From bd0767fc08a46c290b7a5d2f5dde1688c681cf0d Mon Sep 17 00:00:00 2001 From: Prudence Au Date: Wed, 4 Sep 2019 19:57:07 -0400 Subject: Address vulnerability issues. - exclude commons-beanutils from spring-boot-starter-velocity - upgrade handlebars to version 4.1.2 - upgrade logback-classic to version 1.2.3 - upgrade xstream to version 1.4.11.1 - exclude dom4j from spring-boot-starter-velocity - upgrade camel-core to version 2.21.5 - exclude struts-core from spring-boot-starter-velocity - upgrade plexus-utils to version 3.0.22 Issue-ID: LOG-827 Issue-ID: LOG-1116 Issue-ID: LOG-1121 Issue-ID: LOG-1122 Issue-ID: LOG-1123 Issue-ID: LOG-1124 Issue-ID: LOG-1062 Issue-ID: LOG-1063 Signed-off-by: Prudence Au Change-Id: Ib851883ba4338f800523bbdbdb714e39549e5ecd --- pom.xml | 65 ++++++++++++++++++---- .../unittest/service/SdncContextBuilderTest.java | 3 +- 2 files changed, 56 insertions(+), 12 deletions(-) diff --git a/pom.xml b/pom.xml index bb6cbc7..0b8c922 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ limitations under the License. - 2.21.1 + 2.21.5 UTF-8 ${project.build.directory}/generated-resources/swagger @@ -114,6 +114,20 @@ limitations under the License. org.springframework.boot spring-boot-starter-velocity 1.4.7.RELEASE + + + commons-beanutils + commons-beanutils + + + dom4j + dom4j + + + org.apache.struts + struts-core + + com.sun.jersey @@ -132,15 +146,6 @@ limitations under the License. camel-spring-boot-starter ${camel-spring-boot.version} - - org.apache.camel - camel-core - ${camel-spring-boot.version} - - - org.apache.camel - camel-servlet-starter - io.swagger @@ -184,7 +189,13 @@ limitations under the License. org.onap.aai rest-client - 1.2.1 + 1.3.0 + + + ch.qos.logback + logback-classic + + @@ -196,8 +207,26 @@ limitations under the License. commons-codec commons-codec + + com.thoughtworks.xstream + xstream + + + org.codehaus.plexus + plexus-utils + + + com.thoughtworks.xstream + xstream + 1.4.11.1 + + + org.codehaus.plexus + plexus-utils + 3.0.22 + @@ -225,6 +254,10 @@ limitations under the License. com.fasterxml.jackson.core jackson-databind + + com.github.jknack + handlebars + @@ -242,6 +275,16 @@ limitations under the License. jackson-annotations 2.9.0 + + com.github.jknack + handlebars + 4.1.2 + + + ch.qos.logback + logback-classic + 1.2.3 + diff --git a/src/test/java/org/onap/pomba/contextbuilder/sdnc/unittest/service/SdncContextBuilderTest.java b/src/test/java/org/onap/pomba/contextbuilder/sdnc/unittest/service/SdncContextBuilderTest.java index b7fbd33..daa0cf7 100644 --- a/src/test/java/org/onap/pomba/contextbuilder/sdnc/unittest/service/SdncContextBuilderTest.java +++ b/src/test/java/org/onap/pomba/contextbuilder/sdnc/unittest/service/SdncContextBuilderTest.java @@ -30,6 +30,7 @@ import com.github.jknack.handlebars.internal.Files; import com.github.tomakehurst.wiremock.junit.WireMockRule; import java.io.File; import java.io.IOException; +import java.nio.charset.Charset; import java.text.MessageFormat; import java.util.Collections; import javax.servlet.http.HttpServletRequest; @@ -212,7 +213,7 @@ public class SdncContextBuilderTest { private void addResponse(String url, String responseFile, WireMockRule thisMock) throws IOException { File file = new File(ClassLoader.getSystemResource(responseFile).getFile()); - String payload = Files.read(file); + String payload = Files.read(file, Charset.defaultCharset()); thisMock.stubFor(get(url).willReturn(okJson(payload))); } -- cgit 1.2.3-korg