Skip to content
Snippets Groups Projects
Commit 540f5248 authored by Rostislav Vatolin [SLB]'s avatar Rostislav Vatolin [SLB]
Browse files

Merge branch 'update_dep' into 'master' 

Remove dependencies with vulnerabilities

See merge request !111
parents 70a0e6f2 264dde38
No related branches found
No related tags found
1 merge request!111Remove dependencies with vulnerabilities
Pipeline #40291 failed
Stage: .pre
Stage: build
Stage: containerize
Stage: scan
Stage: deploy
Stage: integration
Stage: attribution
Stage: publish
Hide whitespace changes
Inline Side-by-side
Showing
with 114 additions and 232 deletions
NOTICE
+ 79
156
View file @ 540f5248
......@@ -31,9 +31,11 @@ The following software have components provided under the terms of this license:
- ASM Commons (from )
- ASM Core (from )
- ASM Core (from )
- ASM Core (from )
- ASM Tree (from )
- ASM Util (from )
- ASM based accessors helper used by json-smart (from )
- ASM based accessors helper used by json-smart (from )
- AWS Event Stream (from https://github.com/awslabs/aws-eventstream-java)
- AWS Java SDK :: AWS Core (from https://aws.amazon.com/sdkforjava)
- AWS Java SDK :: Annotations (from )
......@@ -251,6 +253,7 @@ The following software have components provided under the terms of this license:
- Apache Geronimo JMS Spec 2.0 (from http://geronimo.apache.org/maven/${siteId}/${version})
- Apache Groovy (from http://groovy-lang.org)
- Apache Groovy (from http://groovy-lang.org)
- Apache Groovy (from http://groovy-lang.org)
- Apache HttpClient (from http://hc.apache.org/httpcomponents-client)
- Apache HttpClient Cache (from http://hc.apache.org/httpcomponents-client)
- Apache HttpCore (from http://hc.apache.org/httpcomponents-core-ga)
......@@ -272,10 +275,11 @@ The following software have components provided under the terms of this license:
- AssertJ fluent assertions (from )
- Asynchronous Http Client (from )
- Asynchronous Http Client Netty Utils (from )
- Azure AD Spring Security Integration Spring Boot Starter (from https://github.com/Microsoft/azure-spring-boot)
- Azure Metrics Spring Boot Starter (from https://github.com/Microsoft/azure-spring-boot)
- Azure Spring Boot Starter for Azure AD Spring Security Integration (from https://github.com/Azure/azure-sdk-for-java)
- BSON (from http://bsonspec.org)
- Bean Validation API (from http://beanvalidation.org)
- Brave Instrumentation: Http Adapters (from )
- Brave instrumentation for Reactor Netty HTTP (from https://github.com/reactor/reactor-netty)
- Byte Buddy (without dependencies) (from )
- Byte Buddy Java agent (from )
- ClassMate (from http://github.com/cowtowncoder/java-classmate)
......@@ -287,6 +291,7 @@ The following software have components provided under the terms of this license:
- Commons Lang (from http://commons.apache.org/lang/)
- Commons Lang (from http://commons.apache.org/lang/)
- Converter: Jackson (from )
- Core functionality for the Reactor Netty library (from https://github.com/reactor/reactor-netty)
- Doxia :: APT Module (from )
- Doxia :: Core (from )
- Doxia :: Decoration Model (from http://maven.apache.org/doxia/doxia-sitetools/doxia-decoration-model/)
......@@ -295,6 +300,7 @@ The following software have components provided under the terms of this license:
- Doxia :: Site Renderer (from http://maven.apache.org/doxia/doxia-sitetools/doxia-site-renderer/)
- Doxia :: XDoc Module (from )
- Doxia :: XHTML Module (from )
- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
- FindBugs-jsr305 (from http://findbugs.sourceforge.net/)
- Google APIs Client Library for Java (from )
- Google App Engine extensions to the Google HTTP Client Library for Java. (from )
......@@ -316,10 +322,12 @@ The following software have components provided under the terms of this license:
- Google HTTP Client Library for Java (from https://github.com/google/google-http-java-client.git)
- Google OAuth Client Library for Java (from )
- Gson (from https://github.com/google/gson)
- Gson (from https://github.com/google/gson)
- Guava InternalFutureFailureAccess and InternalFutures (from )
- Guava ListenableFuture only (from )
- Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
- Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
- HTTP functionality for the Reactor Netty library (from https://github.com/reactor/reactor-netty)
- Hibernate Validator Engine (from )
- IBM COS Java SDK for Amazon S3 (from https://github.com/ibm/ibm-cos-sdk-java)
- IBM COS Java SDK for COS KMS (from https://github.com/ibm/ibm-cos-sdk-java)
......@@ -334,6 +342,7 @@ The following software have components provided under the terms of this license:
- JDOM (from http://www.jdom.org)
- JMES Path Query library (from https://aws.amazon.com/sdkforjava)
- JSON Small and Fast Parser (from http://www.minidev.net/)
- JSON Small and Fast Parser (from http://www.minidev.net/)
- JSON Web Token support for the JVM (from https://github.com/jwtk/jjwt.git)
- JSON library from Android SDK (from http://developer.android.com/sdk)
- JSONassert (from https://github.com/skyscreamer/JSONassert)
......@@ -341,23 +350,17 @@ The following software have components provided under the terms of this license:
