summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorvasraz <vasyl.razinkov@est.tech>2023-03-22 23:14:29 +0000
committerVasyl Razinkov <vasyl.razinkov@est.tech>2023-03-23 10:05:13 +0000
commit1e7e19b4d1ddf05309e3e43d5ecb9138902b19b8 (patch)
tree002f5d119eba60240b1ddcc32243bc9117190122
parent30e99b484fcc96d2304a05db5d8972d2250f0756 (diff)
Upgrade vulnerable dependencies
Fix missing default no-args constructor Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Change-Id: Icfcbe0ec577b2d629179fa46e42141c196e08970 Issue-ID: SDC-4287 Issue-ID: SDC-4446
-rw-r--r--common-app-api/pom.xml2
-rw-r--r--common-be-tests-utils/pom.xml4
-rw-r--r--common-be/pom.xml4
-rw-r--r--common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMap.java55
-rw-r--r--common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java19
-rw-r--r--integration-tests/pom.xml2
-rw-r--r--pom.xml42
-rw-r--r--utils/webseal-simulator/pom.xml8
8 files changed, 112 insertions, 24 deletions
diff --git a/common-app-api/pom.xml b/common-app-api/pom.xml
index 7f137acbb2..7e4baae68a 100644
--- a/common-app-api/pom.xml
+++ b/common-app-api/pom.xml
@@ -334,7 +334,7 @@
<dependency>
<groupId>org.codehaus.jettison</groupId>
<artifactId>jettison</artifactId>
- <version>1.3.3</version>
+ <version>1.5.3</version>
</dependency>
<dependency>
diff --git a/common-be-tests-utils/pom.xml b/common-be-tests-utils/pom.xml
index aa67b004f2..aeca54688f 100644
--- a/common-be-tests-utils/pom.xml
+++ b/common-be-tests-utils/pom.xml
@@ -28,6 +28,10 @@
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-annotations</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/common-be/pom.xml b/common-be/pom.xml
index 0a57575916..74321488a1 100644
--- a/common-be/pom.xml
+++ b/common-be/pom.xml
@@ -32,6 +32,10 @@
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-annotations</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMap.java b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMap.java
new file mode 100644
index 0000000000..52cda7651a
--- /dev/null
+++ b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMap.java
@@ -0,0 +1,55 @@
+/*
+ * ============LICENSE_START=======================================================
+ * SDC
+ * ================================================================================
+ * Copyright (C) 2023 Nordix Foundation. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.sdc.tosca.services;
+
+import java.util.AbstractMap;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Set;
+import lombok.NoArgsConstructor;
+
+@NoArgsConstructor
+public class StrictMap extends AbstractMap {
+
+ private Map<Object, Object> delegate;
+
+ public StrictMap(Map<Object, Object> delegate) {
+ this.delegate = delegate;
+ }
+
+ @Override
+ public Object put(Object key, Object value) {
+ if (delegate == null) {
+ delegate = new LinkedHashMap<>();
+ }
+ if (delegate.containsKey(key)) {
+ throw new IllegalStateException("duplicate key: " + key);
+ }
+ return delegate.put(key, value);
+ }
+
+ @Override
+ public Set<Entry<Object, Object>> entrySet() {
+ if (delegate == null) {
+ delegate = new LinkedHashMap<>();
+ }
+ return delegate.entrySet();
+ }
+}
diff --git a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java
index 678ba00724..08af90a768 100644
--- a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java
+++ b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java
@@ -19,9 +19,7 @@
*/
package org.onap.sdc.tosca.services;
-import java.util.AbstractMap;
import java.util.Map;
-import java.util.Set;
import org.yaml.snakeyaml.constructor.Constructor;
import org.yaml.snakeyaml.nodes.MappingNode;
import org.yaml.snakeyaml.parser.ParserException;
@@ -39,21 +37,7 @@ public class StrictMapAppenderConstructor extends Constructor {
@Override
protected Map<Object, Object> createDefaultMap(int initSize) {
- final Map<Object, Object> delegate = super.createDefaultMap(initSize);
- return new AbstractMap<>() {
- @Override
- public Object put(Object key, Object value) {
- if (delegate.containsKey(key)) {
- throw new IllegalStateException("duplicate key: " + key);
- }
- return delegate.put(key, value);
- }
-
- @Override
- public Set<Entry<Object, Object>> entrySet() {
- return delegate.entrySet();
- }
- };
+ return new StrictMap(super.createDefaultMap(initSize));
}
@Override
@@ -64,4 +48,5 @@ public class StrictMapAppenderConstructor extends Constructor {
throw new ParserException("while parsing MappingNode", node.getStartMark(), exception.getMessage(), node.getEndMark());
}
}
+
}
diff --git a/integration-tests/pom.xml b/integration-tests/pom.xml
index eea5c5afc7..3b47304c08 100644
--- a/integration-tests/pom.xml
+++ b/integration-tests/pom.xml
@@ -55,7 +55,7 @@ limitations under the License.
