Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
Open Subsurface Data Universe Software
Platform
System
Notification
Commits
40206333
Commit
40206333
authored
Jul 15, 2021
by
Spencer Sutton
Browse files
Merge branch 'aws-blue-update' into 'master'
Fixing vulnerable packages, AWS Updates See merge request
!93
parents
544cbbe3
cd6d260a
Pipeline
#52637
failed with stages
in 24 minutes and 44 seconds
Changes
6
Pipelines
3
Expand all
Hide whitespace changes
Inline
Side-by-side
NOTICE
View file @
40206333
This diff is collapsed.
Click to expand it.
notification-core/pom.xml
View file @
40206333
...
...
@@ -36,6 +36,8 @@
<maven.compiler.target>
${java.version}
</maven.compiler.target>
<maven.compiler.source>
${java.version}
</maven.compiler.source>
<springfox-version>
2.7.0
</springfox-version>
<netty.version>
4.1.65.Final
</netty.version>
<undertow.version>
2.1.7.Final
</undertow.version>
</properties>
<dependencies>
...
...
@@ -131,11 +133,6 @@
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>
io.undertow
</groupId>
<artifactId>
undertow-core
</artifactId>
<version>
2.0.27.Final
</version>
</dependency>
<dependency>
<groupId>
org.springframework.boot
</groupId>
<artifactId>
spring-boot-starter-validation
</artifactId>
...
...
@@ -215,6 +212,83 @@
<artifactId>
spring-test
</artifactId>
<scope>
test
</scope>
</dependency>
<!-- overriding packages with known vulnerabilities -->
<!-- See: https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Anetty&cpe_product=cpe%3A%2F%3Anetty%3Anetty&cpe_version=cpe%3A%2F%3Anetty%3Anetty%3A4.1.38-->
<!-- See: https://ossindex.sonatype.org/component/pkg:maven/com.google.oauth-client/google-oauth-client@1.30.1?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.6-->
<!-- See: https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aredhat&cpe_product=cpe%3A%2F%3Aredhat%3Aundertow&cpe_version=cpe%3A%2F%3Aredhat%3Aundertow%3A2.0.23-->
<dependency>
<groupId>
io.netty
</groupId>
<artifactId>
netty-transport
</artifactId>
<version>
${netty.version}
</version>
</dependency>
<dependency>
<groupId>
io.netty
</groupId>
<artifactId>
netty-transport-native-unix-common
</artifactId>
<version>
${netty.version}
</version>
</dependency>
<dependency>
<groupId>
io.netty
</groupId>
<artifactId>
netty-codec
</artifactId>
<version>
${netty.version}
</version>
</dependency>
<dependency>
<groupId>
io.netty
</groupId>
<artifactId>
netty-buffer
</artifactId>
<version>
${netty.version}
</version>
</dependency>
<dependency>
<groupId>
io.netty
</groupId>
<artifactId>
netty-common
</artifactId>
<version>
${netty.version}
</version>
</dependency>
<dependency>
<groupId>
io.netty
</groupId>
<artifactId>
netty-resolver
</artifactId>
<version>
${netty.version}
</version>
</dependency>
<dependency>
<groupId>
io.netty
</groupId>
<artifactId>
netty-handler
</artifactId>
<version>
${netty.version}
</version>
</dependency>
<dependency>
<groupId>
io.netty
</groupId>
<artifactId>
netty-codec-http
</artifactId>
<version>
${netty.version}
</version>
</dependency>
<dependency>
<groupId>
io.netty
</groupId>
<artifactId>
netty-codec-http2
</artifactId>
<version>
${netty.version}
</version>
</dependency>
<dependency>
<groupId>
io.netty
</groupId>
<artifactId>
netty-transport-native-epoll
</artifactId>
<version>
${netty.version}
</version>
<classifier>
linux-x86_64
</classifier>
<type>
jar
</type>
</dependency>
<dependency>
<groupId>
com.google.oauth-client
</groupId>
<artifactId>
google-oauth-client
</artifactId>
<version>
1.31.5
</version>
</dependency>
<dependency>
<groupId>
io.undertow
</groupId>
<artifactId>
undertow-core
</artifactId>
<version>
${undertow.version}
</version>
</dependency>
<dependency>
<groupId>
io.undertow
</groupId>
<artifactId>
undertow-servlet
</artifactId>
<version>
${undertow.version}
</version>
</dependency>
<dependency>
<groupId>
io.undertow
</groupId>
<artifactId>
undertow-websockets-jsr
</artifactId>
<version>
${undertow.version}
</version>
</dependency>
</dependencies>
<build>
<plugins>
...
