Skip to content
Snippets Groups Projects
Commit 92e02ef7 authored by Yauheni Lesnikau's avatar Yauheni Lesnikau
Browse files

Merge branch 'whitesource-issues' into 'master' 

eliminate security vulnerabilities for indexer-core and indexer-azure

See merge request !469
parents 05e6e0e2 55ae3e5f
Branches
Tags
1 merge request!469eliminate security vulnerabilities for indexer-core and indexer-azure
Pipeline #170528 canceled
Stage: build
Stage: coverage
Stage: containerize
Stage: scan
Stage: deploy
Stage: integration
Stage: publish
Hide whitespace changes
Inline Side-by-side
NOTICE
+ 15
1
View file @ 92e02ef7
......@@ -753,7 +753,6 @@ The following software have components provided under the terms of this license:
- Hamcrest (from http://hamcrest.org/JavaHamcrest/)
- Hamcrest Core (from http://hamcrest.org/, http://hamcrest.org/JavaHamcrest/, https://repo1.maven.org/maven2/org/hamcrest/hamcrest-core)
- JSch (from http://www.jcraft.com/jsch/)
- Jackson module: Afterburner (from http://wiki.fasterxml.com/JacksonHome, https://github.com/FasterXML/jackson-modules-base)
- Jakarta Activation API (from https://github.com/eclipse-ee4j/jaf, https://github.com/jakartaee/jaf-api, https://repo1.maven.org/maven2/jakarta/activation/jakarta.activation-api)
- Jakarta Annotations API (from https://projects.eclipse.org/projects/ee4j.ca)
- Jakarta RESTful WS API (from https://github.com/eclipse-ee4j/jaxrs-api)
......@@ -795,6 +794,13 @@ The following software have components provided under the terms of this license:
- jts-core (from https://repo1.maven.org/maven2/org/locationtech/jts/jts-core)
- jts-io-common (from https://repo1.maven.org/maven2/org/locationtech/jts/io/jts-io-common)
========================================================================
BSL-1.0
========================================================================
The following software have components provided under the terms of this license:
- Jackson-core (from http://wiki.fasterxml.com/JacksonHome, https://github.com/FasterXML/jackson-core)
========================================================================
Beerware
========================================================================
......@@ -1144,6 +1150,7 @@ The following software have components provided under the terms of this license:
- JSch (from http://www.jcraft.com/jsch/)
- JTidy (from http://jtidy.sourceforge.net)
- JUL to SLF4J bridge (from http://www.slf4j.org)
- Jackson-core (from http://wiki.fasterxml.com/JacksonHome, https://github.com/FasterXML/jackson-core)
- Jakarta XML Binding API (from https://repo1.maven.org/maven2/jakarta/xml/bind/jakarta.xml.bind-api, https://repo1.maven.org/maven2/org/jboss/spec/javax/xml/bind/jboss-jaxb-api_2.3_spec)
- Java Client Runtime for AutoRest (from https://github.com/Azure/autorest-clientruntime-for-java)
- Java JWT (from http://www.jwt.io, https://github.com/auth0/java-jwt)
......@@ -1302,6 +1309,13 @@ The following software have components provided under the terms of this license:
- Netty/Codec (from https://repo1.maven.org/maven2/io/netty/netty-codec)
========================================================================
mit-old-style-no-advert
========================================================================
The following software have components provided under the terms of this license:
- Brave (from https://repo1.maven.org/maven2/io/zipkin/brave/brave)
========================================================================
proprietary-license
========================================================================
......
indexer-core/pom.xml
+ 9
11
View file @ 92e02ef7
......@@ -16,12 +16,10 @@
<properties>
<commons-beanutils.version>1.9.4</commons-beanutils.version>
<spring-security-web.version>5.4.9</spring-security-web.version>
<gson.version>2.9.1</gson.version>
<netty.version>4.1.70.Final</netty.version>
<jackson-databind.version>2.13.4.2</jackson-databind.version>
<jackson.version>2.13.4</jackson.version>
<spring-webmvc.version>5.3.22</spring-webmvc.version>
<os-core-common.version>0.19.0</os-core-common.version>
</properties>
<dependencyManagement>
......@@ -33,6 +31,13 @@