- Jackson 2 extensions to the Google HTTP Client Library for Java. (from https://github.com/google/google-http-java-client.git/google-http-client-jackson2)
- Jackson dataformat: CBOR (from http://github.com/FasterXML/jackson-dataformats-binary)
- Jackson datatype: JSR310 (from http://wiki.fasterxml.com/JacksonModuleJSR310)
- Jackson datatype: JSR310 (from http://wiki.fasterxml.com/JacksonModuleJSR310)
- Jackson extensions to the Google HTTP Client Library for Java. (from )
- Jackson-annotations (from http://github.com/FasterXML/jackson)
- Jackson-annotations (from http://github.com/FasterXML/jackson)
- Jackson-core (from https://github.com/FasterXML/jackson-core)
- Jackson-core (from https://github.com/FasterXML/jackson-core)
- Jackson-dataformat-XML (from http://wiki.fasterxml.com/JacksonExtensionXmlDataBinding)
- Jackson-dataformat-YAML (from https://github.com/FasterXML/jackson)
- Jackson-dataformat-YAML (from https://github.com/FasterXML/jackson)
- Jackson-datatype-Joda (from http://wiki.fasterxml.com/JacksonModuleJoda)
- Jackson-datatype-jdk8 (from )
- Jackson-datatype-jdk8 (from )
- Jackson-module-Afterburner (from http://wiki.fasterxml.com/JacksonHome)
- Jackson-module-JAXB-annotations (from http://wiki.fasterxml.com/JacksonJAXBAnnotations)
- Jackson-module-JAXB-annotations (from http://wiki.fasterxml.com/JacksonJAXBAnnotations)
- Jackson-module-parameter-names (from )
- Jackson-module-parameter-names (from )
- Jakarta Bean Validation API (from https://beanvalidation.org)
- Java Libraries for Amazon Simple WorkFlow (from https://aws.amazon.com/sdkforjava)
- Java Native Access (from https://github.com/java-native-access/jna)
- Java Native Access Platform (from https://github.com/java-native-access/jna)
......@@ -368,6 +371,8 @@ The following software have components provided under the terms of this license:
- Jetty Server (from )
- Jetty Utilities (from )
- Joda-Time (from http://www.joda.org/joda-time/)
- Joda-Time (from http://www.joda.org/joda-time/)
- Joda-Time (from http://www.joda.org/joda-time/)
- Json Path (from https://github.com/jayway/JsonPath)
- KeePassJava2 :: All (from https://repo1.maven.org/maven2/org/linguafranca/pwdb/KeePassJava2)
- KeePassJava2 :: DOM (from https://repo1.maven.org/maven2/org/linguafranca/pwdb/KeePassJava2-dom)
......@@ -404,49 +409,36 @@ The following software have components provided under the terms of this license:
- Microsoft Azure SDK for SQL API of Azure Cosmos DB Service (from https://github.com/Azure/azure-sdk-for-java)
- Mockito (from http://mockito.org)
- Mockito (from http://mockito.org)
- Mockito (from http://www.mockito.org)
- Mojo's Maven plugin for Cobertura (from http://mojo.codehaus.org/cobertura-maven-plugin/)
- MongoDB Driver (from http://www.mongodb.org)
- MongoDB Java Driver Core (from http://www.mongodb.org)
- Netty Reactive Streams HTTP support (from )
- Netty Reactive Streams Implementation (from )
- Netty Reactive Streams Implementation (from )
- Netty/Buffer (from http://netty.io/)
- Netty/Buffer (from http://netty.io/)
- Netty/Codec (from )
- Netty/Codec (from )
- Netty/Codec (from )
- Netty/Codec/DNS (from )
- Netty/Codec/HTTP (from )
- Netty/Codec/HTTP (from )
- Netty/Codec/HTTP2 (from )
- Netty/Codec/HTTP2 (from )
- Netty/Codec/Socks (from )
- Netty/Common (from )
- Netty/Common (from )
- Netty/Handler (from )
- Netty/Handler (from )
- Netty/Handler/Proxy (from )
- Netty/Resolver (from )
- Netty/Resolver (from )
- Netty/Resolver/DNS (from )
- Netty/TomcatNative [BoringSSL - Static] (from )
- Netty/Transport (from http://netty.io/)
- Netty/Transport (from http://netty.io/)
- Netty/Transport/Native/Unix/Common (from )
- Netty/Transport/Native/Unix/Common (from )
- Nimbus Content Type (from https://bitbucket.org/connect2id/nimbus-content-type)
- Nimbus JOSE+JWT (from https://bitbucket.org/connect2id/nimbus-jose-jwt)
- Nimbus JOSE+JWT (from https://bitbucket.org/connect2id/nimbus-jose-jwt)
- Nimbus JOSE+JWT (from https://bitbucket.org/connect2id/nimbus-jose-jwt)
- Nimbus LangTag (from https://bitbucket.org/connect2id/nimbus-language-tags)
- Nimbus LangTag (from https://bitbucket.org/connect2id/nimbus-language-tags)
- Non-Blocking Reactive Foundation for the JVM (from https://github.com/reactor/reactor)
- OAuth 2.0 SDK with OpenID Connect extensions (from https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions)
- OAuth 2.0 SDK with OpenID Connect extensions (from https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions)
- Objenesis (from http://objenesis.org)
- OkHttp (from )
- Objenesis (from http://objenesis.org)
- OkHttp (from )
- OkHttp Logging Interceptor (from )
- OkHttp URLConnection (from )
- OkHttp URLConnection (from )
- Okio (from )
- OpenCensus (from https://github.com/census-instrumentation/opencensus-java)
- OpenCensus (from https://github.com/census-instrumentation/opencensus-java)
......@@ -474,10 +466,10 @@ The following software have components provided under the terms of this license:
- Spring Boot AutoConfigure (from http://projects.spring.io/spring-boot/)
- Spring Boot Data MongoDB Starter (from http://projects.spring.io/spring-boot/)
