summaryrefslogtreecommitdiffstats
path: root/pom.xml
diff options
context:
space:
mode:
authorSunil Unnava <su622b@att.com>2018-03-12 09:30:41 -0400
committerSunil Unnava <su622b@att.com>2018-03-12 09:30:58 -0400
commitd46bf3638b5025f1b084134ec41b79da3fccee77 (patch)
tree0c61a9cd8878ee31a14795388c86b16cc9b61135 /pom.xml
parent04e44e42c8f9689a514052e4411659a26bbc951a (diff)
changes for security issues
Issue-ID: DMAAP-207 Change-Id: Iefc76d3ec4c57f1a6f6a498975db758dda8016a7 Signed-off-by: Sunil Unnava <su622b@att.com>
Diffstat (limited to 'pom.xml')
-rw-r--r--pom.xml442
1 files changed, 205 insertions, 237 deletions
diff --git a/pom.xml b/pom.xml
index 8fff980..d8274ec 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,24 +1,14 @@
-<!--
- ============LICENSE_START=======================================================
- org.onap.dmaap
- ================================================================================
- Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- ============LICENSE_END=========================================================
-
- ECOMP is a trademark and service mark of AT&T Intellectual Property.
-
- -->
+<!-- ============LICENSE_START=======================================================
+ org.onap.dmaap ================================================================================
+ Copyright © 2017 AT&T Intellectual Property. All rights reserved. ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ use this file except in compliance with the License. You may obtain a copy
+ of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. ============LICENSE_END=========================================================
+ ECOMP is a trademark and service mark of AT&T Intellectual Property. -->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
@@ -28,13 +18,13 @@
<packaging>jar</packaging>
<name>dmaap-messagerouter-msgrtr</name>
<description>Message Router - Restful interface built for kafka</description>
-
+
<parent>
<groupId>org.onap.oparent</groupId>
<artifactId>oparent</artifactId>
<version>0.1.1</version>
</parent>
-
+
<properties>
<spring.version>3.2.15.RELEASE</spring.version>
<cxf.version>3.0.4</cxf.version>
@@ -42,17 +32,18 @@
<maven.compiler.target>1.7</maven.compiler.target>
<maven.compiler.source>1.7</maven.compiler.source>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-
- <!-- SONAR -->
- <jacoco.version>0.7.7.201606060606</jacoco.version>
- <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version>
- <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin>
- <!-- Default Sonar configuration -->
- <sonar.jacoco.reportPath>target/code-coverage/jacoco-ut.exec</sonar.jacoco.reportPath>
- <sonar.jacoco.itReportPath>target/code-coverage/jacoco-it.exec</sonar.jacoco.itReportPath>
- <!-- Note: This list should match jacoco-maven-plugin's exclusion list below -->
- <sonar.exclusions>**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**</sonar.exclusions>
- <sitePath>/content/sites/site/org/onap/dmaap/messagerouter/msgrtr/${project.artifactId}/${project.version}</sitePath>
+
+ <!-- SONAR -->
+ <jacoco.version>0.7.7.201606060606</jacoco.version>
+ <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version>
+ <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin>
+ <!-- Default Sonar configuration -->
+ <sonar.jacoco.reportPath>target/code-coverage/jacoco-ut.exec</sonar.jacoco.reportPath>
+ <sonar.jacoco.itReportPath>target/code-coverage/jacoco-it.exec</sonar.jacoco.itReportPath>
+ <!-- Note: This list should match jacoco-maven-plugin's exclusion list
+ below -->
+ <sonar.exclusions>**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**</sonar.exclusions>
+ <sitePath>/content/sites/site/org/onap/dmaap/messagerouter/msgrtr/${project.artifactId}/${project.version}</sitePath>
<nexusproxy>https://nexus.onap.org</nexusproxy>
</properties>
@@ -68,84 +59,124 @@
<!-- End Distribution management -->
- <licenses>
- <license>
- <name>Apache License Version 2.0</name>
- </license>
+ <licenses>
+ <license>
+ <name>Apache License Version 2.0</name>
+ </license>
</licenses>
<developers>
- <developer>
- <name>Rajashree</name>
- <email></email>
- <organization>ATT</organization>
- <organizationUrl>www.att.com</organizationUrl>
- </developer>
- <developer>
- <name>Ramkumar</name>
- <email></email>
- <organization>ATT</organization>
- <organizationUrl>www.att.com</organizationUrl>
- </developer>
- </developers>
+ <developer>
+ <name>Rajashree</name>
+ <email></email>
+ <organization>ATT</organization>
+ <organizationUrl>www.att.com</organizationUrl>
+ </developer>
+ <developer>
+ <name>Ramkumar</name>
+ <email></email>
+ <organization>ATT</organization>
+ <organizationUrl>www.att.com</organizationUrl>
+ </developer>
+ </developers>
<dependencies>
- <dependency>
- <groupId>commons-collections</groupId>
- <artifactId>commons-collections</artifactId>
- <version>3.2.2</version>
- </dependency>
- <dependency>
- <groupId>ch.qos.logback</groupId>
- <artifactId>logback-core</artifactId>
- <version>1.2.0</version>
- </dependency>
- <dependency>
- <groupId>ch.qos.logback</groupId>
- <artifactId>logback-classic</artifactId>
- <version>1.2.0</version>
- </dependency>
- <!-- <dependency>
- <groupId>commons-beanutils</groupId>
- <artifactId>commons-beanutils</artifactId>
- <version>1.9.2</version>
- <exclusions>
- We have JCL-over-SLF4J instead.
