From 4710dd757cbe89a2ac38f07c1fbb977ed570becf Mon Sep 17 00:00:00 2001 From: Piotr Marcinkiewicz Date: Mon, 27 Jul 2020 16:28:52 +0200 Subject: Fix SDK vulnerabilities - Update spring boot dependencies and fix warnings about deprecations. - Update testcontainers version to 1.14.3 - Top up patch version to 1.4.1 Issue-ID: DCAEGEN2-2277 Signed-off-by: Piotr Marcinkiewicz Change-Id: I2173e0160728f2d404c7cf65e1869a642db49ece --- pom.xml | 7 +++---- rest-services/cbs-client/pom.xml | 2 +- .../sdk/rest/services/cbs/client/impl/streams/gson/GsonUtils.java | 4 ++-- rest-services/dmaap-client/pom.xml | 4 ++-- .../services/dmaap/client/impl/MessageRouterSubscriberImpl.java | 6 ++---- .../sdk/rest/services/dmaap/client/MessageRouterTestsUtils.java | 5 ++--- rest-services/http-client/pom.xml | 4 ++-- rest-services/model/pom.xml | 2 +- rest-services/pom.xml | 2 +- security/crypt-password/pom.xml | 4 ++-- security/pom.xml | 4 ++-- security/ssl/pom.xml | 4 ++-- services/external-schema-manager/pom.xml | 4 ++-- services/hv-ves-client/pom.xml | 2 +- services/hv-ves-client/producer/api/pom.xml | 2 +- services/hv-ves-client/producer/ct/pom.xml | 2 +- services/hv-ves-client/producer/impl/pom.xml | 2 +- .../hvves/client/producer/impl/HvVesProducerFactoryImpl.java | 4 ++-- services/hv-ves-client/producer/pom.xml | 2 +- services/hv-ves-client/protobuf/pom.xml | 4 ++-- services/pom.xml | 2 +- standardization/api-custom-header/pom.xml | 2 +- standardization/moher-api/healthstate/pom.xml | 4 ++-- standardization/moher-api/metrics/pom.xml | 4 ++-- standardization/moher-api/pom.xml | 4 ++-- standardization/moher-api/server-adapters/pom.xml | 4 ++-- standardization/moher-api/server-adapters/reactor-netty/pom.xml | 4 ++-- standardization/moher-api/server-adapters/spring-webflux/pom.xml | 4 ++-- .../moher/adapters/springwebflux/HealthController.java | 6 +++--- standardization/pom.xml | 2 +- version.properties | 2 +- 31 files changed, 52 insertions(+), 56 deletions(-) diff --git a/pom.xml b/pom.xml index 3a06eb52..1032a834 100644 --- a/pom.xml +++ b/pom.xml @@ -11,7 +11,7 @@ org.onap.dcaegen2.services sdk - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT dcaegen2-services-sdk Common SDK repo for all DCAE Services @@ -74,9 +74,8 @@ 1.6 16.0.3 3.6.0.2 - 1.13.0 - 2.2.1.RELEASE - 2.1.5.RELEASE + 1.14.3 + 2.2.9.RELEASE 1.17.2 1.0.3 diff --git a/rest-services/cbs-client/pom.xml b/rest-services/cbs-client/pom.xml index be44724f..2ea991f1 100644 --- a/rest-services/cbs-client/pom.xml +++ b/rest-services/cbs-client/pom.xml @@ -7,7 +7,7 @@ org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-rest-services - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT org.onap.dcaegen2.services.sdk.rest.services diff --git a/rest-services/cbs-client/src/main/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/impl/streams/gson/GsonUtils.java b/rest-services/cbs-client/src/main/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/impl/streams/gson/GsonUtils.java index 0881c082..2df63359 100644 --- a/rest-services/cbs-client/src/main/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/impl/streams/gson/GsonUtils.java +++ b/rest-services/cbs-client/src/main/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/impl/streams/gson/GsonUtils.java @@ -2,7 +2,7 @@ * ============LICENSE_START==================================== * DCAEGEN2-SERVICES-SDK * ========================================================= - * Copyright (C) 2019 Nokia. All rights reserved. + * Copyright (C) 2019-2020 Nokia. All rights reserved. * ========================================================= * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -93,7 +93,7 @@ public final class GsonUtils { public static JsonElement readFromResource(String resource) throws IOException { try (Reader reader = new InputStreamReader(GsonUtils.class.getResourceAsStream(resource))) { - return new JsonParser().parse(reader); + return JsonParser.parseReader(reader); } } diff --git a/rest-services/dmaap-client/pom.xml b/rest-services/dmaap-client/pom.xml index c6ac6063..586c97e3 100644 --- a/rest-services/dmaap-client/pom.xml +++ b/rest-services/dmaap-client/pom.xml @@ -7,7 +7,7 @@ org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-rest-services - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT org.onap.dcaegen2.services.sdk.rest.services @@ -77,4 +77,4 @@ junit-jupiter - \ No newline at end of file + diff --git a/rest-services/dmaap-client/src/main/java/org/onap/dcaegen2/services/sdk/rest/services/dmaap/client/impl/MessageRouterSubscriberImpl.java b/rest-services/dmaap-client/src/main/java/org/onap/dcaegen2/services/sdk/rest/services/dmaap/client/impl/MessageRouterSubscriberImpl.java index 1edaf72f..72c0bad3 100644 --- a/rest-services/dmaap-client/src/main/java/org/onap/dcaegen2/services/sdk/rest/services/dmaap/client/impl/MessageRouterSubscriberImpl.java +++ b/rest-services/dmaap-client/src/main/java/org/onap/dcaegen2/services/sdk/rest/services/dmaap/client/impl/MessageRouterSubscriberImpl.java @@ -2,7 +2,7 @@ * ============LICENSE_START==================================== * DCAEGEN2-SERVICES-SDK * ========================================================= - * Copyright (C) 2019 Nokia. All rights reserved. + * Copyright (C) 2019-2020 Nokia. All rights reserved. * ========================================================= * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -80,12 +80,10 @@ public class MessageRouterSubscriberImpl implements MessageRouterSubscriber { } private List getAsJsonElements(HttpResponse httpResponse){ - JsonParser parser = new JsonParser(); - JsonArray bodyAsJsonArray = httpResponse .bodyAsJson(StandardCharsets.UTF_8, gson, JsonArray.class); - return List.ofAll(bodyAsJsonArray).map(arrayElement -> parser.parse(arrayElement.getAsString())); + return List.ofAll(bodyAsJsonArray).map(arrayElement -> JsonParser.parseString(arrayElement.getAsString())); } private String buildSubscribeUrl(MessageRouterSubscribeRequest request) { diff --git a/rest-services/dmaap-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/dmaap/client/MessageRouterTestsUtils.java b/rest-services/dmaap-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/dmaap/client/MessageRouterTestsUtils.java index 52946f56..8561e0b0 100644 --- a/rest-services/dmaap-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/dmaap/client/MessageRouterTestsUtils.java +++ b/rest-services/dmaap-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/dmaap/client/MessageRouterTestsUtils.java @@ -2,7 +2,7 @@ * ============LICENSE_START==================================== * DCAEGEN2-SERVICES-SDK * ========================================================= - * Copyright (C) 2019 Nokia. All rights reserved. + * Copyright (C) 2019-2020 Nokia. All rights reserved. * ========================================================= * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -43,7 +43,6 @@ import reactor.core.publisher.Flux; public final class MessageRouterTestsUtils { - private static final JsonParser parser = new JsonParser(); private MessageRouterTestsUtils() {} public static MessageRouterPublishRequest createPublishRequest(String topicUrl){ @@ -78,7 +77,7 @@ public final class MessageRouterTestsUtils { } public static List getAsJsonElements(List messages){ - return messages.map(parser::parse); + return messages.map(JsonParser::parseString); } public static List getAsJsonObjects(List messages){ diff --git a/rest-services/http-client/pom.xml b/rest-services/http-client/pom.xml index aae9aaf5..018bb33e 100644 --- a/rest-services/http-client/pom.xml +++ b/rest-services/http-client/pom.xml @@ -28,7 +28,7 @@ org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-rest-services - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT org.onap.dcaegen2.services.sdk.rest.services @@ -88,4 +88,4 @@ test - \ No newline at end of file + diff --git a/rest-services/model/pom.xml