- Spring Boot Dependencies (from http://projects.spring.io/spring-boot/)
- Spring Boot Jersey Starter (from http://projects.spring.io/spring-boot/)
- Spring Boot Json Starter (from https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-starters/spring-boot-starter-json)
- Spring Boot Log4J2 Starter (from http://projects.spring.io/spring-boot/)
- Spring Boot Logging Starter (from http://projects.spring.io/spring-boot/)
- Spring Boot Reactor Netty Starter (from https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-starters/spring-boot-starter-reactor-netty)
- Spring Boot Security Starter (from http://projects.spring.io/spring-boot/)
- Spring Boot Starter (from http://projects.spring.io/spring-boot/)
- Spring Boot Test (from http://projects.spring.io/spring-boot/)
......@@ -486,6 +478,7 @@ The following software have components provided under the terms of this license:
- Spring Boot Tomcat Starter (from http://projects.spring.io/spring-boot/)
- Spring Boot Validation Starter (from http://projects.spring.io/spring-boot/)
- Spring Boot Web Starter (from http://projects.spring.io/spring-boot/)
- Spring Boot WebFlux Starter (from https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-starters/spring-boot-starter-webflux)
- Spring Commons Logging Bridge (from https://github.com/spring-projects/spring-framework)
- Spring Context (from https://github.com/spring-projects/spring-framework)
- Spring Core (from https://github.com/spring-projects/spring-framework)
......@@ -500,12 +493,17 @@ The following software have components provided under the terms of this license:
- Spring Transaction (from https://github.com/spring-projects/spring-framework)
- Spring Web (from https://github.com/spring-projects/spring-framework)
- Spring Web MVC (from https://github.com/spring-projects/spring-framework)
- Spring WebFlux (from https://github.com/spring-projects/spring-framework)
- Vavr (from http://vavr.io)
- Vavr Match (from http://vavr.io)
- Woodstox (from https://github.com/FasterXML/woodstox)
- Xerces2-j (from https://xerces.apache.org/xerces2-j/)
- Zipkin Reporter Brave (from https://repo1.maven.org/maven2/io/zipkin/reporter2/zipkin-reporter-brave)
- Zipkin Reporter: Core (from )
- Zipkin v2 (from )
- aalto-xml (from )
- aws-ssm-java-caching-client (from https://github.com/awslabs/aws-ssm-java-caching-client)
- brave (from )
- com.google.api.grpc:grpc-google-cloud-pubsub-v1 (from https://github.com/googleapis/googleapis)
- com.google.api.grpc:grpc-google-cloud-pubsub-v1 (from https://github.com/googleapis/googleapis)
- com.google.api.grpc:proto-google-cloud-logging-v2 (from https://github.com/googleapis/googleapis)
......@@ -531,28 +529,16 @@ The following software have components provided under the terms of this license:
- ion-java (from https://github.com/amznlabs/ion-java/)
- jackson-databind (from http://github.com/FasterXML/jackson)
- jackson-databind (from http://github.com/FasterXML/jackson)
- jackson-databind (from http://github.com/FasterXML/jackson)
- jackson-databind (from http://github.com/FasterXML/jackson)
- java-cloudant (from https://cloudant.com)
- java-cloudant (from https://cloudant.com)
- javatuples (from http://www.javatuples.org)
- javax.inject (from http://code.google.com/p/atinject/)
- javax.ws.rs-api (from http://jax-rs-spec.java.net)
- jersey-container-servlet (from git://java.net/jersey~code/project/jersey-container-servlet)
- jersey-container-servlet-core (from git://java.net/jersey~code/project/jersey-container-servlet-core)
- jersey-core-client (from git://java.net/jersey~code/jersey-client)
- jersey-core-common (from )
- jersey-core-server (from git://java.net/jersey~code/jersey-server)
- jersey-ext-bean-validation (from )
- jersey-ext-entity-filtering (from )
- jersey-inject-hk2 (from )
- jersey-media-jaxb (from )
- jersey-media-json-jackson (from git://java.net/jersey~code/project/jersey-media-json-jackson)
- jersey-spring4 (from )
- jose4j (from https://bitbucket.org/b_c/jose4j/)
- lettuce (from http://github.com/mp911de/lettuce/wiki)
- micrometer-core (from https://github.com/micrometer-metrics/micrometer)
- micrometer-registry-azure-monitor (from https://github.com/micrometer-metrics/micrometer)
- org.apiguardian:apiguardian-api (from https://github.com/apiguardian-team/apiguardian)
- org.opentest4j:opentest4j (from https://github.com/ota4j-team/opentest4j)
- org.xmlunit:xmlunit-core (from http://www.xmlunit.org/)
- oro (from )
- powermock-api-support (from )
......@@ -585,10 +571,7 @@ The following software have components provided under the terms of this license:
- swagger-annotations (from )
- swagger-jaxrs (from )
- swagger-models (from )
- tomcat-annotations-api (from http://tomcat.apache.org/)
- tomcat-embed-core (from http://tomcat.apache.org/)
- tomcat-embed-core (from http://tomcat.apache.org/)
- tomcat-embed-el (from http://tomcat.apache.org/)
- tomcat-embed-websocket (from http://tomcat.apache.org/)
- xml-apis (from )
......@@ -602,12 +585,13 @@ The following software have components provided under the terms of this license:
- GAX (Google Api eXtensions) (from https://github.com/googleapis)