- <exclusion>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </exclusion>
- </exclusions>
- </dependency> -->
- <dependency>
- <groupId>org.grails</groupId>
- <artifactId>grails-web</artifactId>
- <version>2.4.4</version>
- </dependency>
- <dependency>
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2.2</version>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-core</artifactId>
+ <version>1.2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ <version>1.2.0</version>
+ </dependency>
+ <!-- <dependency> <groupId>commons-beanutils</groupId> <artifactId>commons-beanutils</artifactId>
+ <version>1.9.2</version> <exclusions> We have JCL-over-SLF4J instead. <exclusion>
+ <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId>
+ </exclusion> </exclusions> </dependency> -->
+ <dependency>
+ <groupId>org.grails</groupId>
+ <artifactId>grails-web</artifactId>
+ <version>2.4.4</version>
+ </dependency>
+ <dependency>
+ <groupId>org.grails</groupId>
+ <artifactId>grails-bootstrap</artifactId>
+ <version>2.5.3</version>
+ <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <artifactId>ant</artifactId>
+ <groupId>org.apache.ant</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>jna</artifactId>
+ <groupId>net.java.dev.jna</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>ant-trax</artifactId>
+ <groupId>org.apache.ant</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>gant_groovy1.8</artifactId>
+ <groupId>org.codehaus.gant</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>ant-launcher</artifactId>
+ <groupId>org.apache.ant</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>jline</artifactId>
+ <groupId>jline</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>ivy</artifactId>
+ <groupId>org.apache.ivy</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>jansi</artifactId>
+ <groupId>org.fusesource.jansi</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>commons-logging</artifactId>
+ <groupId>commons-logging</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>ant-junit</artifactId>
+ <groupId>org.apache.ant</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
<scope>test</scope>
</dependency>
- <dependency>
- <groupId>org.codehaus.groovy</groupId>
- <artifactId>groovy-all</artifactId>
- <version>2.4.4</version>
- <scope>compile</scope>
- <exclusions>
- <exclusion>
- <artifactId>jline</artifactId>
- <groupId>jline</groupId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>commons-fileupload</groupId>
- <artifactId>commons-fileupload</artifactId>
- <version>1.3.3</version>
- </dependency>
-
+ <dependency>
+ <groupId>org.codehaus.groovy</groupId>
+ <artifactId>groovy-all</artifactId>
+ <version>2.4.4</version>
+ <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <artifactId>jline</artifactId>
+ <groupId>jline</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ <version>1.3.3</version>
+ </dependency>
+
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
@@ -156,7 +187,7 @@
<groupId>com.att.aft</groupId>
<artifactId>dme2</artifactId>
<version>3.1.200-oss</version>
- </dependency>
+ </dependency>
<!-- slf4j logger -->
<dependency>
@@ -270,11 +301,8 @@
</dependency>
<!-- our Highland Park library -->
- <!-- <dependency>
- <groupId>com.att.nsa</groupId>
- <artifactId>highlandParkCore</artifactId>
- <version>0.4.9</version>
- </dependency> -->
+ <!-- <dependency> <groupId>com.att.nsa</groupId> <artifactId>highlandParkCore</artifactId>
+ <version>0.4.9</version> </dependency> -->
<!-- our base client library, for its command line tools -->
<dependency>
@@ -293,22 +321,22 @@
</exclusions>
</dependency>
<dependency>
- <groupId>org.apache.httpcomponents</groupId>
- <artifactId>httpclient</artifactId>
