Commit 6e317159 authored by Rostislav Vatolin [SLB]'s avatar Rostislav Vatolin [SLB]
Browse files

Merge branch 'fix_deps' into 'master'

Fix security issues

See merge request !74
parents e6f4a5d4 517913df
Pipeline #39335 passed with stages
in 18 minutes and 17 seconds
......@@ -15,10 +15,13 @@ Apache-2.0
The following software have components provided under the terms of this license:
- ASM Core (from )
- ASM Core (from )
- ASM based accessors helper used by json-smart (from )
- ASM based accessors helper used by json-smart (from )
- Adapter: RxJava (from )
- Admin Directory API directory_v1-rev77-1.22.0 (from )
- Apache Commons Codec (from http://commons.apache.org/proper/commons-codec/)
- Apache Commons Codec (from http://commons.apache.org/proper/commons-codec/)
- Apache Commons Collections (from http://commons.apache.org/proper/commons-collections/)
- Apache Commons Configuration (from http://commons.apache.org/configuration/)
- Apache Commons Lang (from http://commons.apache.org/proper/commons-lang/)
......@@ -29,12 +32,9 @@ The following software have components provided under the terms of this license:
- Apache Groovy (from http://groovy-lang.org)
- Apache Groovy (from http://groovy-lang.org)
- Apache Groovy (from http://groovy-lang.org)
- Apache HttpAsyncClient (from http://hc.apache.org/httpcomponents-asyncclient)
- Apache HttpClient (from http://hc.apache.org/httpcomponents-client)
- Apache HttpClient Cache (from http://hc.apache.org/httpcomponents-client)
- Apache HttpCore (from http://hc.apache.org/httpcomponents-core-ga)
- Apache HttpCore NIO (from http://hc.apache.org/httpcomponents-core-ga)
- Apache Ivy (from http://ant.apache.org/ivy/)
- Apache Log4j API (from )
- Apache Log4j Core (from )
- Apache Log4j JUL Adapter (from )
......@@ -51,8 +51,9 @@ The following software have components provided under the terms of this license:
- AutoValue Annotations (from )
- Awaitility (from http://awaitility.org)
- Awaitility Proxy (from http://awaitility.org)
- Azure Metrics Spring Boot Starter (from https://github.com/Microsoft/azure-spring-boot)
- Bean Validation API (from http://beanvalidation.org)
- Brave Instrumentation: Http Adapters (from )
- Brave instrumentation for Reactor Netty HTTP (from https://github.com/reactor/reactor-netty)
- Byte Buddy (without dependencies) (from )
- Byte Buddy Java agent (from )
- Caffeine cache (from https://github.com/ben-manes/caffeine)
......@@ -62,8 +63,7 @@ The following software have components provided under the terms of this license:
- Commons IO (from http://commons.apache.org/io/)
- Commons Lang (from http://commons.apache.org/lang/)
- Converter: Jackson (from )
- Elastic JNA Distribution (from https://github.com/java-native-access/jna)
- Elasticsearch: 5.0.0-alpha5 (from https://github.com/elastic/elasticsearch)
- Core functionality for the Reactor Netty library (from https://github.com/reactor/reactor-netty)
- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
- FindBugs-jsr305 (from http://findbugs.sourceforge.net/)
- Google APIs Client Library for Java (from )
......@@ -85,7 +85,7 @@ The following software have components provided under the terms of this license:
- Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
- Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
- HPPC Collections (from http://labs.carrotsearch.com)
- HPPC Collections (from http://labs.carrotsearch.com)
- HTTP functionality for the Reactor Netty library (from https://github.com/reactor/reactor-netty)
- Hibernate Validator Engine (from )
- Identity and Access Management (IAM) API v1-rev247-1.23.0 (from )
- IntelliJ IDEA Annotations (from http://www.jetbrains.org)
......@@ -100,18 +100,17 @@ The following software have components provided under the terms of this license:
- JCL 1.1.1 implemented over SLF4J (from http://www.slf4j.org)
- JLine (from )
- JSON Small and Fast Parser (from http://www.minidev.net/)
- JSON Small and Fast Parser (from http://www.minidev.net/)
- JSON Web Token support for the JVM (from https://github.com/jwtk/jjwt.git)
- JSON library from Android SDK (from http://developer.android.com/sdk)
