summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorliamfallon <liam.fallon@est.tech>2022-01-25 12:22:59 +0000
committerliamfallon <liam.fallon@est.tech>2022-01-25 12:23:05 +0000
commit397ed3cb307be21d9ca50ed885748fdd035d9a8f (patch)
tree9bcedbb8747d873368e49842be71448bd6d3aaf5
parent0b7e14ab321c2da333f45e1a4f244de20ffe21ff (diff)
Update to SECCOM recommended dependencies
SECCOM has issued a directive on which dependencies should be used, see this wiki page: https://wiki.onap.org/display/SV/Jakarta+Policy This is the policy parent review to comply with the SECCOM directive. Zookeeper is added as a test dependency, it is no longer pulled in as a transitive dependency by Kafka. Issue-ID: POLICY-3849a Change-Id: Id721807d2ff194cc6c1aa78f88d911bddce5a458 Signed-off-by: liamfallon <liam.fallon@est.tech>
-rw-r--r--pom.xml2
-rw-r--r--testsuites/integration/integration-uservice-test/pom.xml17
2 files changed, 18 insertions, 1 deletions
diff --git a/pom.xml b/pom.xml
index d47c43cbf..ec3ce0714 100644
--- a/pom.xml
+++ b/pom.xml
@@ -43,7 +43,7 @@
<encoding>UTF-8</encoding>
<file.encoding>UTF-8</file.encoding>
<version.commons-cli>1.4</version.commons-cli>
- <version.kafka>2.3.0</version.kafka>
+ <version.kafka>3.0.0</version.kafka>
<version.hibernate>5.3.7.Final</version.hibernate>
<version.policy.common>1.9.2-SNAPSHOT</version.policy.common>
<version.policy.models>2.5.2-SNAPSHOT</version.policy.models>
diff --git a/testsuites/integration/integration-uservice-test/pom.xml b/testsuites/integration/integration-uservice-test/pom.xml
index 5b4152dec..d852ad1b5 100644
--- a/testsuites/integration/integration-uservice-test/pom.xml
+++ b/testsuites/integration/integration-uservice-test/pom.xml
@@ -173,6 +173,23 @@
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.apache.zookeeper</groupId>
+ <artifactId>zookeeper</artifactId>
+ <version>3.7.0</version>
+ <scope>test</scope>
+ <exclusions>
+ <!-- The default netty version in kafka-junit4 has vulnerabilities -->
+ <exclusion>
+ <groupId>io.netty</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
<!-- This netty version fixes the vulnerabilities -->
<dependency>
<groupId>io.netty</groupId>