From 53e78452837040c2162a3df520f1ec38ebd9a8c3 Mon Sep 17 00:00:00 2001
From: Manish Jangid <msjangid@amazon.com>
Date: Fri, 13 Jan 2023 22:24:51 +0000
Subject: [PATCH] Fix Spring vulnerabilities
---
notification-core/pom.xml | 15 ++++----------
pom.xml | 2 +-
provider/notification-aws/pom.xml | 20 +++----------------
.../AwsPubsubRequestBodyExtractorTest.java | 6 +++---
4 files changed, 11 insertions(+), 32 deletions(-)
diff --git a/notification-core/pom.xml b/notification-core/pom.xml
index d26a447f9..26faa2366 100644
--- a/notification-core/pom.xml
+++ b/notification-core/pom.xml
@@ -40,7 +40,7 @@
<undertow.version>2.2.19.Final</undertow.version>
<woodstox-core.version>5.3.0</woodstox-core.version>
<log4j.version>2.17.1</log4j.version>
- <os-core-common.version>0.18.0</os-core-common.version>
+ <os-core-common.version>0.19.0-SNAPSHOT</os-core-common.version>
<google-oauth-client.version>1.33.3</google-oauth-client.version>
<google-api-client.version>1.33.2</google-api-client.version>
</properties>
@@ -169,31 +169,24 @@
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
- <version>2.10.0</version>
+ <version>3.12.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-api-mockito2</artifactId>
- <version>2.0.2</version>
+ <version>2.0.9</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-module-junit4</artifactId>
- <version>2.0.2</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-all</artifactId>
- <version>2.0.2-beta</version>
+ <version>2.0.9</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
- <version>4.12</version>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/pom.xml b/pom.xml
index dd8564556..48e040a59 100644
--- a/pom.xml
+++ b/pom.xml
@@ -25,7 +25,7 @@
<java.version>8</java.version>
<maven.compiler.target>${java.version}</maven.compiler.target>
<maven.compiler.source>${java.version}</maven.compiler.source>
- <os-core-common.version>0.14.0</os-core-common.version>
+ <os-core-common.version>0.19.0-SNAPSHOT</os-core-common.version>
<log4j2.version>2.17.1</log4j2.version>
<springfox.version>3.0.0</springfox.version>
<json-smart.version>2.4.7</json-smart.version>
diff --git a/provider/notification-aws/pom.xml b/provider/notification-aws/pom.xml
index 0a1b4ae2a..57f364b22 100644
--- a/provider/notification-aws/pom.xml
+++ b/provider/notification-aws/pom.xml
@@ -37,7 +37,7 @@
<maven.compiler.source>${java.version}</maven.compiler.source>
<aws.version>1.11.1018</aws.version>
<log4j2.version>2.17.1</log4j2.version>
- <os-core-common.version>0.14.0</os-core-common.version>
+ <os-core-common.version>0.19.0-SNAPSHOT</os-core-common.version>
<jackson-databind.version>2.13.2.2</jackson-databind.version>
<jackson.version>2.13.2</jackson.version>
<spring-webmvc.version>5.3.22</spring-webmvc.version>
@@ -79,7 +79,7 @@
<dependency>
<groupId>org.opengroup.osdu.core.aws</groupId>
<artifactId>os-core-lib-aws</artifactId>
- <version>0.14.0</version>
+ <version>0.19.0-SNAPSHOT</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.amazonaws/aws-java-sdk-secretsmanager -->
@@ -107,28 +107,14 @@
</dependency>
<!-- unit test dependencies -->
- <dependency>
- <groupId>org.powermock</groupId>
- <artifactId>powermock-api-mockito2</artifactId>
- <version>2.0.2</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.powermock</groupId>
- <artifactId>powermock-module-junit4</artifactId>
- <version>2.0.2</version>
- <scope>test</scope>
- </dependency>
<dependency>
<groupId>org.mockito</groupId>
- <artifactId>mockito-all</artifactId>
- <version>2.0.2-beta</version>
+ <artifactId>mockito-core</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
- <version>4.12</version>
<scope>test</scope>
</dependency>
diff --git a/provider/notification-aws/src/test/java/org/opengroup/osdu/notification/provider/aws/AwsPubsubRequestBodyExtractorTest.java b/provider/notification-aws/src/test/java/org/opengroup/osdu/notification/provider/aws/AwsPubsubRequestBodyExtractorTest.java
index d3bfe13ff..021cc17d2 100644
--- a/provider/notification-aws/src/test/java/org/opengroup/osdu/notification/provider/aws/AwsPubsubRequestBodyExtractorTest.java
+++ b/provider/notification-aws/src/test/java/org/opengroup/osdu/notification/provider/aws/AwsPubsubRequestBodyExtractorTest.java
@@ -21,7 +21,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.Mockito;
-import org.mockito.runners.MockitoJUnitRunner;
+import org.mockito.junit.MockitoJUnitRunner;
import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
@@ -145,8 +145,8 @@ public class AwsPubsubRequestBodyExtractorTest {
Map<String, String> receivedAttributes = service.extractAttributesFromRequestBody();
// Asset
- Assert.assertEquals(receivedAttributes.get("correlation-id"),"39137f49-123-456");
- Assert.assertEquals(receivedAttributes.get("data-partition-id"),"opendes");
+ Assert.assertEquals("39137f49-123-456", receivedAttributes.get("correlation-id"));
+ Assert.assertEquals("opendes", receivedAttributes.get("data-partition-id"));
--
GitLab