- JSONassert (from https://github.com/skyscreamer/JSONassert)
- JSR107 API and SPI (from https://github.com/jsr107/jsr107spec)
- Jackson (from http://jackson.codehaus.org)
- Jackson 2 extensions to the Google HTTP Client Library for Java. (from https://github.com/google/google-http-java-client.git/google-http-client-jackson2)
- Jackson dataformat: CBOR (from http://github.com/FasterXML/jackson-dataformats-binary)
- Jackson datatype: JSR310 (from http://wiki.fasterxml.com/JacksonModuleJSR310)
- Jackson extensions to the Google HTTP Client Library for Java. (from )
- Jackson-annotations (from http://github.com/FasterXML/jackson)
- Jackson-core (from https://github.com/FasterXML/jackson-core)
- Jackson-dataformat-Smile (from http://github.com/FasterXML/jackson-dataformat-smile)
- Jackson-dataformat-XML (from http://wiki.fasterxml.com/JacksonExtensionXmlDataBinding)
- Jackson-dataformat-YAML (from https://github.com/FasterXML/jackson)
- Jackson-datatype-Joda (from http://wiki.fasterxml.com/JacksonModuleJoda)
......@@ -137,30 +136,17 @@ The following software have components provided under the terms of this license:
- KeePassJava2 :: KDBX (from https://repo1.maven.org/maven2/org/linguafranca/pwdb/KeePassJava2-kdbx)
- KeePassJava2 :: Simple (from https://repo1.maven.org/maven2/org/linguafranca/pwdb/KeePassJava2-simple)
- Lettuce (from http://github.com/lettuce-io/lettuce-core)
- Lucene Common Analyzers (from )
- Lucene Core (from )
- Lucene Grouping (from )
- Lucene Highlighter (from )
- Lucene Join (from )
- Lucene Memory (from )
- Lucene Memory (from )
- Lucene Miscellaneous (from )
- Lucene Queries (from )
- Lucene QueryParsers (from )
- Lucene Sandbox (from )
- Lucene Spatial 3D (from )
- Lucene Spatial Extras (from )
- Lucene Suggest (from )
- MapStruct Core (from )
- Metrics Core (from https://github.com/dropwizard/metrics)
- Microsoft Application Insights Java SDK Core (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Web Module (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Azure Java Core Library (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure Netty HTTP Client Library (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure SDK for SQL API of Azure Cosmos DB Service (from https://github.com/Azure/azure-sdk-for-java)
- Mockito (from http://www.mockito.org)
- Mockito (from http://mockito.org)
- Mockito (from http://www.mockito.org)
- Netty Reactive Streams Implementation (from )
- Netty/All-in-One (from )
- Netty/Buffer (from http://netty.io/)
......@@ -181,7 +167,6 @@ The following software have components provided under the terms of this license:
- Nimbus JOSE+JWT (from https://bitbucket.org/connect2id/nimbus-jose-jwt)
- Nimbus LangTag (from https://bitbucket.org/connect2id/nimbus-language-tags)
- Non-Blocking Reactive Foundation for the JVM (from https://github.com/reactor/reactor)
- Non-Blocking Reactive Foundation for the JVM (from https://github.com/reactor/reactor)
- OAuth 2.0 SDK with OpenID Connect extensions (from https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions)
- Objenesis (from http://objenesis.org)
- Objenesis (from http://objenesis.org)
......@@ -202,12 +187,9 @@ The following software have components provided under the terms of this license:
- Retrofit (from )
- RxJava (from https://github.com/ReactiveX/RxJava)
- SnakeYAML (from http://www.snakeyaml.org)
- SnakeYAML (from http://www.snakeyaml.org)
- Spring AOP (from https://github.com/spring-projects/spring-framework)
- Spring Beans (from https://github.com/spring-projects/spring-framework)
- Spring Boot (from http://projects.spring.io/spring-boot/)
- Spring Boot Actuator (from http://projects.spring.io/spring-boot/)
- Spring Boot Actuator AutoConfigure (from https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-actuator-autoconfigure)
- Spring Boot AutoConfigure (from http://projects.spring.io/spring-boot/)
- Spring Boot Json Starter (from https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-starters/spring-boot-starter-json)
- Spring Boot Log4J2 Starter (from http://projects.spring.io/spring-boot/)