...
pom.xml
View file @
40206333
...
...
@@ -43,7 +43,7 @@
<dependency>
<groupId>
org.springframework.boot
</groupId>
<artifactId>
spring-boot-dependencies
</artifactId>
<version>
2.1.
7
.RELEASE
</version>
<version>
2.1.
18
.RELEASE
</version>
<type>
pom
</type>
<scope>
import
</scope>
</dependency>
...
...
@@ -53,6 +53,24 @@
<artifactId>
os-core-common
</artifactId>
<version>
${os-core-common.version}
</version>
</dependency>
<!-- overriding packages with known vulnerabilities -->
<!-- See: https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Afasterxml&cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson-databind&cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson-databind%3A2.9.9-->
<dependency>
<groupId>
com.fasterxml.jackson.core
</groupId>
<artifactId>
jackson-core
</artifactId>
<version>
2.12.3
</version>
</dependency>
<dependency>
<groupId>
com.fasterxml.jackson.core
</groupId>
<artifactId>
jackson-databind
</artifactId>
<version>
2.12.3
</version>
</dependency>
<dependency>
<groupId>
com.fasterxml.jackson.core
</groupId>
<artifactId>
jackson-annotations
</artifactId>
<version>
2.12.3
</version>
</dependency>
</dependencies>
</dependencyManagement>
...
...
provider/notification-aws/maven/settings.xml
View file @
40206333
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright © 2020 Amazon Web Services
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<settings
xmlns=
"http://maven.apache.org/SETTINGS/1.0.0"
...
...
@@ -63,15 +64,14 @@
</server>
</servers>
<!-- CodeArtifact doesn't support external repos yet that aren't Maven Central. ETA Q4 2020. -->
<!-- <mirrors> -->
<!-- <mirror> -->
<!-- <id>aws-osdu-dev-maven</id> -->
<!-- <name>aws-osdu-dev-maven</name> -->
<!-- <url>https://osdu-dev-888733619319.d.codeartifact.us-east-1.amazonaws.com/maven/osdu-maven/</url> -->
<!-- <mirrorOf>*,!gitlab-os-core-common-maven</mirrorOf> -->
<!-- </mirror> -->
<!-- </mirrors> -->
<mirrors>
<mirror>
<id>
aws-osdu-dev-maven
</id>
<name>
aws-osdu-dev-maven
</name>
<url>
https://osdu-dev-${AWS_ACCOUNT_ID}.d.codeartifact.us-east-1.amazonaws.com/maven/osdu-maven/
</url>
<mirrorOf>
central,!gitlab-os-core-common-maven,!gitlab-os-core-lib-aws-maven
</mirrorOf>
</mirror>
</mirrors>
<activeProfiles>
<activeProfile>
credentialsConfiguration
</activeProfile>
...
...
provider/notification-aws/pom.xml
View file @
40206333
...
...
@@ -39,16 +39,10 @@
</properties>
<dependencies>
<!-- <dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId>
</dependency> -->
<dependency>
<groupId>
org.opengroup.osdu.core.aws
</groupId>
<artifactId>
os-core-lib-aws
</artifactId>
<version>
0.
9.0
</version>
<version>
0.
10.0-SNAPSHOT
</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.amazonaws/aws-java-sdk-secretsmanager -->
...
...
@@ -94,6 +88,7 @@
<version>
4.12
</version>
<scope>
test
</scope>
</dependency>
</dependencies>
<build>
...
...
provider/notification-aws/src/main/resources/application.properties
View file @
40206333
...
...
@@ -48,3 +48,5 @@ server.ssl.key-store=${SSL_KEY_STORE_PATH:/certs/osduonaws.p12}
server.ssl.key-alias
=
${SSL_KEY_ALIAS:osduonaws}
server.ssl.key-password
=
${SSL_KEY_PASSWORD:}
server.ssl.key-store-password
=
${SSL_KEY_STORE_PASSWORD:}
spring.autoconfigure.exclude
=
org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
\ No newline at end of file
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment