aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorliamfallon <liam.fallon@est.tech>2022-01-18 10:39:06 +0000
committerliamfallon <liam.fallon@est.tech>2022-01-18 13:10:13 +0000
commit5cd5e12a432732068c7c624c5ab1d7bf58e85b3d (patch)
tree684b8424bc824aeccd3bf1f1fb719e374540cc9b
parentc719ee941bd4202b617544e351a11a35b20b8a6a (diff)
Update to SECCOM recommended dependencies
SECCOM has issued a directive on which dependencies should be used, see this wiki page: https://wiki.onap.org/display/SV/Jakarta+Policy This is the policy parent review to comply with the SECCOM directive. Zookeeper is added as a test dependency, it is no longer pulled in as a transitive dependency by Kafka. Issue-ID: POLICY-3849 Change-Id: Id504b308cd4e806e9e2e9489842abf1a7f93b9dc Signed-off-by: liamfallon <liam.fallon@est.tech>
-rw-r--r--pom.xml2
-rw-r--r--testsuites/integration/integration-uservice-test/pom.xml17
2 files changed, 18 insertions, 1 deletions
diff --git a/pom.xml b/pom.xml
index 5471367b8..02dd80788 100644
--- a/pom.xml
+++ b/pom.xml
@@ -43,7 +43,7 @@
<encoding>UTF-8</encoding>
<file.encoding>UTF-8</file.encoding>
<version.commons-cli>1.4</version.commons-cli>
- <version.kafka>2.3.0</version.kafka>
+ <version.kafka>3.0.0</version.kafka>
<version.hibernate>5.3.7.Final</version.hibernate>
<version.policy.common>1.10.1-SNAPSHOT</version.policy.common>
<version.policy.models>2.6.1-SNAPSHOT</version.policy.models>
diff --git a/testsuites/integration/integration-uservice-test/pom.xml b/testsuites/integration/integration-uservice-test/pom.xml
index 5b4152dec..d852ad1b5 100644
--- a/testsuites/integration/integration-uservice-test/pom.xml
+++ b/testsuites/integration/integration-uservice-test/pom.xml
@@ -173,6 +173,23 @@
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.apache.zookeeper</groupId>
+ <artifactId>zookeeper</artifactId>
+ <version>3.7.0</version>
+ <scope>test</scope>
+ <exclusions>
+ <!-- The default netty version in kafka-junit4 has vulnerabilities -->
+ <exclusion>
+ <groupId>io.netty</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
<!-- This netty version fixes the vulnerabilities -->
<dependency>
<groupId>io.netty</groupId>