......@@ -232,7 +214,6 @@ The following software have components provided under the terms of this license:
- Spring Transaction (from https://github.com/spring-projects/spring-framework)
- Spring Web (from https://github.com/spring-projects/spring-framework)
- Spring Web MVC (from https://github.com/spring-projects/spring-framework)
- T-Digest (from https://github.com/tdunning/t-digest)
- Undertow Core (from )
- Undertow Servlet (from )
- Undertow WebSockets JSR356 implementations (from )
......@@ -242,20 +223,20 @@ The following software have components provided under the terms of this license:
- Woodstox (from https://github.com/FasterXML/woodstox)
- XNIO API (from http://www.jboss.org/xnio)
- XNIO NIO Implementation (from )
- Zipkin Reporter Brave (from https://repo1.maven.org/maven2/io/zipkin/reporter2/zipkin-reporter-brave)
- Zipkin Reporter: Core (from )
- Zipkin v2 (from )
- aalto-xml (from )
- aggs-matrix-stats (from https://github.com/elastic/elasticsearch)
- cli (from https://github.com/elastic/elasticsearch)
- brave (from )
- com.google.api.grpc:proto-google-cloud-monitoring-v3 (from https://github.com/googleapis/googleapis)
- com.google.api.grpc:proto-google-common-protos (from https://github.com/googleapis/googleapis)
- com.google.api.grpc:proto-google-iam-v1 (from https://github.com/googleapis/googleapis)
- commons-collections (from )
- compiler (from http://github.com/spullara/mustache.java)
- datastore-v1-proto-client (from )
- elasticsearch-core (from https://github.com/elastic/elasticsearch)
- elasticsearch-geo (from https://github.com/elastic/elasticsearch)
- embedded-redis (from https://github.com/ozimov/embedded-redis)
- error-prone annotations (from )
- error-prone annotations (from )
- error-prone annotations (from )
- exp4j (from http://www.objecthunter.net/exp4j)
- io.grpc:grpc-alts (from https://github.com/grpc/grpc-java)
- io.grpc:grpc-api (from https://github.com/grpc/grpc-java)
......@@ -271,16 +252,13 @@ The following software have components provided under the terms of this license:
- jackson-databind (from http://github.com/FasterXML/jackson)
- javatuples (from http://www.javatuples.org)
- javax.inject (from http://code.google.com/p/atinject/)
- lang-mustache (from https://github.com/elastic/elasticsearch)
- lettuce (from http://github.com/mp911de/lettuce/wiki)
- mapper-extras (from https://github.com/elastic/elasticsearch)
- micrometer-core (from https://github.com/micrometer-metrics/micrometer)
- micrometer-registry-azure-monitor (from https://github.com/micrometer-metrics/micrometer)
- org.apiguardian:apiguardian-api (from https://github.com/apiguardian-team/apiguardian)
- org.conscrypt:conscrypt-openjdk-uber (from https://conscrypt.org/)
- org.opentest4j:opentest4j (from https://github.com/ota4j-team/opentest4j)
- org.xmlunit:xmlunit-core (from http://www.xmlunit.org/)
- parent-join (from https://github.com/elastic/elasticsearch)
- perfmark:perfmark-api (from https://github.com/perfmark/perfmark)
- picocli - a mighty tiny Command Line Interface (from http://picocli.info)
- powermock-api-support (from )
......@@ -292,16 +270,12 @@ The following software have components provided under the terms of this license:
- proto-google-cloud-redis-v1 (from https://repo1.maven.org/maven2/com/google/api/grpc/proto-google-cloud-redis-v1)
- proto-google-cloud-redis-v1beta1 (from https://repo1.maven.org/maven2/com/google/api/grpc/proto-google-cloud-redis-v1beta1)
- proton-j (from )
- rank-eval (from https://github.com/elastic/elasticsearch)
- resilience4j (from https://github.com/resilience4j/resilience4j)
- resilience4j (from https://github.com/resilience4j/resilience4j)
- resilience4j (from https://github.com/resilience4j/resilience4j)
- resilience4j (from https://github.com/resilience4j/resilience4j)
- rest (from https://github.com/elastic/elasticsearch)
- rest-high-level (from https://github.com/elastic/elasticsearch)
- rxjava (from https://github.com/ReactiveX/RxJava)
- rxjava (from https://github.com/ReactiveX/RxJava)
- secure-sm (from https://github.com/elastic/elasticsearch)
- spring-security-config (from http://spring.io/spring-security)
- spring-security-core (from http://spring.io/spring-security)
- spring-security-oauth2-client (from http://spring.io/spring-security)
......@@ -321,7 +295,6 @@ The following software have components provided under the terms of this license:
- tomcat-embed-core (from http://tomcat.apache.org/)
- tomcat-embed-websocket (from http://tomcat.apache.org/)
- wildfly-common (from )
- x-content (from https://github.com/elastic/elasticsearch)
========================================================================
BSD-2-Clause
......@@ -337,13 +310,12 @@ The following software have components provided under the terms of this license:
- Hamcrest (from http://hamcrest.org/JavaHamcrest/)
- Hamcrest Core (from http://hamcrest.org/)
- Hamcrest library (from )
- HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
- JLine (from )
- Jodd BeanUtil (from http://jodd.org)
- Jodd BeanUtil (from http://jodd.org)
- Jodd Core (from http://jodd.org)
- Jodd Core (from http://jodd.org)
- Lucene Common Analyzers (from )
- Lucene Core (from )
- Stax2 API (from http://github.com/FasterXML/stax2-api)
- ThreeTen backport (from https://www.threeten.org/threetenbp)
......@@ -354,8 +326,9 @@ The following software have components provided under the terms of this license:
- API Common (from https://github.com/googleapis)
- ASM Core (from )
- ASM Core (from )
- Apache Commons Codec (from http://commons.apache.org/proper/commons-codec/)
- Apache Commons Codec (from http://commons.apache.org/proper/commons-codec/)
- Apache Ivy (from http://ant.apache.org/ivy/)
- DSL Platform JSON (Java 8 API) (from https://github.com/ngs-doo/dsl-json)
- DSL Platform JSON (core) (from https://github.com/ngs-doo/dsl-json)
- GAX (Google Api eXtensions) (from https://github.com/googleapis)
......@@ -367,21 +340,18 @@ The following software have components provided under the terms of this license:
- Hamcrest (from http://hamcrest.org/JavaHamcrest/)
- Hamcrest Core (from http://hamcrest.org/)
- Hamcrest library (from )
- HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
- JLine (from )
- JavaBeans Activation Framework API jar (from )
- Jodd BeanUtil (from http://jodd.org)
- Jodd BeanUtil (from http://jodd.org)
- Jodd Core (from http://jodd.org)
- Jodd Core (from http://jodd.org)
- Lucene Common Analyzers (from )
- Lucene Core (from )
- Lucene Suggest (from )
- Microsoft Application Insights Java SDK Core (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Web Module (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
- Mockito (from http://www.mockito.org)
- NanoHttpd-Core (from )
- Netty/All-in-One (from )
- Netty/Codec/HTTP (from )
- Protocol Buffer Java API (from https://developers.google.com/protocol-buffers/)
......@@ -390,7 +360,6 @@ The following software have components provided under the terms of this license:
- Redisson (from http://redisson.org)
- Reflections (from http://github.com/ronmamo/reflections)
- SnakeYAML (from http://www.snakeyaml.org)
- SnakeYAML (from http://www.snakeyaml.org)
- Spring Core (from https://github.com/spring-projects/spring-framework)
- Stax2 API (from http://github.com/FasterXML/stax2-api)
- ThreeTen backport (from https://www.threeten.org/threetenbp)
......@@ -444,7 +413,6 @@ CPL-1.0
========================================================================
The following software have components provided under the terms of this license:
- JUnit (from http://junit.org)
- JUnit (from http://junit.org)
========================================================================
......@@ -465,7 +433,6 @@ The following software have components provided under the terms of this license:
- Microsoft Application Insights Java SDK Web Module (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
- SnakeYAML (from http://www.snakeyaml.org)
- SnakeYAML (from http://www.snakeyaml.org)
- jakarta.annotation-api (from https://projects.eclipse.org/projects/ee4j.ca)
- org.junit.jupiter:junit-jupiter-api (from http://junit.org/junit5/)
- org.junit.jupiter:junit-jupiter-engine (from http://junit.org/junit5/)
......@@ -506,7 +473,6 @@ GPL-2.0-or-later
========================================================================