- GAX (Google Api eXtensions) (from https://github.com/googleapis)
- GAX (Google Api eXtensions) (from https://github.com/googleapis)
- Hamcrest (from http://hamcrest.org/JavaHamcrest/)
- Hamcrest Core (from http://hamcrest.org/)
- HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
- Plexus :: Default Container (from )
- Plexus Common Utilities (from http://plexus.codehaus.org/plexus-utils)
- Stax2 API (from http://github.com/FasterXML/stax2-api)
- jersey-ext-bean-validation (from )
- jersey-spring4 (from )
- jaxen (from http://jaxen.codehaus.org/)
========================================================================
BSD-3-Clause
......@@ -619,9 +603,9 @@ The following software have components provided under the terms of this license:
- ASM Commons (from )
- ASM Core (from )
- ASM Core (from )
- ASM Core (from )
- ASM Tree (from )
- ASM Util (from )
- ASM library repackaged as OSGi bundle (from )
- Apache Commons Codec (from http://commons.apache.org/proper/commons-codec/)
- Apache Commons Codec (from http://commons.apache.org/proper/commons-codec/)
- Apache Groovy (from http://groovy-lang.org)
......@@ -631,7 +615,9 @@ The following software have components provided under the terms of this license:
- Google APIs Client Library for Java (from )
- Google Auth Library for Java - Credentials (from )
- Google Auth Library for Java - OAuth2 HTTP (from )
- Hamcrest library (from )
- Hamcrest (from http://hamcrest.org/JavaHamcrest/)
- Hamcrest Core (from http://hamcrest.org/)
- HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
- JDOM (from http://www.jdom.org)
- JSch (from http://www.jcraft.com/jsch/)
- JavaBeans Activation Framework API jar (from )
......@@ -639,9 +625,6 @@ The following software have components provided under the terms of this license:
- Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Web Module (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
- Mockito (from http://www.mockito.org)
- NanoHttpd-Core (from )
- Netty/Codec/HTTP (from )
- Netty/Codec/HTTP (from )
- Plexus Common Utilities (from http://plexus.codehaus.org/plexus-utils)
- Protocol Buffer Java API (from https://developers.google.com/protocol-buffers/)
......@@ -654,13 +637,6 @@ The following software have components provided under the terms of this license:
- classworlds (from http://classworlds.codehaus.org/)
- jakarta.xml.bind-api (from )
- jaxen (from http://jaxen.codehaus.org/)
- jersey-container-servlet (from git://java.net/jersey~code/project/jersey-container-servlet)
- jersey-container-servlet-core (from git://java.net/jersey~code/project/jersey-container-servlet-core)
- jersey-core-client (from git://java.net/jersey~code/jersey-client)
- jersey-core-server (from git://java.net/jersey~code/jersey-server)
- jersey-ext-entity-filtering (from )
- jersey-inject-hk2 (from )
- jersey-media-jaxb (from )
========================================================================
CC-BY-2.5
......@@ -693,45 +669,16 @@ CDDL-1.0
========================================================================
The following software have components provided under the terms of this license:
- ASM library repackaged as OSGi bundle (from )
- Class Model for Hk2 (from )
- HK2 API module (from git://java.net/hk2~git/hk2-api)
- HK2 Implementation Utilities (from )
- HK2 Spring Bridge (from )
- HK2 config types (from )
- HK2 configuration module (from )
- HK2 core module (from )
- HK2 module of HK2 itself (from )
- JavaBeans Activation Framework API jar (from )
- Run Level Service (from )
- ServiceLocator Default Implementation (from git://java.net/hk2~git/hk2-locator)
- Servlet Specification 2.5 API (from )
- aopalliance-repackaged (from )
- javax.annotation-api (from http://jcp.org/en/jsr/detail?id=250)
- javax.ws.rs-api (from http://jax-rs-spec.java.net)
- jersey-container-servlet (from git://java.net/jersey~code/project/jersey-container-servlet)
- jersey-container-servlet-core (from git://java.net/jersey~code/project/jersey-container-servlet-core)
- jersey-core-client (from git://java.net/jersey~code/jersey-client)
- jersey-core-common (from )
- jersey-core-server (from git://java.net/jersey~code/jersey-server)
- jersey-ext-entity-filtering (from )
- jersey-inject-hk2 (from )
- jersey-media-jaxb (from )
- jersey-media-json-jackson (from git://java.net/jersey~code/project/jersey-media-json-jackson)
========================================================================
CDDL-1.1
========================================================================
The following software have components provided under the terms of this license:
- Java Architecture For XML Binding (from )
- Java Servlet API (from http://servlet-spec.java.net)
- JavaBeans Activation Framework (from )
- JavaBeans(TM) Activation Framework (from http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp)
- JavaMail API (from )
- jersey-ext-bean-validation (from )
- jersey-spring4 (from )
- tomcat-embed-core (from http://tomcat.apache.org/)
- tomcat-embed-core (from http://tomcat.apache.org/)
========================================================================
......@@ -747,6 +694,8 @@ EPL-1.0
========================================================================
The following software have components provided under the terms of this license:
- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
- JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
- Logback Classic Module (from )
- Logback Contrib :: JSON :: Classic (from )
- Logback Contrib :: JSON :: Core (from )
......@@ -757,49 +706,41 @@ The following software have components provided under the terms of this license:
- Microsoft Application Insights Java SDK Web Module (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
- SnakeYAML (from http://www.snakeyaml.org)
- jakarta.annotation-api (from https://projects.eclipse.org/projects/ee4j.ca)
- org.junit.jupiter:junit-jupiter-api (from http://junit.org/junit5/)
- org.junit.jupiter:junit-jupiter-engine (from http://junit.org/junit5/)
- org.junit.jupiter:junit-jupiter-params (from http://junit.org/junit5/)
- org.junit.platform:junit-platform-commons (from http://junit.org/junit5/)
- org.junit.platform:junit-platform-engine (from http://junit.org/junit5/)
========================================================================
EPL-2.0
========================================================================
The following software have components provided under the terms of this license:
- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
- JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
- jakarta.annotation-api (from https://projects.eclipse.org/projects/ee4j.ca)
- org.junit.jupiter:junit-jupiter-api (from http://junit.org/junit5/)
- org.junit.jupiter:junit-jupiter-engine (from http://junit.org/junit5/)
- org.junit.jupiter:junit-jupiter-params (from http://junit.org/junit5/)
- org.junit.platform:junit-platform-commons (from http://junit.org/junit5/)
- org.junit.platform:junit-platform-engine (from http://junit.org/junit5/)
========================================================================
GPL-2.0-only
========================================================================
The following software have components provided under the terms of this license:
- ASM library repackaged as OSGi bundle (from )
- Class Model for Hk2 (from )
- Cobertura Limited Runtime (from http://cobertura.sourceforge.net)
- Cobertura code coverage (from http://cobertura.sourceforge.net)
- Commons Lang (from http://commons.apache.org/lang/)
- Commons Lang (from http://commons.apache.org/lang/)
- HK2 API module (from git://java.net/hk2~git/hk2-api)
- HK2 Implementation Utilities (from )
- HK2 Spring Bridge (from )
- HK2 config types (from )
- HK2 configuration module (from )
- HK2 core module (from )
- HK2 module of HK2 itself (from )
- Java Architecture For XML Binding (from )
- Java Servlet API (from http://servlet-spec.java.net)
- JavaBeans Activation Framework (from )
- JavaBeans Activation Framework API jar (from )
- JavaMail API (from )
- Mojo's Maven plugin for Cobertura (from http://mojo.codehaus.org/cobertura-maven-plugin/)
- RabbitMQ Java Client (from http://www.rabbitmq.com)
- Run Level Service (from )
- ServiceLocator Default Implementation (from git://java.net/hk2~git/hk2-locator)
- aopalliance-repackaged (from )
- javax.annotation-api (from http://jcp.org/en/jsr/detail?id=250)
- javax.ws.rs-api (from http://jax-rs-spec.java.net)
- jersey-container-servlet (from git://java.net/jersey~code/project/jersey-container-servlet)
- jersey-container-servlet-core (from git://java.net/jersey~code/project/jersey-container-servlet-core)
- jersey-core-client (from git://java.net/jersey~code/jersey-client)
- jersey-core-common (from )
- jersey-core-server (from git://java.net/jersey~code/jersey-server)
- jersey-ext-bean-validation (from )
- jersey-ext-entity-filtering (from )
- jersey-inject-hk2 (from )
- jersey-media-jaxb (from )
- jersey-media-json-jackson (from git://java.net/jersey~code/project/jersey-media-json-jackson)
- jersey-spring4 (from )
- tomcat-embed-core (from http://tomcat.apache.org/)
- tomcat-embed-core (from http://tomcat.apache.org/)
========================================================================
......@@ -816,29 +757,12 @@ The following software have components provided under the terms of this license:
- Checker Qual (from https://checkerframework.org)
- Cobertura code coverage (from http://cobertura.sourceforge.net)
- HK2 Implementation Utilities (from )
- Java Architecture For XML Binding (from )
- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
- Java Servlet API (from http://servlet-spec.java.net)
- JavaBeans Activation Framework (from )
- JavaBeans Activation Framework API jar (from )
- JavaMail API (from )
- RabbitMQ Java Client (from http://www.rabbitmq.com)
- ServiceLocator Default Implementation (from git://java.net/hk2~git/hk2-locator)
- aopalliance-repackaged (from )
- jakarta.annotation-api (from https://projects.eclipse.org/projects/ee4j.ca)
- javax.annotation-api (from http://jcp.org/en/jsr/detail?id=250)
- javax.ws.rs-api (from http://jax-rs-spec.java.net)
- jersey-container-servlet (from git://java.net/jersey~code/project/jersey-container-servlet)