b/rest-services/model/pom.xml index bd6d9905..962f35bb 100644 --- a/rest-services/model/pom.xml +++ b/rest-services/model/pom.xml @@ -27,7 +27,7 @@ org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-rest-services - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT org.onap.dcaegen2.services.sdk.rest.services diff --git a/rest-services/pom.xml b/rest-services/pom.xml index 64514c1e..679c9da8 100644 --- a/rest-services/pom.xml +++ b/rest-services/pom.xml @@ -7,7 +7,7 @@ org.onap.dcaegen2.services sdk - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT org.onap.dcaegen2.services.sdk diff --git a/security/crypt-password/pom.xml b/security/crypt-password/pom.xml index 3ae11bf2..8a9fa6d2 100644 --- a/security/crypt-password/pom.xml +++ b/security/crypt-password/pom.xml @@ -6,7 +6,7 @@ org.onap.dcaegen2.services.sdk.security dcaegen2-services-sdk-security - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT 4.0.0 @@ -86,4 +86,4 @@ - \ No newline at end of file + diff --git a/security/pom.xml b/security/pom.xml index 046a013a..a98d47c2 100644 --- a/security/pom.xml +++ b/security/pom.xml @@ -7,7 +7,7 @@ org.onap.dcaegen2.services sdk - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT org.onap.dcaegen2.services.sdk.security @@ -22,4 +22,4 @@ ssl - \ No newline at end of file + diff --git a/security/ssl/pom.xml b/security/ssl/pom.xml index 1c2fb15b..55b7aa63 100644 --- a/security/ssl/pom.xml +++ b/security/ssl/pom.xml @@ -6,7 +6,7 @@ org.onap.dcaegen2.services.sdk.security dcaegen2-services-sdk-security - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT ssl @@ -44,4 +44,4 @@ - \ No newline at end of file + diff --git a/services/external-schema-manager/pom.xml b/services/external-schema-manager/pom.xml index e22ac392..6491a490 100644 --- a/services/external-schema-manager/pom.xml +++ b/services/external-schema-manager/pom.xml @@ -7,7 +7,7 @@ org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-services - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT dcaegen2-services-sdk-services-external-schema-manager @@ -43,4 +43,4 @@ - \ No newline at end of file + diff --git a/services/hv-ves-client/pom.xml b/services/hv-ves-client/pom.xml index c4b690ac..af045cde 100644 --- a/services/hv-ves-client/pom.xml +++ b/services/hv-ves-client/pom.xml @@ -26,7 +26,7 @@ org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-services - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT dcaegen2-services-sdk-services-hvvesclient diff --git a/services/hv-ves-client/producer/api/pom.xml b/services/hv-ves-client/producer/api/pom.xml index 02e1f705..0388c49e 100644 --- a/services/hv-ves-client/producer/api/pom.xml +++ b/services/hv-ves-client/producer/api/pom.xml @@ -26,7 +26,7 @@ org.onap.dcaegen2.services.sdk hvvesclient-producer - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT hvvesclient-producer-api diff --git a/services/hv-ves-client/producer/ct/pom.xml b/services/hv-ves-client/producer/ct/pom.xml index ee0db9e4..c2a0f381 100644 --- a/services/hv-ves-client/producer/ct/pom.xml +++ b/services/hv-ves-client/producer/ct/pom.xml @@ -26,7 +26,7 @@ org.onap.dcaegen2.services.sdk hvvesclient-producer - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT hvvesclient-producer-ct diff --git a/services/hv-ves-client/producer/impl/pom.xml b/services/hv-ves-client/producer/impl/pom.xml index 8b82fef9..79c88b0c 100644 --- a/services/hv-ves-client/producer/impl/pom.xml +++ b/services/hv-ves-client/producer/impl/pom.xml @@ -26,7 +26,7 @@ org.onap.dcaegen2.services.sdk hvvesclient-producer - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT hvvesclient-producer-impl diff --git a/services/hv-ves-client/producer/impl/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/impl/HvVesProducerFactoryImpl.java b/services/hv-ves-client/producer/impl/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/impl/HvVesProducerFactoryImpl.java index 185fca71..c57f994a 100644 --- a/services/hv-ves-client/producer/impl/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/impl/HvVesProducerFactoryImpl.java +++ b/services/hv-ves-client/producer/impl/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/impl/HvVesProducerFactoryImpl.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * DCAEGEN2-SERVICES-SDK * ================================================================================ - * Copyright (C) 2019 Nokia. All rights reserved. + * Copyright (C) 2019-2020 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -41,7 +41,7 @@ public class HvVesProducerFactoryImpl extends HvVesProducerFactory { @Override protected @NotNull HvVesProducer createProducer(ProducerOptions options) { TcpClient tcpClient = TcpClient.create() - .addressSupplier(() -> options.collectorAddresses().head()); + .remoteAddress(() -> options.collectorAddresses().head()); ProducerCore producerCore = new ProducerCore(new EncodersFactory(), options.wireFrameVersion()); if (options.securityKeys() == null) { diff --git a/services/hv-ves-client/producer/pom.xml b/services/hv-ves-client/producer/pom.xml index 776ef4dd..7dbea413 100644 --- a/services/hv-ves-client/producer/pom.xml +++ b/services/hv-ves-client/producer/pom.xml @@ -26,7 +26,7 @@ org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-services-hvvesclient - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT hvvesclient-producer diff --git a/services/hv-ves-client/protobuf/pom.xml b/services/hv-ves-client/protobuf/pom.xml index 7f2b2318..12014670 100644 --- a/services/hv-ves-client/protobuf/pom.xml +++ b/services/hv-ves-client/protobuf/pom.xml @@ -26,7 +26,7 @@ dcaegen2-services-sdk-services-hvvesclient org.onap.dcaegen2.services.sdk - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT High Volume VES Collector Client :: Protobuf @@ -93,4 +93,4 @@ - \ No newline at end of file + diff --git a/services/pom.xml b/services/pom.xml index 6bf64112..41998d5c 100644 --- a/services/pom.xml +++ b/services/pom.xml @@ -26,7 +26,7 @@ org.onap.dcaegen2.services sdk - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT org.onap.dcaegen2.services.sdk diff --git a/standardization/api-custom-header/pom.xml b/standardization/api-custom-header/pom.xml index a4dbbd91..a50a518b 100644 --- a/standardization/api-custom-header/pom.xml +++ b/standardization/api-custom-header/pom.xml @@ -7,7 +7,7 @@ org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-standardization - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT .. diff --git a/standardization/moher-api/healthstate/pom.xml b/standardization/moher-api/healthstate/pom.xml index dc0b9d38..d08ba480 100644 --- a/standardization/moher-api/healthstate/pom.xml +++ b/standardization/moher-api/healthstate/pom.xml @@ -25,7 +25,7 @@ dcaegen2-sdk-moher-api org.onap.dcaegen2.services.sdk - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT Monitoring and Healthcheck :: Health state @@ -52,4 +52,4 @@ reactor-core - \ No newline at end of file + diff --git a/standardization/moher-api/metrics/pom.xml b/standardization/moher-api/metrics/pom.xml index 41464f1c..11a23180 100644 --- a/standardization/moher-api/metrics/pom.xml +++ b/standardization/moher-api/metrics/pom.xml @@ -26,7 +26,7 @@ dcaegen2-sdk-moher-api org.onap.dcaegen2.services.sdk - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT Monitoring and Healthcheck :: Metrics @@ -63,4 +63,4 @@ test - \ No newline at end of file + diff --git a/standardization/moher-api/pom.xml b/standardization/moher-api/pom.xml index 8408e59a..6b282320 100644 --- a/standardization/moher-api/pom.xml +++ b/standardization/moher-api/pom.xml @@ -26,7 +26,7 @@ dcaegen2-services-sdk-standardization org.onap.dcaegen2.services.sdk - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT Monitoring and Healthcheck @@ -39,4 +39,4 @@ healthstate server-adapters - \ No newline at end of file + diff --git a/standardization/moher-api/server-adapters/pom.xml b/standardization/moher-api/server-adapters/pom.xml index 8d495386..91479c13 100644 --- a/standardization/moher-api/server-adapters/pom.xml +++ b/standardization/moher-api/server-adapters/pom.xml @@ -25,7 +25,7 @@ dcaegen2-sdk-moher-api org.onap.dcaegen2.services.sdk - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT Monitoring and Healthcheck :: Server Adapters @@ -38,4 +38,4 @@ spring-webflux reactor-netty - \ No newline at end of file + diff --git a/standardization/moher-api/server-adapters/reactor-netty/pom.xml b/standardization/moher-api/server-adapters/reactor-netty/pom.xml index 88288804..f4645120 100644 --- a/standardization/moher-api/server-adapters/reactor-netty/pom.xml +++ b/standardization/moher-api/server-adapters/reactor-netty/pom.xml @@ -25,7 +25,7 @@ dcaegen2-sdk-moher-server-adapters org.onap.dcaegen2.services.sdk - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT Monitoring and Healthcheck :: Server Adapters :: Reactor Netty @@ -62,4 +62,4 @@ test - \ No newline at end of file + diff --git a/standardization/moher-api/server-adapters/spring-webflux/pom.xml b/standardization/moher-api/server-adapters/spring-webflux/pom.xml index cca6f00d..227dbc4c 100644 --- a/standardization/moher-api/server-adapters/spring-webflux/pom.xml +++ b/standardization/moher-api/server-adapters/spring-webflux/pom.xml @@ -25,7 +25,7 @@ dcaegen2-sdk-moher-server-adapters org.onap.dcaegen2.services.sdk - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT Monitoring and Healthcheck :: Server Adapters :: Spring Webflux @@ -78,4 +78,4 @@ test - \ No newline at end of file + diff --git a/standardization/moher-api/server-adapters/spring-webflux/src/main/java/org/onap/dcaegen2/services/sdk/standardization/moher/adapters/springwebflux/HealthController.java b/standardization/moher-api/server-adapters/spring-webflux/src/main/java/org/onap/dcaegen2/services/sdk/standardization/moher/adapters/springwebflux/HealthController.java index 1f9eb4b0..0fcb331a 100644 --- a/standardization/moher-api/server-adapters/spring-webflux/src/main/java/org/onap/dcaegen2/services/sdk/standardization/moher/adapters/springwebflux/HealthController.java +++ b/standardization/moher-api/server-adapters/spring-webflux/src/main/java/org/onap/dcaegen2/services/sdk/standardization/moher/adapters/springwebflux/HealthController.java @@ -2,7 +2,7 @@ * ============LICENSE_START==================================== * DCAEGEN2-SERVICES-SDK * ========================================================= - * Copyright (C) 2019 Nokia. All rights reserved. + * Copyright (C) 2019-2020 Nokia. All rights reserved. * ========================================================= * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -35,7 +35,7 @@ import org.springframework.web.bind.annotation.RestController; import reactor.core.publisher.Mono; @RestController -@RequestMapping(value = "/health", produces = MediaType.APPLICATION_JSON_UTF8_VALUE) +@RequestMapping(value = "/health", produces = MediaType.APPLICATION_JSON_VALUE) public class HealthController { private final Gson gson; private final HealthProvider healthProvider; @@ -55,7 +55,7 @@ public class HealthController { public Mono> readinessCheck() { return healthProvider.currentHealth() .map(health -> responseStatusForHealth(health) - .contentType(MediaType.APPLICATION_JSON_UTF8) + .contentType(MediaType.APPLICATION_JSON) .body(gson.toJson(health))); } diff --git a/standardization/pom.xml b/standardization/pom.xml index 2e683315..ab3d92c5 100644 --- a/standardization/pom.xml +++ b/standardization/pom.xml @@ -8,7 +8,7 @@ org.onap.dcaegen2.services sdk - 1.4.0-SNAPSHOT + 1.4.1-SNAPSHOT .. diff --git a/version.properties b/version.properties index 9e0d73d4..f3529928 100644 --- a/version.properties +++ b/version.properties @@ -1,6 +1,6 @@ major=1 minor=4 -patch=0 +patch=1 base_version=${major}.${minor}.${patch} release_version=${base_version} snapshot_version=${base_version}-SNAPSHOT -- cgit 1.2.3-korg