- <version>4.5.3</version>
-</dependency>
- <dependency>
- <groupId>org.apache.httpcomponents</groupId>
- <artifactId>httpclient-cache</artifactId>
- <version>4.5.3</version>
- </dependency>
- <dependency>
- <groupId>org.apache.httpcomponents</groupId>
- <artifactId>httpcore</artifactId>
- <version>4.4.1</version>
- </dependency>
-
-
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient</artifactId>
+ <version>4.5.3</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient-cache</artifactId>
+ <version>4.5.3</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpcore</artifactId>
+ <version>4.4.1</version>
+ </dependency>
+
+
<!-- explicit jline add b/c it conflicts with the zk client -->
<dependency>
<groupId>jline</groupId>
@@ -329,11 +357,11 @@
</dependency>
- <dependency>
- <groupId>com.google.code.gson</groupId>
- <artifactId>gson</artifactId>
- <version>2.8.0</version>
- </dependency>
+ <dependency>
+ <groupId>com.google.code.gson</groupId>
+ <artifactId>gson</artifactId>
+ <version>2.8.0</version>
+ </dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
@@ -341,7 +369,7 @@
<version>2.8.11</version>
<scope>test</scope>
</dependency>
-
+
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
@@ -361,12 +389,12 @@
<version>1.6.4</version>
<scope>test</scope>
</dependency>
-
+
<dependency>
- <groupId>org.powermock</groupId>
- <artifactId>powermock-module-junit4-rule</artifactId>
- <version>1.6.4</version>
- <scope>test</scope>
+ <groupId>org.powermock</groupId>
+ <artifactId>powermock-module-junit4-rule</artifactId>
+ <version>1.6.4</version>
+ <scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
@@ -374,7 +402,7 @@
<version>1.10.19</version>
<scope>test</scope>
</dependency>
-
+
</dependencies>
<build>
<finalName>DMaaP</finalName>
@@ -439,117 +467,57 @@
</goals>
</execution>
</executions>
- </plugin>
+ </plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.12.4</version>
<configuration>
<excludes>
- <!-- exclude until junits updated
- <exclude>**/DME2*.java</exclude> -->
+ <!-- exclude until junits updated <exclude>**/DME2*.java</exclude> -->
</excludes>
<!-- <skipTests>true</skipTests> -->
</configuration>
</plugin>
- <plugin>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>cobertura-maven-plugin</artifactId>
- <version>2.7</version>
- <configuration>
- <formats>
- <format>html</format>
- <format>xml</format>
- </formats>
- </configuration>
- </plugin>
- <!-- <plugin>
- <groupId>org.jacoco</groupId>
- <artifactId>jacoco-maven-plugin</artifactId>
- <version>${jacoco.version}</version>
- <configuration>
- Note: This exclusion list should match <sonar.exclusions>
- property above
- <excludes>
- <exclude>**/gen/**</exclude>
- <exclude>**/generated-sources/**</exclude>
- <exclude>**/yang-gen/**</exclude>
- <exclude>**/pax/**</exclude>
- </excludes>
- </configuration>
- <executions>
-
- Prepares the property pointing to the JaCoCo runtime agent which
- is passed as VM argument when Maven the Surefire plugin is executed.
-
- <execution>
- <id>pre-unit-test</id>
- <goals>
- <goal>prepare-agent</goal>
- </goals>
- <configuration>
- Sets the path to the file which contains the execution data.
- <destFile>${project.build.directory}/code-coverage/jacoco-ut.exec</destFile>
-
- Sets the name of the property containing the settings
- for JaCoCo runtime agent.
-
- <propertyName>surefireArgLine</propertyName>
- </configuration>
- </execution>
-
- Ensures that the code coverage report for unit tests is created after
- unit tests have been run.
-
- <execution>
- <id>post-unit-test</id>
- <phase>test</phase>
- <goals>
- <goal>report</goal>
- </goals>
- <configuration>
- Sets the path to the file which contains the execution data.