- jersey-container-servlet-core (from git://java.net/jersey~code/project/jersey-container-servlet-core)
- jersey-core-client (from git://java.net/jersey~code/jersey-client)
- jersey-core-common (from )
- jersey-core-server (from git://java.net/jersey~code/jersey-server)
- jersey-ext-bean-validation (from )
- jersey-ext-entity-filtering (from )
- jersey-inject-hk2 (from )
- jersey-media-jaxb (from )
- jersey-media-json-jackson (from git://java.net/jersey~code/project/jersey-media-json-jackson)
- jersey-spring4 (from )
- tomcat-embed-core (from http://tomcat.apache.org/)
- tomcat-embed-core (from http://tomcat.apache.org/)
========================================================================
......@@ -846,8 +770,10 @@ GPL-3.0-only
========================================================================
The following software have components provided under the terms of this license:
- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
- Project Lombok (from https://projectlombok.org)
- Project Lombok (from https://projectlombok.org)
- javax.ws.rs-api (from http://jax-rs-spec.java.net)
- jakarta.annotation-api (from https://projects.eclipse.org/projects/ee4j.ca)
========================================================================
JSON
......@@ -884,7 +810,6 @@ LGPL-2.1-or-later
========================================================================
The following software have components provided under the terms of this license:
- Java Native Access Platform (from https://github.com/java-native-access/jna)
- Javassist (from http://www.javassist.org/)
- SnakeYAML (from http://www.snakeyaml.org)
......@@ -906,12 +831,10 @@ The following software have components provided under the terms of this license:
- AWS Java SDK for AWS License Manager (from https://aws.amazon.com/sdkforjava)
- AWS SDK for Java - Models (from https://aws.amazon.com/sdkforjava)
- Animal Sniffer Annotations (from )
- Azure AD Spring Security Integration Spring Boot Starter (from https://github.com/Microsoft/azure-spring-boot)
- Azure Java Client Authentication Library for AutoRest (from https://github.com/Azure/autorest-clientruntime-for-java)
- Azure Java Client Runtime for ARM (from https://github.com/Azure/autorest-clientruntime-for-java)
- Azure Java Client Runtime for AutoRest (from https://github.com/Azure/autorest-clientruntime-for-java)
- Azure Metrics Spring Boot Starter (from https://github.com/Microsoft/azure-spring-boot)
- Azure Spring Boot AutoConfigure (from https://github.com/Microsoft/azure-spring-boot)
- Azure Spring Boot AutoConfigure (from https://github.com/Azure/azure-sdk-for-java)
- Checker Qual (from https://checkerframework.org)
- Checker Qual (from https://checkerframework.org)
- Extensions on Apache Proton-J library (from https://github.com/Azure/qpid-proton-j-extensions)
......@@ -936,21 +859,22 @@ The following software have components provided under the terms of this license:
- Microsoft Azure common module for Storage (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure internal Avro module for Storage (from https://github.com/Azure/azure-sdk-for-java)
- Mockito (from http://mockito.org)
- Mockito (from http://www.mockito.org)
- Mockito (from http://mockito.org)
- Netty/Codec/HTTP (from )
- MongoDB Java Driver Core (from http://www.mongodb.org)
- Netty/Codec/HTTP (from )
- Netty/Common (from )
- Netty/Common (from )
- Plexus :: Default Container (from )
- Plexus Default Interactivity Handler (from )
- Project Lombok (from https://projectlombok.org)
- Project Lombok (from https://projectlombok.org)
- SLF4J API Module (from http://www.slf4j.org)
- Spongy Castle (from http://rtyley.github.io/spongycastle/)
- Spring Data for Azure Cosmos DB SQL API (from https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/cosmos/azure-spring-data-cosmos)
- adal4j (from https://github.com/AzureAD/azure-activedirectory-library-for-java)
- azure-documentdb (from https://azure.microsoft.com/en-us/services/cosmos-db/)
- documentdb-bulkexecutor (from http://azure.microsoft.com/en-us/services/documentdb/)
- micrometer-core (from https://github.com/micrometer-metrics/micrometer)
- mockito-junit-jupiter (from https://github.com/mockito/mockito)
- msal4j (from https://github.com/AzureAD/microsoft-authentication-library-for-java)
- msal4j-persistence-extension (from https://github.com/AzureAD/microsoft-authentication-extensions-for-java)
- spring-security-core (from http://spring.io/spring-security)
......@@ -972,6 +896,7 @@ The following software have components provided under the terms of this license:
- Javassist (from http://www.javassist.org/)
- Javassist (from http://www.javassist.org/)
- OkHttp (from )
- RabbitMQ Java Client (from http://www.rabbitmq.com)
========================================================================
......@@ -987,13 +912,13 @@ Public-Domain
========================================================================
The following software have components provided under the terms of this license:
- HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
- JTidy (from http://jtidy.sourceforge.net)
- Joda-Time (from http://www.joda.org/joda-time/)
- Joda-Time (from http://www.joda.org/joda-time/)
- Joda-Time (from http://www.joda.org/joda-time/)
- LatencyUtils (from http://latencyutils.github.io/LatencyUtils/)
- Plexus Common Utilities (from http://plexus.codehaus.org/plexus-utils)
- Spongy Castle (from http://rtyley.github.io/spongycastle/)
- jersey-core-common (from )
- jersey-core-server (from git://java.net/jersey~code/jersey-server)
========================================================================
SISSL-1.2
......@@ -1017,7 +942,6 @@ The following software have components provided under the terms of this license:
- JTidy (from http://jtidy.sourceforge.net)
- Xerces2-j (from https://xerces.apache.org/xerces2-j/)
- jaxen (from http://jaxen.codehaus.org/)
- xml-apis (from )
========================================================================
......@@ -1035,17 +959,18 @@ The following software have components provided under the terms of this license:
- AWS Java SDK :: SDK Core (from https://aws.amazon.com/sdkforjava)
- AWS SDK for Java - Models (from https://aws.amazon.com/sdkforjava)
- Apache Groovy (from http://groovy-lang.org)
- Apache Groovy (from http://groovy-lang.org)
- Asynchronous Http Client (from )
- Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
- Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
- HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
- Joda-Time (from http://www.joda.org/joda-time/)
- LatencyUtils (from http://latencyutils.github.io/LatencyUtils/)
- Microsoft Application Insights Java SDK Core (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Azure SDK for EventGrid Management (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure SDK for SQL API of Azure Cosmos DB Service (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure client library for Blob Storage (from https://github.com/Azure/azure-sdk-for-java)
- Project Lombok (from https://projectlombok.org)
- Project Lombok (from https://projectlombok.org)
- RabbitMQ Java Client (from http://www.rabbitmq.com)
- Spring Web (from https://github.com/spring-projects/spring-framework)
- azure-documentdb (from https://azure.microsoft.com/en-us/services/cosmos-db/)
......@@ -1059,22 +984,20 @@ unknown
The following software have components provided under the terms of this license:
- Byte Buddy (without dependencies) (from )
- Checker Qual (from https://checkerframework.org)
- JUnit (from http://junit.org)
- JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
- JavaBeans Activation Framework API jar (from )
- RabbitMQ Java Client (from http://www.rabbitmq.com)
- Servlet Specification 2.5 API (from )
- Spongy Castle (from http://rtyley.github.io/spongycastle/)
- System Rules (from http://stefanbirkner.github.io/system-rules/)
- jakarta.xml.bind-api (from )
- jaxen (from http://jaxen.codehaus.org/)
- jersey-container-servlet (from git://java.net/jersey~code/project/jersey-container-servlet)
- jersey-container-servlet-core (from git://java.net/jersey~code/project/jersey-container-servlet-core)
- jersey-core-client (from git://java.net/jersey~code/jersey-client)
- jersey-ext-bean-validation (from )
- jersey-ext-entity-filtering (from )
- jersey-inject-hk2 (from )
- jersey-media-jaxb (from )
- jersey-spring4 (from )
- org.junit.jupiter:junit-jupiter-api (from http://junit.org/junit5/)
- org.junit.jupiter:junit-jupiter-engine (from http://junit.org/junit5/)
- org.junit.jupiter:junit-jupiter-params (from http://junit.org/junit5/)
- org.junit.platform:junit-platform-commons (from http://junit.org/junit5/)
- org.junit.platform:junit-platform-engine (from http://junit.org/junit5/)
- xml-apis (from )
legal-core/pom.xml
+ 12
33
View file @ 540f5248
......@@ -17,7 +17,6 @@
<properties>
<springfox-version>2.7.0</springfox-version>
<netty-codec-version>4.1.55.Final</netty-codec-version>
</properties>
<dependencies>
......@@ -31,38 +30,21 @@
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jersey</artifactId>
<exclusions>
<exclusion>
<groupId>org.glassfish.hk2</groupId>
<artifactId>osgi-resource-locator</artifactId>
</exclusion>
</exclusions>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>9.0.40</version>
</dependency>
<!-- https://mvnrepository.com/artifact/javax.inject/javax.inject -->
<dependency>
......@@ -77,25 +59,14 @@
<artifactId>proto-google-common-protos</artifactId>
<version>1.16.0</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>27.1-jre</version>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.8.5</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.12</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.12.0</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
......@@ -131,7 +102,6 @@
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-codec</artifactId>
<version>${netty-codec-version}</version>
</dependency>
<!-- Test Dependencies -->
......@@ -193,6 +163,15 @@
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>${springfox-version}</version>
<exclusions>
<exclusion>
<!--
Excluding com.google.guava:guava:jar:18.0, because it has security vulnerability
-->
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
......
