diff options
author | Rashmi Pujar <rashmi.pujar@bell.ca> | 2019-09-10 19:28:13 -0400 |
---|---|---|
committer | Rashmi Pujar <rashmi.pujar@bell.ca> | 2019-09-11 00:17:15 +0000 |
commit | e9acb37dcc8fc4e49f05599a0065355ec8f3c75e (patch) | |
tree | 59eaf8de3c866bd721fc8bd6f63a3eeb134f8e2e /models-interactions/model-impl/cds/pom.xml | |
parent | f81e9838076a742cacb3cf435c75bae180e1d714 (diff) |
Upgrade io.netty : netty-codec-http2 and netty-common to 4.1.39.Final
These insecure dependencies are brought in by io.grpc:grpc-netty:1.17.1.
Override the io.netty dependencies and add exclusions where version is mandated.
Resulting dependencies in policy/models/models-interactions on master*
$ mvn dependency:tree -Dverbose| grep io.netty
[INFO] +- io.netty:netty-codec-http2:jar:4.1.39.Final:compile
[INFO] | +- io.netty:netty-common:jar:4.1.39.Final:compile
[INFO] | +- io.netty:netty-buffer:jar:4.1.39.Final:compile
[INFO] | +- io.netty:netty-transport:jar:4.1.39.Final:compile
[INFO] | | \- io.netty:netty-resolver:jar:4.1.39.Final:compile
[INFO] | +- io.netty:netty-codec:jar:4.1.39.Final:compile
[INFO] | +- io.netty:netty-handler:jar:4.1.39.Final:compile
[INFO] | \- io.netty:netty-codec-http:jar:4.1.39.Final:compile
[INFO] +- io.netty:netty-handler-proxy:jar:4.1.39.Final:compile
[INFO] | \- io.netty:netty-codec-socks:jar:4.1.39.Final:compile
[INFO] | +- io.netty:netty-codec-http2:jar:4.1.39.Final:provided
[INFO] | | +- io.netty:netty-common:jar:4.1.39.Final:provided
[INFO] | | +- io.netty:netty-buffer:jar:4.1.39.Final:provided
[INFO] | | +- io.netty:netty-transport:jar:4.1.39.Final:provided
[INFO] | | | \- io.netty:netty-resolver:jar:4.1.39.Final:provided
[INFO] | | +- io.netty:netty-codec:jar:4.1.39.Final:provided
[INFO] | | +- io.netty:netty-handler:jar:4.1.39.Final:provided
[INFO] | | \- io.netty:netty-codec-http:jar:4.1.39.Final:provided
[INFO] | +- io.netty:netty-handler-proxy:jar:4.1.39.Final:provided
[INFO] | | \- io.netty:netty-codec-socks:jar:4.1.39.Final:provided
Issue-ID: POLICY-2072
Signed-off-by: Rashmi Pujar <rashmi.pujar@bell.ca>
Change-Id: Ib3706e1c67e33fe73ebbfc80a6b474021b4a2679
Diffstat (limited to 'models-interactions/model-impl/cds/pom.xml')
-rw-r--r-- | models-interactions/model-impl/cds/pom.xml | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/models-interactions/model-impl/cds/pom.xml b/models-interactions/model-impl/cds/pom.xml index 3dc87abf4..d66cceaeb 100644 --- a/models-interactions/model-impl/cds/pom.xml +++ b/models-interactions/model-impl/cds/pom.xml @@ -34,7 +34,7 @@ <properties> <grpc.version>1.17.1</grpc.version> <protobuf.version>3.6.1</protobuf.version> - <grpc.netty.version>4.1.30.Final</grpc.netty.version> + <grpc.netty.version>4.1.39.Final</grpc.netty.version> <ccsdk.version>0.4.4</ccsdk.version> </properties> @@ -54,6 +54,18 @@ </dependency> <!-- gRPC dependencies --> + <!-- io.netty artifacts have security issues and are transitive dependencies from io.grpc:grpc-netty:1.17.1. + Override io.netty dependencies and add exclusions to io.grpc:grpc-netty where io.netty version is mandated. --> + <dependency> + <groupId>io.netty</groupId> + <artifactId>netty-codec-http2</artifactId> + <version>${grpc.netty.version}</version> + </dependency> + <dependency> + <groupId>io.netty</groupId> + <artifactId>netty-handler-proxy</artifactId> + <version>${grpc.netty.version}</version> + </dependency> <dependency> <groupId>io.grpc</groupId> <artifactId>grpc-protobuf</artifactId> @@ -74,6 +86,12 @@ <groupId>io.grpc</groupId> <artifactId>grpc-netty</artifactId> <version>${grpc.version}</version> + <exclusions> + <exclusion> + <groupId>io.netty</groupId> + <artifactId>netty-codec-http2</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>io.grpc</groupId> |