- <dataFile>${project.build.directory}/code-coverage/jacoco-ut.exec</dataFile>
- Sets the output directory for the code coverage report.
- <outputDirectory>${project.reporting.outputDirectory}/jacoco-ut</outputDirectory>
- </configuration>
- </execution>
- <execution>
- <id>pre-integration-test</id>
- <phase>pre-integration-test</phase>
- <goals>
- <goal>prepare-agent</goal>
- </goals>
- <configuration>
- Sets the path to the file which contains the execution data.
- <destFile>${project.build.directory}/code-coverage/jacoco-it.exec</destFile>
-
- Sets the name of the property containing the settings
- for JaCoCo runtime agent.
-
- <propertyName>failsafeArgLine</propertyName>
- </configuration>
- </execution>
-
- Ensures that the code coverage report for integration tests after
- integration tests have been run.
-
- <execution>
- <id>post-integration-test</id>
- <phase>post-integration-test</phase>
- <goals>
- <goal>report</goal>
- </goals>
- <configuration>
- Sets the path to the file which contains the execution data.
- <dataFile>${project.build.directory}/code-coverage/jacoco-it.exec</dataFile>
- Sets the output directory for the code coverage report.
- <outputDirectory>${project.reporting.outputDirectory}/jacoco-it</outputDirectory>
- </configuration>
- </execution>
- </executions>
- </plugin>
- --></plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>cobertura-maven-plugin</artifactId>
+ <version>2.7</version>
+ <configuration>
+ <formats>
+ <format>html</format>
+ <format>xml</format>
+ </formats>
+ </configuration>
+ </plugin>
+ <!-- <plugin> <groupId>org.jacoco</groupId> <artifactId>jacoco-maven-plugin</artifactId>
+ <version>${jacoco.version}</version> <configuration> Note: This exclusion
+ list should match <sonar.exclusions> property above <excludes> <exclude>**/gen/**</exclude>
+ <exclude>**/generated-sources/**</exclude> <exclude>**/yang-gen/**</exclude>
+ <exclude>**/pax/**</exclude> </excludes> </configuration> <executions> Prepares
+ the property pointing to the JaCoCo runtime agent which is passed as VM argument
+ when Maven the Surefire plugin is executed. <execution> <id>pre-unit-test</id>
+ <goals> <goal>prepare-agent</goal> </goals> <configuration> Sets the path
+ to the file which contains the execution data. <destFile>${project.build.directory}/code-coverage/jacoco-ut.exec</destFile>
+ Sets the name of the property containing the settings for JaCoCo runtime
+ agent. <propertyName>surefireArgLine</propertyName> </configuration> </execution>
+ Ensures that the code coverage report for unit tests is created after unit
+ tests have been run. <execution> <id>post-unit-test</id> <phase>test</phase>
+ <goals> <goal>report</goal> </goals> <configuration> Sets the path to the
+ file which contains the execution data. <dataFile>${project.build.directory}/code-coverage/jacoco-ut.exec</dataFile>
+ Sets the output directory for the code coverage report. <outputDirectory>${project.reporting.outputDirectory}/jacoco-ut</outputDirectory>
+ </configuration> </execution> <execution> <id>pre-integration-test</id> <phase>pre-integration-test</phase>
+ <goals> <goal>prepare-agent</goal> </goals> <configuration> Sets the path
+ to the file which contains the execution data. <destFile>${project.build.directory}/code-coverage/jacoco-it.exec</destFile>
+ Sets the name of the property containing the settings for JaCoCo runtime
+ agent. <propertyName>failsafeArgLine</propertyName> </configuration> </execution>
+ Ensures that the code coverage report for integration tests after integration
+ tests have been run. <execution> <id>post-integration-test</id> <phase>post-integration-test</phase>
+ <goals> <goal>report</goal> </goals> <configuration> Sets the path to the
+ file which contains the execution data. <dataFile>${project.build.directory}/code-coverage/jacoco-it.exec</dataFile>
+ Sets the output directory for the code coverage report. <outputDirectory>${project.reporting.outputDirectory}/jacoco-it</outputDirectory>
+ </configuration> </execution> </executions> </plugin> -->
+ </plugins>
</build>
<!-- <profiles> <profile> <id>jenkins</id> <activation> <property> <name>env.BUILD_NUMBER</name>