The following software have components provided under the terms of this license:
- SnakeYAML (from http://www.snakeyaml.org)
- SnakeYAML (from http://www.snakeyaml.org)
========================================================================
......@@ -558,7 +524,6 @@ LGPL-2.1-only
The following software have components provided under the terms of this license:
- Commons Lang (from http://commons.apache.org/lang/)
- Elastic JNA Distribution (from https://github.com/java-native-access/jna)
- Java Native Access (from https://github.com/java-native-access/jna)
- Java Native Access Platform (from https://github.com/java-native-access/jna)
- Javassist (from http://www.javassist.org/)
......@@ -578,7 +543,6 @@ The following software have components provided under the terms of this license:
- JBoss Threads (from )
- Javassist (from http://www.javassist.org/)
- SnakeYAML (from http://www.snakeyaml.org)
- SnakeYAML (from http://www.snakeyaml.org)
========================================================================
LGPL-3.0-only
......@@ -597,17 +561,13 @@ The following software have components provided under the terms of this license:
- Azure Java Client Authentication Library for AutoRest (from https://github.com/Azure/autorest-clientruntime-for-java)
- Azure Java Client Runtime for ARM (from https://github.com/Azure/autorest-clientruntime-for-java)
- Azure Java Client Runtime for AutoRest (from https://github.com/Azure/autorest-clientruntime-for-java)
- Azure Metrics Spring Boot Starter (from https://github.com/Microsoft/azure-spring-boot)
- Azure Spring Boot AutoConfigure (from https://github.com/Microsoft/azure-spring-boot)
- Checker Qual (from https://checkerframework.org)
- Checker Qual (from https://checkerframework.org)
- Extensions on Apache Proton-J library (from https://github.com/Azure/qpid-proton-j-extensions)
- JOpt Simple (from http://pholser.github.io/jopt-simple)
- JUL to SLF4J bridge (from http://www.slf4j.org)
- Java Client Runtime for AutoRest (from https://github.com/Azure/autorest-clientruntime-for-java)
- Java JWT (from http://www.jwt.io)
- Jodd Core (from http://jodd.org)
- Lucene Core (from )
- Microsoft Application Insights Java SDK Core (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Web Module (from https://github.com/Microsoft/ApplicationInsights-Java)
......@@ -676,7 +636,7 @@ Public-Domain
The following software have components provided under the terms of this license:
- Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
- HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
- Joda-Time (from http://www.joda.org/joda-time/)
- LatencyUtils (from http://latencyutils.github.io/LatencyUtils/)
- Spongy Castle (from http://rtyley.github.io/spongycastle/)
......@@ -703,7 +663,6 @@ The following software have components provided under the terms of this license:
- Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
- Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
- HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
- Joda-Time (from http://www.joda.org/joda-time/)
- LatencyUtils (from http://latencyutils.github.io/LatencyUtils/)
- Microsoft Application Insights Java SDK Core (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Azure SDK for EventGrid Management (from https://github.com/Azure/azure-sdk-for-java)
......@@ -724,7 +683,6 @@ The following software have components provided under the terms of this license:
- Byte Buddy (without dependencies) (from )
- Checker Qual (from https://checkerframework.org)
- JUnit (from http://junit.org)
- JUnit (from http://junit.org)
- JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
- JavaBeans Activation Framework API jar (from )
- Jodd BeanUtil (from http://jodd.org)
......
......@@ -8,8 +8,6 @@
<maven.compiler.source>${java.version}</maven.compiler.source>
<redisson.version>3.13.2</redisson.version>
<protobuf-java.version>3.12.4</protobuf-java.version>
<org.springframework.boot.version>2.4.4</org.springframework.boot.version>
<commons-codec.version>1.15</commons-codec.version>
<!-- When upgrading springfox version make sure to verify how the updated UI is displayed.