pom.xml
+ 8
14
View file @ 540f5248
......@@ -8,9 +8,8 @@
<maven.compiler.source>1.8</maven.compiler.source>
<docker.image.prefix>opendes</docker.image.prefix>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<os-core-common.version>0.9.0-rc3</os-core-common.version>
<os-core-common.version>0.9.0-rc7</os-core-common.version>
<snakeyaml.version>1.26</snakeyaml.version>
<spring-web.version>5.1.19.RELEASE</spring-web.version>
</properties>
<licenses>
......@@ -21,13 +20,6 @@
</license>
</licenses>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.8.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<groupId>org.opengroup.osdu.legal</groupId>
<artifactId>legal-service</artifactId>
<version>0.9.0-SNAPSHOT</version>
......@@ -65,6 +57,13 @@
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId>
<version>${os-core-common.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId>
......@@ -90,11 +89,6 @@
<artifactId>snakeyaml</artifactId>
<version>${snakeyaml.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring-web.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
......
provider/legal-azure/pom.xml
+ 13
15
View file @ 540f5248
......@@ -31,12 +31,12 @@
<azure.appservice.plan />
<azure.appservice.appname />
<azure.appservice.subscription />
<osdu.corelibazure.version>0.8.0-rc1</osdu.corelibazure.version>
<osdu.corelibazure.version>0.9.0-rc3</osdu.corelibazure.version>
<osdu.legal-core.version>0.9.0-SNAPSHOT</osdu.legal-core.version>
<javax.inject.version>1</javax.inject.version>
<javax.servlet-api.version>4.0.1</javax.servlet-api.version>
<woodstox-core.version>5.3.0</woodstox-core.version>
<tomcat-embed-core.version>9.0.40</tomcat-embed-core.version>
<json-smart.version>2.4.6</json-smart.version>
</properties>
<dependencyManagement>
......@@ -53,6 +53,15 @@
</dependencyManagement>
<dependencies>
<!--
Many dependencies contain library with vulnerabilities: net.minidev:json-smart:jar:2.3
because of that we need to enforce the higher version
-->
<dependency>
<groupId>net.minidev</groupId>
<artifactId>json-smart</artifactId>
<version>${json-smart.version}</version>
</dependency>
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId>
......@@ -75,8 +84,8 @@
</dependency>
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure-active-directory-spring-boot-starter</artifactId>
<groupId>com.azure.spring</groupId>
<artifactId>azure-spring-boot-starter-active-directory</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
......@@ -110,12 +119,6 @@
<groupId>org.opengroup.osdu</groupId>
<artifactId>core-lib-azure</artifactId>
<version>${osdu.corelibazure.version}</version>
<exclusions>
<exclusion>
<groupId>org.simpleframework</groupId>
<artifactId>simple-xml</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
......@@ -128,11 +131,6 @@
<artifactId>woodstox-core</artifactId>
<version>${woodstox-core.version}</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>${tomcat-embed-core.version}</version>
</dependency>
<!-- test -->
<dependency>
......
provider/legal-azure/src/main/java/org/opengroup/osdu/legal/azure/security/AADSecurityConfig.java
+ 1
2
View file @ 540f5248
......@@ -14,14 +14,13 @@
package org.opengroup.osdu.legal.azure.security;
import com.microsoft.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
import com.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.parameters.P;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import javax.inject.Inject;
......
provider/legal-byoc/pom.xml
+ 0
6
View file @ 540f5248
......@@ -39,12 +39,6 @@
<version>4.12</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-all</artifactId>
<version>1.10.19</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-module-junit4</artifactId>
......
provider/legal-gcp/pom.xml
+ 0
5
View file @ 540f5248
......@@ -76,11 +76,6 @@
<artifactId>commons-codec</artifactId>
<version>1.12</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.9.10</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
......
testing/legal-test-core/src/main/java/org/opengroup/osdu/legal/util/TestUtils.java
+ 1
1
View file @ 540f5248
......@@ -105,7 +105,7 @@ public class TestUtils {
return null;
}
assertEquals("application/json; charset=UTF-8", response.getType().toString());
assertEquals("application/json", response.getType().toString());
if (classOfT == String.class) {
return (T) json;
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment