>
+            <artifactId>okhttp</artifactId>
+            <version>4.9.3</version>
+        </dependency>
+        <dependency>
+            <groupId>com.squareup.okhttp3</groupId>
+            <artifactId>mockwebserver</artifactId>
+            <version>4.0.1</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <!-- Import dependency management from Spring Boot -->
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-dependencies</artifactId>
+                <version>${spring-boot.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-javadoc-plugin</artifactId>
+                <version>2.10.2</version>
+                <configuration>
+                    <additionalparam>-Xdoclint:all</additionalparam>
+                    <additionalparam>-Xlint:all</additionalparam>
+                </configuration>
+            </plugin>
 
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-surefire-report-plugin</artifactId>
-				<version>2.6</version>
-				<executions>
-					<execution>
-						<phase>test</phase>
-						<goals>
-							<goal>report</goal>
-						</goals>
-					</execution>
-				</executions>
-			</plugin>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-surefire-plugin</artifactId>
-				<version>2.22.2</version>
-			</plugin>
-			<plugin>
-				<groupId>org.sonarsource.scanner.maven</groupId>
-				<artifactId>sonar-maven-plugin</artifactId>
-				<version>${sonar.maven.plugin}</version>
-			</plugin>
-		</plugins>
-	</build>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-report-plugin</artifactId>
+                <version>2.6</version>
+                <executions>
+                    <execution>
+                        <phase>test</phase>
+                        <goals>
+                            <goal>report</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>2.22.2</version>
+            </plugin>
+            <plugin>
+                <groupId>org.sonarsource.scanner.maven</groupId>
+                <artifactId>sonar-maven-plugin</artifactId>
+                <version>${sonar.maven.plugin}</version>
+            </plugin>
+        </plugins>
+    </build>
 </project>
diff --git a/mod2/helm-generator/version.properties b/mod2/helm-generator/version.properties
index c13587b..ab6cbfe 100644
--- a/mod2/helm-generator/version.properties
+++ b/mod2/helm-generator/version.properties
@@ -1,6 +1,6 @@
 major=1
 minor=0
-patch=2
+patch=3
 base_version=${major}.${minor}.${patch}
 release_version=${base_version}
 snapshot_version=${base_version}-SNAPSHOT
-- 
cgit 1.2.3-korg