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId>
<version>${os-core-common.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
......@@ -88,7 +93,6 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring-security-web.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
......@@ -103,7 +107,6 @@
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>9.0.67</version>
</dependency>
<dependency>
......@@ -164,18 +167,14 @@
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>${jackson.version}</version>
</dependency>
<artifactId>jackson-core</artifactId></dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson-databind.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
......@@ -247,7 +246,6 @@
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>9.0.68</version>
</dependency>
</dependencies>
......
pom.xml
+ 4
4
View file @ 92e02ef7
......@@ -16,14 +16,14 @@
<os-core-common.version>0.19.0</os-core-common.version>
<snakeyaml.version>1.33</snakeyaml.version>
<hibernate-validator.version>6.1.5.Final</hibernate-validator.version>
<jackson-databind.version>2.13.4.2</jackson-databind.version>
<jackson.version>2.13.4</jackson.version>
<tomcat-embed-core.version>9.0.68</tomcat-embed-core.version>
<jackson-databind.version>2.14.1</jackson-databind.version>
<jackson.version>2.14.1</jackson.version>
<tomcat-embed-core.version>9.0.70</tomcat-embed-core.version>
<common-codec.version>1.14</common-codec.version>
<elasticsearch.version>7.8.1</elasticsearch.version>
<netty.version>4.1.51.Final</netty.version>
<reactor-netty.version>0.8.20.RELEASE</reactor-netty.version>
<woodstox-core.version>6.2.3</woodstox-core.version>
<woodstox-core.version>6.4.0</woodstox-core.version>
<log4j2.version>2.17.1</log4j2.version>
<spring-boot-maven-plugin.version>2.7.6</spring-boot-maven-plugin.version>
<!-- <spring-boot.version>2.1.18.RELEASE</spring-boot.version>-->
......
provider/indexer-azure/pom.xml
+ 7
13
View file @ 92e02ef7
......@@ -41,19 +41,17 @@
<nimbus-jose-jwt.version>8.2</nimbus-jose-jwt.version>
<indexer-core.version>0.20.0-SNAPSHOT</indexer-core.version>
<spring-security-jwt.version>1.1.1.RELEASE</spring-security-jwt.version>
<osdu.corelibazure.version>0.18.0-rc3</osdu.corelibazure.version>
<osdu.corelibazure.version>0.19.0-rc8</osdu.corelibazure.version>
<os-core-common.version>0.19.0-rc6</os-core-common.version>
<reactor-netty.version>0.9.12.RELEASE</reactor-netty.version>
<java-jwt.version>3.8.1</java-jwt.version>
<powermock.version>2.0.2</powermock.version>
<mockito.version>3.11.2</mockito.version>
<cobertura-maven-plugin.version>2.7</cobertura-maven-plugin.version>
<spring-security-oauth2.version>2.3.6.RELEASE</spring-security-oauth2.version>
<spring-boot.version>2.1.18.RELEASE</spring-boot.version>
<reactor-netty.version>1.0.7</reactor-netty.version>
<reactor-core.version>3.4.24</reactor-core.version>
<oauth2-oidc-sdk.version>6.5</oauth2-oidc-sdk.version>
<jackson-databind.version>2.13.4</jackson-databind.version>
<jackson.version>2.13.2</jackson.version>
<spring-webmvc.version>5.3.22</spring-webmvc.version>
<azure-core.version>1.31.0</azure-core.version>
<azure-security-keyvault-keys.version>4.4.6</azure-security-keyvault-keys.version>
......@@ -71,6 +69,11 @@
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId>
<version>${os-core-common.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
......@@ -173,10 +176,6 @@
<artifactId>core-lib-azure</artifactId>
<version>${osdu.corelibazure.version}</version>
<exclusions>
<exclusion>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId>
</exclusion>
<exclusion>
<artifactId>azure-security-keyvault-keys</artifactId>
<groupId>com.azure</groupId>
......@@ -219,22 +218,18 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson-databind.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-cbor</artifactId>
<version>${jackson.version}</version>
</dependency>
<!-- Resilience4j Dependencies-->
......@@ -339,7 +334,6 @@
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-xml</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.nimbusds</groupId>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment