Fix vulnerable dependency

Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Issue-ID: SDC-3795 Change-Id: Ib6f7902b2f8380ad9febcc2fad0374e8070af15c
author: vasraz <vasyl.razinkov@est.tech> 2021-11-29 17:42:02 +0000
committer: Michael Morris <michael.morris@est.tech> 2021-12-07 09:30:30 +0000
commit: 987fc74925dc4051f08913393924d2b826d7e59c (patch)
tree: 50ed0e7ee1e9105af8fc8190aac4ac660ba6aa4c /catalog-be
parent: 5c9d068e66264be8db6018cb551db7c05e8e2596 (diff)
3 files changed, 32 insertions, 20 deletions
diff --git a/catalog-be/pom.xml b/catalog-be/pom.xml
index befbad13b2..842407eb1d 100644
--- a/catalog-be/pom.xml
+++ b/catalog-be/pom.xml
@@ -80,6 +80,10 @@
                     <groupId>com.fasterxml.jackson.core</groupId>
                     <artifactId>jackson-core</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>io.github.classgraph</groupId>
+                    <artifactId>classgraph</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
@@ -104,6 +108,10 @@
                     <groupId>com.fasterxml.jackson.core</groupId>
                     <artifactId>jackson-core</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.apache.httpcomponents</groupId>
+                    <artifactId>httpcore</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 
@@ -283,6 +291,12 @@
             <artifactId>httpclient</artifactId>
             <version>${httpclient.version}</version>
             <scope>compile</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.apache.httpcomponents</groupId>
+                    <artifactId>httpcore</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>
@@ -472,6 +486,10 @@
                     <groupId>dom4j</groupId>
                     <artifactId>dom4j</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>jcl-over-slf4j</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 
@@ -716,6 +734,10 @@
                     <artifactId>apache-log4j-extras</artifactId>
                     <groupId>log4j</groupId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.apache.httpcomponents</groupId>
+                    <artifactId>httpclient-cache</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
diff --git a/catalog-be/sdc-backend-init/Dockerfile b/catalog-be/sdc-backend-init/Dockerfile
index 35e485b197..8f6da77d19 100644
--- a/catalog-be/sdc-backend-init/Dockerfile
+++ b/catalog-be/sdc-backend-init/Dockerfile
@@ -18,16 +18,13 @@ RUN apk update && \
         libxml2-dev \
         build-base \
         curl-dev && \
-    # needed libcurl to install correctly
-    pip install 'pycurl==7.43.0.1' &&  \
-        set -ex && \
-    gem install \
-        chef:13.8.5 \
-        berkshelf:6.3.1 \
-        io-console:0.4.6 \
-        etc webrick \
-        --no-document && \
-    apk del .build-dependencies
+    # needed libcurl to install correctly \
+    python -m pip install --upgrade pip \
+    pip install 'pycurl==7.44.1' &&  \
+    set -ex && \
+    gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 etc webrick --no-document && \
+    apk del .build-dependencies && \
+    gem cleanup
 
 ENV ONAP_LOG=/home/onap/logs
 RUN mkdir $ONAP_LOG && chown onap:onap $ONAP_LOG
@@ -47,9 +44,7 @@ RUN chmod 770 -R /home/onap/scripts && \
 ENV PATH=$PATH:/home/onap/.local/bin
 
 COPY --chown=onap:onap chef-solo /home/onap/chef-solo/
-
 COPY --chown=onap:onap chef-repo/cookbooks /home/onap/chef-solo/cookbooks/
-
 COPY --chown=onap:onap startup.sh /home/onap/
 
 RUN chmod 770 /home/onap/startup.sh
diff --git a/catalog-be/src/main/docker/backend/Dockerfile b/catalog-be/src/main/docker/backend/Dockerfile
index 30daaf46dd..dabea05042 100644
--- a/catalog-be/src/main/docker/backend/Dockerfile
+++ b/catalog-be/src/main/docker/backend/Dockerfile
@@ -1,4 +1,4 @@
-FROM onap/integration-java11:8.0.0
+FROM onap/integration-java11:9.0.0
 
 USER root
 ARG JETTY_FOLDER=/app/jetty
@@ -12,12 +12,7 @@ RUN set -ex && \
         ruby-dev \
         libffi-dev \
         libxml2-dev && \
-    gem install \
-        chef:13.8.5 \
-        berkshelf:6.3.1 \
-        io-console:0.4.6 \
-        etc webrick \
-        --no-document && \
+    gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 etc webrick --no-document && \
     gem cleanup && \
     apk update
 
@@ -31,7 +26,7 @@ RUN mkdir $JETTY_FOLDER && chown onap:onap $JETTY_FOLDER
 USER onap
 
 #Download jetty
-RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.31.v20200723/jetty-distribution-9.4.31.v20200723.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \
+RUN wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.41.v20210516/jetty-distribution-9.4.41.v20210516.tar.gz -O $JETTY_FOLDER/jetty.tar.gz && \
         tar xvz -C $JETTY_FOLDER -f $JETTY_FOLDER/jetty.tar.gz --strip 1 && \
         rm -rf $JETTY_FOLDER/jetty.tar.gz
author	vasraz <vasyl.razinkov@est.tech>	2021-11-29 17:42:02 +0000
committer	Michael Morris <michael.morris@est.tech>	2021-12-07 09:30:30 +0000
commit	987fc74925dc4051f08913393924d2b826d7e59c (patch)
tree	50ed0e7ee1e9105af8fc8190aac4ac660ba6aa4c /catalog-be
parent	5c9d068e66264be8db6018cb551db7c05e8e2596 (diff)