From cc595a0bfd90645b451ddee658fc496624072cea Mon Sep 17 00:00:00 2001 From: vasraz Date: Mon, 29 Aug 2022 11:02:06 +0100 Subject: Remove / update vulnerable dependencies Signed-off-by: Vasyl Razinkov Change-Id: Iff0169361b533f08a283f148af511a301bc4e485 Issue-ID: SDC-4146 --- pom.xml | 21 +- sdc-distribution-ci/pom.xml | 421 ++++++++++++++++++++-------------------- sdc-distribution-client/pom.xml | 86 ++++---- 3 files changed, 266 insertions(+), 262 deletions(-) diff --git a/pom.xml b/pom.xml index 5c1f8c9..79107a9 100644 --- a/pom.xml +++ b/pom.xml @@ -11,7 +11,7 @@ org.onap.oparent oparent - 2.0.0 + 3.2.1 @@ -36,14 +36,17 @@ 2.24 4.8 4.5.13 - 4.4.14 - 1.2.3 - 5.7.0 - 1.28 - 30.0-jre - 9.4.35.v20201120 + 4.4.15 + 1.2.11 + 5.9.0 + 1.30 + 31.1-jre + 9.4.48.v20220622 0.12 3.2.0 + 3.12.4 + 1.7.36 + 3.23.1 https://nexus.onap.org /content/sites/site/org/onap/sdc/sdc-distribution-client/${project.version} @@ -70,7 +73,8 @@ 3.8.1 11 11 - 3.7.0.1746 + 3.9.1.2184 + true @@ -138,6 +142,7 @@ checkstyle-suppressions.xml checkstyle.suppressions.file + ${checkstyle.skip} diff --git a/sdc-distribution-ci/pom.xml b/sdc-distribution-ci/pom.xml index 93714c1..97ed30b 100644 --- a/sdc-distribution-ci/pom.xml +++ b/sdc-distribution-ci/pom.xml @@ -1,216 +1,223 @@ - + - 4.0.0 + 4.0.0 - - org.onap.sdc.sdc-distribution-client - sdc-main-distribution-client - 1.4.5-SNAPSHOT - + + org.onap.sdc.sdc-distribution-client + sdc-main-distribution-client + 1.4.5-SNAPSHOT + - sdc-distribution-ci - sdc-distribution-ci - Distribution CI for testing distribution client + sdc-distribution-ci + sdc-distribution-ci + Distribution CI for testing distribution client - - 1.7.30 - 3.5.0 - 2.23.0 - 3.18.1 - 1.15.1 - 1.15.1 - 5.4.2 - 5.4.2 - 5.4.2 - 3.0.0 - 3.0.0 - + + ${mockito.version} + ${mockito.version} + 1.17.1 + ${testcontainers.version} + ${junit.version} + ${junit.version} + ${junit.version} + 3.0.0 + 3.0.0 + + + + org.onap.sdc.sdc-distribution-client + sdc-distribution-client + ${project.version} + compile + + + httpcore + org.apache.httpcomponents + + + slf4j-api + org.slf4j + + + httpclient + org.apache.httpcomponents + + + com.google.guava + guava + + + + + ch.qos.logback + logback-classic + ${logback.version} + test + + + slf4j-api + org.slf4j + + + + + org.slf4j + slf4j-api + ${slf4j-api.version} + - - - org.onap.sdc.sdc-distribution-client - sdc-distribution-client - ${project.version} - compile - - - httpcore - org.apache.httpcomponents - - - slf4j-api - org.slf4j - - - httpclient - org.apache.httpcomponents - - - - - ch.qos.logback - logback-classic - ${logback.version} - compile - - - slf4j-api - org.slf4j - - - - - org.slf4j - slf4j-api - ${slf4j-api.version} - - - ch.qos.logback - logback-core - ${logback.version} - compile - + + org.junit.jupiter + junit-jupiter-api + ${junit-jupiter-api.version} + test + + + org.junit.jupiter + junit-jupiter-params + ${junit-jupiter-params.version} + test + + + junit-jupiter-api + org.junit.jupiter + + + + + org.junit.jupiter + junit-jupiter-engine + ${junit-jupiter-engine.version} + test + + + junit-jupiter-api + org.junit.jupiter + + + + + org.testcontainers + testcontainers + ${testcontainers.version} + test + + + slf4j-api + org.slf4j + + + visible-assertions + org.rnorth.visible-assertions + + + junit + junit + + + + + org.junit.vintage + junit-vintage-engine + ${junit.version} + test + + + org.testcontainers + junit-jupiter + ${junit-jupiter.version} + test + + + junit-jupiter-api + org.junit.jupiter + + + + + org.mockito + mockito-core + ${mockito-core.version} + test + + + org.assertj + assertj-core + ${assertj-core.version} + test + + + org.mockito + mockito-junit-jupiter + ${mockito-junit-jupiter.version} + test + + + junit-jupiter-api + org.junit.jupiter + + + mockito-core + org.mockito + + + + + org.awaitility + awaitility + ${awaitility.version} + test + + + objenesis + org.objenesis + + + + + org.awaitility + awaitility-proxy + ${awaitility-proxy.version} + test + + + byte-buddy + net.bytebuddy + + + + + org.apache.httpcomponents + httpclient + ${httpclient.version} + runtime + + - - org.junit.jupiter - junit-jupiter-api - ${junit-jupiter-api.version} - test - - - org.junit.jupiter - junit-jupiter-params - ${junit-jupiter-params.version} - test - - - junit-jupiter-api - org.junit.jupiter - - - - - org.junit.jupiter - junit-jupiter-engine - ${junit-jupiter-engine.version} - test - - - junit-jupiter-api - org.junit.jupiter - - - - - org.testcontainers - testcontainers - ${testcontainers.version} - test - - - slf4j-api - org.slf4j - - - visible-assertions - org.rnorth.visible-assertions - - - - - org.testcontainers - junit-jupiter - ${junit-jupiter.version} - test - - - junit-jupiter-api - org.junit.jupiter - - - - - org.mockito - mockito-core - ${mockito-core.version} - test - - - org.assertj - assertj-core - ${assertj-core.version} - test - - - org.mockito - mockito-junit-jupiter - ${mockito-junit-jupiter.version} - test - - - junit-jupiter-api - org.junit.jupiter - - - mockito-core - org.mockito - - - - - org.awaitility - awaitility - ${awaitility.version} - test - - - objenesis - org.objenesis - - - - - org.awaitility - awaitility-proxy - ${awaitility-proxy.version} - test - - - byte-buddy - net.bytebuddy - - - - - org.apache.httpcomponents - httpclient - ${httpclient.version} - - - - - client-initialization - - - org.apache.maven.plugins - maven-jar-plugin - 2.4 - - - - true - lib - org.onap.test.it.RegisterToAsdcTopicIT - - - lib/ - - - - - - + + client-initialization + + + org.apache.maven.plugins + maven-jar-plugin + 2.4 + + + + true + lib + org.onap.test.it.RegisterToAsdcTopicIT + + + lib/ + + + + + + diff --git a/sdc-distribution-client/pom.xml b/sdc-distribution-client/pom.xml index 45c9950..7d46cc5 100644 --- a/sdc-distribution-client/pom.xml +++ b/sdc-distribution-client/pom.xml @@ -1,15 +1,13 @@ + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0 - 3.18.1 - 3.6.28 2.8.0 - 2.8.6 + 2.8.9 0.0.1 - 1.7.30 + 1.18.24 @@ -23,32 +21,16 @@ Distribution client JAR file to use by consumers jar - - - com.att.nsa - saClientLibrary - ${cambriaClient.version} - compile - - - org.slf4j - slf4j-log4j12 - - - org.apache.httpcomponents - httpclient - - - slf4j-api - org.slf4j - - - commons-io - commons-io - - + org.projectlombok + lombok + ${lombok.version} + + + org.json + json + 20220320 org.slf4j @@ -61,6 +43,12 @@ cambriaClient ${cambriaClient.version} compile + + + org.json + json + + @@ -101,19 +89,6 @@ compile - - org.apache.httpcomponents - httpmime - ${httpclient.version} - compile - - - httpclient - org.apache.httpcomponents - - - - org.yaml @@ -143,8 +118,12 @@ test + org.eclipse.jetty jetty-util + + org.eclipse.jetty + jetty-security ${jetty.version} @@ -163,23 +142,36 @@ + - org.junit.jupiter - junit-jupiter + org.junit.vintage + junit-vintage-engine ${junit.version} test - org.junit.vintage - junit-vintage-engine + org.junit.jupiter + junit-jupiter ${junit.version} test + + org.mockito + mockito-junit-jupiter + ${mockito.version} + test + + + org.mockito + mockito-inline + ${mockito.version} + test + org.mockito mockito-core - ${mockito-all.version} + ${mockito.version} test -- cgit 1.2.3-korg