<it.helm-validator.version>1.3.1</it.helm-validator.version>
<!-- parser-->
- <sdc-tosca-parser.version>1.7.0</sdc-tosca-parser.version>
+ <sdc-tosca-parser.version>1.8.0</sdc-tosca-parser.version>
<docker.showLogs>false</docker.showLogs>
</properties>
diff --git a/pom.xml b/pom.xml
index a211a0daac..ba2b8a7bf9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -47,7 +47,7 @@ Modifications copyright (c) 2018-2019 Nokia
<lang3.version>3.10</lang3.version>
<guava.version>30.1-jre</guava.version>
<janusgraph.version>0.3.3</janusgraph.version>
- <spring.version>5.3.20</spring.version>
+ <spring.version>5.3.25</spring.version>
<spring.boot.version>2.2.13.RELEASE</spring.boot.version>
<!-- update to 2.36 bring error-->
@@ -91,14 +91,14 @@ Modifications copyright (c) 2018-2019 Nokia
<keycloak.version>18.0.0</keycloak.version>
<!-- JSON and YAML Parsing -->
- <jackson.version>2.12.7</jackson.version>
+ <jackson.version>2.14.2</jackson.version>
<jackson-annotations.version>${jackson.version}</jackson-annotations.version>
<clearspring.version>2.1.1</clearspring.version>
<skipYamlJsonValidator>false</skipYamlJsonValidator>
<!-- Yaml for properties -->
- <snakeyaml.version>1.29</snakeyaml.version>
+ <snakeyaml.version>1.33</snakeyaml.version>
<functionaljava.version>4.9</functionaljava.version>
<httpclient.version>4.5.13</httpclient.version>
<httpcore.version>4.4.15</httpcore.version>
@@ -172,12 +172,12 @@ Modifications copyright (c) 2018-2019 Nokia
<sitePath>/content/sites/site/org/openecomp/sdc/${project.version}</sitePath>
<staging.profile.id>176c31dfe190a</staging.profile.id>
<!--togglz version-->
- <togglz.version>2.6.1.Final</togglz.version>
+ <togglz.version>3.3.3</togglz.version>
<joda.time.version>2.9.9</joda.time.version>
<!--sdc-security-utils-->
- <security.util.lib.version>1.7.1</security.util.lib.version>
+ <security.util.lib.version>1.8.0</security.util.lib.version>
<!--jacoco-->
<jacoco.version>0.8.7</jacoco.version>
@@ -337,6 +337,18 @@ Modifications copyright (c) 2018-2019 Nokia
<groupId>org.bouncycastle</groupId>
<artifactId>*</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-annotations</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -353,6 +365,18 @@ Modifications copyright (c) 2018-2019 Nokia
<groupId>org.bouncycastle</groupId>
<artifactId>*</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-annotations</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -364,6 +388,14 @@ Modifications copyright (c) 2018-2019 Nokia
<groupId>org.bouncycastle</groupId>
<artifactId>*</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/utils/webseal-simulator/pom.xml b/utils/webseal-simulator/pom.xml
index d9790e4708..73f22ef1da 100644
--- a/utils/webseal-simulator/pom.xml
+++ b/utils/webseal-simulator/pom.xml
@@ -65,6 +65,14 @@
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ </exclusion>
</exclusions>
</dependency>