Latest versions of springfox library have issues with displaying content
-->
......@@ -36,17 +34,14 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>${org.springframework.boot.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
<version>${org.springframework.boot.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<version>${org.springframework.boot.version}</version>
</dependency>
<dependency>
<groupId>com.dslplatform</groupId>
......@@ -58,6 +53,15 @@
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>${springfox-version}</version>
<exclusions>
<exclusion>
<!--
Excluding com.google.guava:guava:jar:18.0, because it has security vulnerability
-->
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
......@@ -75,7 +79,6 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<version>${org.springframework.boot.version}</version>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
......
......@@ -3,12 +3,11 @@
<modelVersion>4.0.0</modelVersion>
<properties>
<os-core-common.version>0.9.0-rc3</os-core-common.version>
<os-core-common.version>0.9.0-rc7</os-core-common.version>
<java.version>1.8</java.version>
<maven.compiler.target>1.8</maven.compiler.target>
<maven.compiler.source>1.8</maven.compiler.source>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<spring-boot-dependencies.version>2.4.4</spring-boot-dependencies.version>
</properties>
<groupId>org.opengroup.osdu.entitlements.v2</groupId>
......@@ -36,9 +35,9 @@
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>${spring-boot-dependencies.version}</version>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId>
<version>${os-core-common.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
......@@ -46,6 +45,20 @@
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId>
<version>${os-core-common.version}</version>
<exclusions>
<exclusion>
<groupId>org.elasticsearch.client</groupId>
<artifactId>elasticsearch-rest-client</artifactId>
</exclusion>
<exclusion>
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
</exclusion>
<exclusion>
<groupId>org.elasticsearch.client</groupId>
<artifactId>elasticsearch-rest-high-level-client</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
</dependencyManagement>
......
......@@ -18,7 +18,6 @@
<reactor.core.version>3.3.0.RELEASE</reactor.core.version>
<springfox-version>2.7.0</springfox-version>
<tomcat-embed-core.version>9.0.37</tomcat-embed-core.version>
<org.springframework.boot.version>2.4.4</org.springframework.boot.version>
</properties>
<dependencies>
......@@ -79,8 +78,6 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<!--<version>2.4.0</version>-->
<version>${spring-boot-dependencies.version}</version>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
......@@ -119,9 +116,6 @@
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
<dependency>
<groupId>io.projectreactor.netty</groupId>
<artifactId>reactor-netty</artifactId>
......@@ -149,7 +143,6 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<version>${spring-boot-dependencies.version}</version>
<scope>test</scope>
<exclusions>
<exclusion>
......
......@@ -13,15 +13,14 @@
<artifactId>entitlements-v2-azure</artifactId>
<properties>
<core-lib-azure.version>0.6.2</core-lib-azure.version>
<reactor.netty.version>0.9.5.RELEASE</reactor.netty.version>
<reactor.core.version>3.3.0.RELEASE</reactor.core.version>
<core-lib-azure.version>0.9.0-rc2</core-lib-azure.version>
<gremlin.version>3.4.10</gremlin.version>
<redisson.version>3.15.3</redisson.version>
<resilience4j.version>1.7.0</resilience4j.version>
<embedded-resdis.version>0.7.1</embedded-resdis.version>
<awaitility.version>3.0.0</awaitility.version>
<awaitility.proxy.version>3.0.0</awaitility.proxy.version>
<json-smart.version>2.4.6</json-smart.version>
</properties>
<dependencies>
......@@ -31,28 +30,11 @@
<version>${project.version}</version>
</dependency>
<!--
Old versions of 'com.nimbusds:oauth2-oidc-sdk' and 'com.microsoft.azure:msal4j' are excluded
because they cannot work with Spring Boot version 2.4.x
New version of 'com.microsoft.azure:msal4j' is added to work with Spring Boot version 2.4.x
Stay tuned for a new version of 'com.azure:azure-identity', they started releasing updates, but it's still in beta.
More details here: https://github.com/Azure/azure-sdk-for-java
-->
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>core-lib-azure</artifactId>
<version>${core-lib-azure.version}</version>
<exclusions>
<exclusion>
<groupId>com.nimbusds</groupId>
<artifactId>oauth2-oidc-sdk</artifactId>
</exclusion>
<exclusion>
<groupId>com.microsoft.azure</groupId>
<artifactId>msal4j</artifactId>
</exclusion>
<!--
Excluding simple-xml because:
There’s a library called xpp3 (the Xml Pull Parser) originally developed by Indiana University’s Extreme! Computing group.
......@@ -71,10 +53,14 @@
</exclusion>
</exclusions>
</dependency>
<!--
Many dependencies contain library with vulnerabilities: net.minidev:json-smart:jar:2.3
because of that we need to enforce the higher version
-->
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>msal4j</artifactId>
<version>1.9.1</version>
<groupId>net.minidev</groupId>
<artifactId>json-smart</artifactId>
<version>${json-smart.version}</version>
</dependency>
<dependency>
......@@ -90,7 +76,6 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>${spring-boot-dependencies.version}</version>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
......@@ -131,22 +116,15 @@
<groupId>org.apache.tinkerpop</groupId>
<artifactId>gremlin-groovy</artifactId>
<version>${gremlin.version}</version>
</dependency>
<!--
Override the spring-boot version of these dependencies to the ones
required by the azure-core library. This needs to be done for each
app that depends on this library
-->
<dependency>
<groupId>io.projectreactor.netty</groupId>
<artifactId>reactor-netty</artifactId>
<version>${reactor.netty.version}</version>
</dependency>
<dependency>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-core</artifactId>
<version>${reactor.core.version}</version>
<exclusions>
<!--
Excluding org.apache.ivy:ivy:jar:2.3.0 because it has security bugs
-->
<exclusion>
<groupId>org.apache.ivy</groupId>
<artifactId>ivy</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
......@@ -165,7 +143,6 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<version>${spring-boot-dependencies.version}</version>
<scope>test</scope>
<exclusions>
<exclusion>
......
package org.opengroup.osdu.entitlements.v2.azure.spi.gremlin.listmember;
import org.apache.tinkerpop.gremlin.process.traversal.dsl.graph.GraphTraversalSource;
import org.apache.tinkerpop.gremlin.structure.Vertex;
import org.junit.After;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.opengroup.osdu.entitlements.v2.azure.config.CacheConfig;
import org.opengroup.osdu.entitlements.v2.azure.spi.gremlin.addmember.AddMemberRepoGremlin;
import org.opengroup.osdu.entitlements.v2.azure.spi.gremlin.connection.GremlinConnector;
import org.opengroup.osdu.entitlements.v2.azure.spi.gremlin.constant.EdgePropertyNames;
import org.opengroup.osdu.entitlements.v2.azure.spi.gremlin.constant.VertexPropertyNames;
import org.opengroup.osdu.entitlements.v2.logging.AuditLogger;
import org.opengroup.osdu.entitlements.v2.model.ChildrenReference;
......@@ -44,6 +43,13 @@ public class ListMemberRepoGremlinTest {
@MockBean
private CacheConfig cacheConfig;
@After
public void cleanup() {
GraphTraversalSource graphTraversalSource = gremlinConnector.getGraphTraversalSource();
graphTraversalSource.V().drop().iterate();
graphTraversalSource.E().drop().iterate();
}
@Test
public void shouldLoadDirectChildrenSuccessfully() {
GraphTraversalSource graphTraversalSource = gremlinConnector.getGraphTraversalSource();
......
......@@ -8,7 +8,6 @@
<maven.compiler.source>${java.version}</maven.compiler.source>
<redisson.version>3.13.2</redisson.version>
<protobuf-java.version>3.12.4</protobuf-java.version>
<org.springframework.boot.version>2.4.4</org.springframework.boot.version>
<io.undertow.version>2.2.0.Final</io.undertow.version>
<commons-codec.version>1.15</commons-codec.version>
</properties>
......@@ -109,7 +108,6 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>${org.springframework.boot.version}</version>
<exclusions>
<exclusion>
<artifactId>tomcat-embed-el</artifactId>
......@@ -128,7 +126,6 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-undertow</artifactId>
<version>${org.springframework.boot.version}</version>
<exclusions>
<exclusion>
<groupId>io.undertow</groupId>
......@@ -162,12 +159,10 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
<version>${org.springframework.boot.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<version>${org.springframework.boot.version}</version>
</dependency>
<dependency>
<groupId>com.dslplatform</groupId>
......@@ -215,7 +210,6 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>