From 7bad94e4933b4bd73ba6442cff4d711509f77475 Mon Sep 17 00:00:00 2001
From: VidyaDharani Lokam <vidyadharani_lokam@epam.com>
Date: Thu, 12 Oct 2023 06:10:27 +0000
Subject: [PATCH] fix azure io.netty, vulnerability and exclude document db
---
NOTICE | 7 +------
provider/indexer-azure/pom.xml | 6 +++++-
2 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/NOTICE b/NOTICE
index 1228d4f78..4682827e7 100644
--- a/NOTICE
+++ b/NOTICE
@@ -326,7 +326,6 @@ The following software have components provided under the terms of this license:
- Apache Ant Launcher (from https://ant.apache.org/)
- Apache Commons BeanUtils (from http://commons.apache.org/proper/commons-beanutils/, https://commons.apache.org/proper/commons-beanutils/, https://repo1.maven.org/maven2/commons-beanutils/commons-beanutils)
- Apache Commons Codec (from http://commons.apache.org/proper/commons-codec/, https://commons.apache.org/proper/commons-codec/)
-- Apache Commons Collections (from https://commons.apache.org/proper/commons-collections/)
- Apache Commons IO (from http://commons.apache.org/io/, https://commons.apache.org/proper/commons-io/, https://repo1.maven.org/maven2/commons-io/commons-io)
- Apache Commons Lang (from https://commons.apache.org/proper/commons-lang/)
- Apache Commons Logging (from http://commons.apache.org/logging/, http://commons.apache.org/proper/commons-logging/)
@@ -421,10 +420,10 @@ The following software have components provided under the terms of this license:
- JBoss Marshalling River (from https://repo1.maven.org/maven2/org/jboss/marshalling/jboss-marshalling-river)
- JCIP Annotations under Apache License (from http://stephenc.github.com/jcip-annotations)
- JDOM
+- JJWT :: Legacy Transitive Dependency Jar (from https://repo1.maven.org/maven2/io/jsonwebtoken/jjwt)
- JMES Path Query library (from https://aws.amazon.com/sdkforjava)
- JOpt Simple (from http://jopt-simple.github.io/jopt-simple, http://pholser.github.io/jopt-simple)
- JSON Small and Fast Parser (from https://repo1.maven.org/maven2/net/minidev/json-smart, https://urielch.github.io/)
-- JSON Web Token support for the JVM (from https://github.com/jwtk/jjwt)
- JSON library from Android SDK (from http://developer.android.com/sdk)
- JSON.simple (from http://code.google.com/p/json-simple/)
- JSONassert (from http://github.com/skyscreamer/yoga, https://github.com/skyscreamer/JSONassert)
@@ -450,7 +449,6 @@ The following software have components provided under the terms of this license:
- Java Libraries for Amazon Simple WorkFlow (from https://github.com/aws/aws-swf-flow-library)
- Java Native Access (from https://github.com/java-native-access/jna, https://github.com/twall/jna)
- Java Native Access Platform (from https://github.com/java-native-access/jna)
-- Java UUID Generator (from http://wiki.fasterxml.com/JugHome)
- JavaBeans Activation Framework (from <http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp>, http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp, https://repo1.maven.org/maven2/com/sun/activation/javax.activation)
- Javassist (from http://www.javassist.org/)
- JetBrains Java Annotations (from https://github.com/JetBrains/java-annotations)
@@ -608,7 +606,6 @@ The following software have components provided under the terms of this license:
- aalto-xml (from https://github.com/FasterXML/aalto-xml, https://repo1.maven.org/maven2/com/fasterxml/aalto-xml)
- aggs-matrix-stats (from https://github.com/elastic/elasticsearch, https://github.com/elastic/elasticsearch.git)
- compiler (from http://github.com/spullara/mustache.java)
-- documentdb-bulkexecutor (from http://azure.microsoft.com/en-us/services/documentdb/)
- elasticsearch (from https://github.com/elastic/elasticsearch, https://github.com/elastic/elasticsearch.git, https://repo1.maven.org/maven2/org/elasticsearch/elasticsearch)
- elasticsearch-cli (from https://github.com/elastic/elasticsearch, https://github.com/elastic/elasticsearch.git)
- elasticsearch-core (from https://github.com/elastic/elasticsearch, https://github.com/elastic/elasticsearch.git)
@@ -1180,8 +1177,6 @@ The following software have components provided under the terms of this license:
- Spring Data for Azure Cosmos DB SQL API (from https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/cosmos/azure-spring-data-cosmos)
- ThreeTen backport (from https://github.com/ThreeTen/threetenbp, https://www.threeten.org/threetenbp)
- adal4j (from https://github.com/AzureAD/azure-activedirectory-library-for-java)
-- azure-documentdb (from http://azure.microsoft.com/en-us/services/documentdb/, https://azure.microsoft.com/en-us/services/cosmos-db/)
-- documentdb-bulkexecutor (from http://azure.microsoft.com/en-us/services/documentdb/)
- jersey-container-servlet (from https://repo1.maven.org/maven2/org/glassfish/jersey/containers/jersey-container-servlet)
- jersey-container-servlet-core (from https://repo1.maven.org/maven2/org/glassfish/jersey/containers/jersey-container-servlet-core)
- jersey-core-client (from https://repo1.maven.org/maven2/org/glassfish/jersey/core/jersey-client)
diff --git a/provider/indexer-azure/pom.xml b/provider/indexer-azure/pom.xml
index ff7b1c6d1..ab50c6cb3 100644
--- a/provider/indexer-azure/pom.xml
+++ b/provider/indexer-azure/pom.xml
@@ -48,7 +48,7 @@
<mockito.version>3.11.2</mockito.version>
<cobertura-maven-plugin.version>2.7</cobertura-maven-plugin.version>
<spring-security-oauth2.version>2.3.6.RELEASE</spring-security-oauth2.version>
- <netty.version>4.1.96.Final</netty.version>
+ <netty.version>4.1.98.Final</netty.version>
<reactor-netty.version>1.0.7</reactor-netty.version>
<reactor-core.version>3.4.24</reactor-core.version>
<oauth2-oidc-sdk.version>6.5</oauth2-oidc-sdk.version>
@@ -198,6 +198,10 @@
<artifactId>azure-core</artifactId>
<groupId>com.azure</groupId>
</exclusion>
+ <exclusion>
+ <groupId>com.microsoft.azure</groupId>
+ <artifactId>documentdb-bulkexecutor</artifactId>
+ </exclusion>
</exclusions>
</dependency>
--
GitLab