Update to SECCOM recommended dependencies

SECCOM has issued a directive on which dependencies should be used, see
this wiki page:
https://wiki.onap.org/display/SV/Jakarta+Policy

This is the policy parent review to comply with the SECCOM directive.

Zookeeper is added as a test dependency, it is no longer pulled in as a
transitive dependency by Kafka.

Issue-ID: POLICY-3849
Change-Id: Id504b308cd4e806e9e2e9489842abf1a7f93b9dc
Signed-off-by: liamfallon <liam.fallon@est.tech>

1 files changed, 17 insertions, 0 deletions

diff --git a/testsuites/integration/integration-uservice-test/pom.xml b/testsuites/integration/integration-uservice-test/pom.xml
index 5b4152dec..d852ad1b5 100644
--- a/testsuites/integration/integration-uservice-test/pom.xml
+++ b/testsuites/integration/integration-uservice-test/pom.xml
@@ -173,6 +173,23 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>org.apache.zookeeper</groupId>
+            <artifactId>zookeeper</artifactId>
+            <version>3.7.0</version>
+            <scope>test</scope>
+            <exclusions>
+            <!-- The default netty version in kafka-junit4 has vulnerabilities -->
+                <exclusion>
+                    <groupId>io.netty</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-log4j12</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
         <!-- This netty version fixes the vulnerabilities -->
         <dependency>
             <groupId>io.netty</groupId>