Skip to content
Snippets Groups Projects
Commit 93a70beb authored by Thulasi Dass Subramanian's avatar Thulasi Dass Subramanian
Browse files

[#MSCOSDU-1987] fix: Remediate [json-smart,okio,reactor-netty-http] vulnerability for Azure

parent 1a5f7700
No related branches found
No related tags found
1 merge request!506[#MSCOSDU-1987] fix: Remediate [json-smart,okio,reactor-netty-http] vulnerability for Azure
Hide whitespace changes
Inline Side-by-side
NOTICE
+ 32
13
View file @ 93a70beb
......@@ -31,7 +31,7 @@ The following software have components provided under the terms of this license:
- Doxia Sitetools :: Decoration Model (from http://maven.apache.org/doxia/doxia-sitetools/doxia-decoration-model/, https://repo1.maven.org/maven2/org/apache/maven/doxia/doxia-decoration-model)
- Doxia Sitetools :: Site Renderer (from http://maven.apache.org/doxia/doxia-sitetools/doxia-site-renderer/, https://repo1.maven.org/maven2/org/apache/maven/doxia/doxia-site-renderer)
- Doxia Sitetools :: Skin Model (from https://repo1.maven.org/maven2/org/apache/maven/doxia/doxia-skin-model)
- Maven Core (from https://maven.apache.org/ref/4.0.0-alpha-8/maven-core/, https://repo1.maven.org/maven2/org/apache/maven/maven-core)
- Maven Core (from https://repo1.maven.org/maven2/org/apache/maven/maven-core)
- Maven Error Diagnostics (from https://repo1.maven.org/maven2/org/apache/maven/maven-error-diagnostics)
- Maven Monitor (from https://repo1.maven.org/maven2/org/apache/maven/maven-monitor)
- Maven Plugin Descriptor Model (from https://repo1.maven.org/maven2/org/apache/maven/maven-plugin-descriptor)
......@@ -104,7 +104,7 @@ The following software have components provided under the terms of this license:
- Apache Maven Wagon :: Providers :: SSH External Provider (from https://repo1.maven.org/maven2/org/apache/maven/wagon/wagon-ssh-external)
- Apache Maven Wagon :: Providers :: SSH Provider (from https://repo1.maven.org/maven2/org/apache/maven/wagon/wagon-ssh)
- Apache Velocity (from http://velocity.apache.org/engine/devel/, http://velocity.apache.org/engine/releases/velocity-1.6.1/, http://velocity.apache.org/engine/releases/velocity-1.6.2/)
- AssertJ Core (from ${project.organization.url}#${project.artifactId})
- AssertJ Core (from https://assertj.github.io/doc/#assertj-core)
- Asynchronous Http Client (from https://repo1.maven.org/maven2/org/asynchttpclient/async-http-client)
- Asynchronous Http Client Netty Utils (from https://repo1.maven.org/maven2/org/asynchttpclient/async-http-client-netty-utils)
- AutoValue Annotations (from https://github.com/google/auto/tree/main/value, https://github.com/google/auto/tree/master/value, https://repo1.maven.org/maven2/com/google/auto/value/auto-value-annotations)
......@@ -137,6 +137,7 @@ The following software have components provided under the terms of this license:
- Doxia Sitetools :: Integration Tools (from https://repo1.maven.org/maven2/org/apache/maven/doxia/doxia-integration-tools)
- Doxia Sitetools :: Site Renderer (from http://maven.apache.org/doxia/doxia-sitetools/doxia-site-renderer/, https://repo1.maven.org/maven2/org/apache/maven/doxia/doxia-site-renderer)
- Doxia Sitetools :: Skin Model (from https://repo1.maven.org/maven2/org/apache/maven/doxia/doxia-skin-model)
- Expression Language 3.0 (from http://el-spec.java.net, http://uel.java.net, https://projects.eclipse.org/projects/ee4j.el)
- FindBugs-jsr305 (from http://findbugs.sourceforge.net/)
- GAX (Google Api eXtensions) for Java (Core) (from https://github.com/googleapis, https://github.com/googleapis/gax-java, https://repo1.maven.org/maven2/com/google/api/gax)
- GAX (Google Api eXtensions) for Java (HTTP JSON) (from <https://repo1.maven.org/maven2/com/google/api/gax-httpjson>, https://repo1.maven.org/maven2/com/google/api/gax-httpjson)
......@@ -193,7 +194,7 @@ The following software have components provided under the terms of this license:
- Java Native Access (from https://github.com/java-native-access/jna, https://github.com/twall/jna)
- Java Native Access Platform (from https://github.com/java-native-access/jna)
- JavaBeans Activation Framework (from <http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp>, http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp, https://repo1.maven.org/maven2/com/sun/activation/javax.activation)
- Javassist (from http://www.javassist.org/)
- Javassist (from http://www.javassist.org/, https://www.javassist.org/)
- JetBrains Java Annotations (from https://github.com/JetBrains/java-annotations)
- Jetty :: Utilities (from http://jetty.mortbay.org, http://www.eclipse.org/jetty, https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-util, https://repo1.maven.org/maven2/org/mortbay/jetty/jetty-util)
- Jetty Server (from http://jetty.mortbay.org, https://repo1.maven.org/maven2/org/mortbay/jetty/jetty)
......@@ -208,20 +209,20 @@ The following software have components provided under the terms of this license:
- Kotlin Stdlib Common (from https://kotlinlang.org/)
- Kotlin Stdlib Jdk7 (from <https://kotlinlang.org/>, https://kotlinlang.org/)
- Kotlin Stdlib Jdk8 (from <https://kotlinlang.org/>, https://kotlinlang.org/)
- Maven Artifact (from https://maven.apache.org/ref/4.0.0-alpha-8/maven-artifact/, https://repo1.maven.org/maven2/org/apache/maven/maven-artifact)
- Maven Artifact (from https://repo1.maven.org/maven2/org/apache/maven/maven-artifact)
- Maven Artifact Manager (from https://repo1.maven.org/maven2/org/apache/maven/maven-artifact-manager)
- Maven Core (from https://maven.apache.org/ref/4.0.0-alpha-8/maven-core/, https://repo1.maven.org/maven2/org/apache/maven/maven-core)
- Maven Core (from https://repo1.maven.org/maven2/org/apache/maven/maven-core)
- Maven Error Diagnostics (from https://repo1.maven.org/maven2/org/apache/maven/maven-error-diagnostics)
- Maven Model (from https://maven.apache.org/ref/4.0.0-alpha-8/maven-model/, https://repo1.maven.org/maven2/org/apache/maven/maven-model)
- Maven Model (from https://repo1.maven.org/maven2/org/apache/maven/maven-model)
- Maven Monitor (from https://repo1.maven.org/maven2/org/apache/maven/maven-monitor)
- Maven Plugin API (from https://maven.apache.org/ref/4.0.0-alpha-8/maven-plugin-api/, https://repo1.maven.org/maven2/org/apache/maven/maven-plugin-api)
- Maven Plugin API (from https://repo1.maven.org/maven2/org/apache/maven/maven-plugin-api)
- Maven Plugin Descriptor Model (from https://repo1.maven.org/maven2/org/apache/maven/maven-plugin-descriptor)
- Maven Plugin Parameter Documenter API (from https://repo1.maven.org/maven2/org/apache/maven/maven-plugin-parameter-documenter)
- Maven Plugin Registry Model (from https://repo1.maven.org/maven2/org/apache/maven/maven-plugin-registry)
- Maven Profile Model (from https://repo1.maven.org/maven2/org/apache/maven/maven-profile)
- Maven Project (from https://repo1.maven.org/maven2/org/apache/maven/maven-project)
- Maven Repository Metadata Model (from https://maven.apache.org/ref/4.0.0-alpha-8/maven-repository-metadata/, https://repo1.maven.org/maven2/org/apache/maven/maven-repository-metadata)
- Maven Settings (from https://maven.apache.org/ref/4.0.0-alpha-8/maven-settings/, https://repo1.maven.org/maven2/org/apache/maven/maven-settings)
- Maven Repository Metadata Model (from https://repo1.maven.org/maven2/org/apache/maven/maven-repository-metadata)
- Maven Settings (from https://repo1.maven.org/maven2/org/apache/maven/maven-settings)
- Metrics Core (from https://repo1.maven.org/maven2/io/dropwizard/metrics/metrics-core)
- Microsoft Application Insights Java Agent (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
......@@ -235,15 +236,24 @@ The following software have components provided under the terms of this license:
- MongoDB Driver (from https://www.mongodb.com/)
- MongoDB Java Driver (from http://mongodb.org/, http://www.mongodb.org, https://www.mongodb.com/)
- Netty Reactive Streams Implementation (from https://repo1.maven.org/maven2/com/typesafe/netty/netty-reactive-streams)
- Netty/All-in-One (from https://netty.io/netty-all/, https://repo1.maven.org/maven2/io/netty/netty-all)
- Netty/Buffer (from https://repo1.maven.org/maven2/io/netty/netty-buffer)
- Netty/Codec (from https://repo1.maven.org/maven2/io/netty/netty-codec)
- Netty/Codec/DNS (from https://repo1.maven.org/maven2/io/netty/netty-codec-dns)
- Netty/Codec/HAProxy (from https://repo1.maven.org/maven2/io/netty/netty-codec-haproxy)
- Netty/Codec/HTTP (from https://repo1.maven.org/maven2/io/netty/netty-codec-http)
- Netty/Codec/HTTP2 (from https://repo1.maven.org/maven2/io/netty/netty-codec-http2)
- Netty/Codec/MQTT (from https://repo1.maven.org/maven2/io/netty/netty-codec-mqtt)
- Netty/Codec/Memcache (from https://repo1.maven.org/maven2/io/netty/netty-codec-memcache)
- Netty/Codec/Redis (from https://repo1.maven.org/maven2/io/netty/netty-codec-redis)
- Netty/Codec/SMTP (from https://repo1.maven.org/maven2/io/netty/netty-codec-smtp)
- Netty/Codec/Socks (from https://repo1.maven.org/maven2/io/netty/netty-codec-socks)
- Netty/Codec/Stomp (from https://repo1.maven.org/maven2/io/netty/netty-codec-stomp)
- Netty/Codec/XML (from https://repo1.maven.org/maven2/io/netty/netty-codec-xml)
- Netty/Common (from https://repo1.maven.org/maven2/io/netty/netty-common)
- Netty/Handler (from https://repo1.maven.org/maven2/io/netty/netty-handler)
- Netty/Handler/Proxy (from https://repo1.maven.org/maven2/io/netty/netty-handler-proxy)
- Netty/Handler/Ssl/Ocsp (from https://repo1.maven.org/maven2/io/netty/netty-handler-ssl-ocsp)
- Netty/Incubator/Codec/Classes/Quic (from <https://repo1.maven.org/maven2/io/netty/incubator/netty-incubator-codec-classes-quic>, https://repo1.maven.org/maven2/io/netty/incubator/netty-incubator-codec-classes-quic)
- Netty/Resolver (from https://repo1.maven.org/maven2/io/netty/netty-resolver)
- Netty/Resolver/DNS (from https://repo1.maven.org/maven2/io/netty/netty-resolver-dns)
......@@ -254,6 +264,9 @@ The following software have components provided under the terms of this license:
- Netty/Transport/Classes/Epoll (from https://repo1.maven.org/maven2/io/netty/netty-transport-classes-epoll)
- Netty/Transport/Classes/KQueue (from https://repo1.maven.org/maven2/io/netty/netty-transport-classes-kqueue)
- Netty/Transport/Native/Unix/Common (from https://repo1.maven.org/maven2/io/netty/netty-transport-native-unix-common)
- Netty/Transport/RXTX (from https://repo1.maven.org/maven2/io/netty/netty-transport-rxtx)
- Netty/Transport/SCTP (from https://repo1.maven.org/maven2/io/netty/netty-transport-sctp)
- Netty/Transport/UDT (from https://repo1.maven.org/maven2/io/netty/netty-transport-udt)
- Nimbus Content Type (from https://bitbucket.org/connect2id/nimbus-content-type)
- Nimbus JOSE+JWT (from https://bitbucket.org/connect2id/nimbus-jose-jwt, https://bitbucket.org/nimbusds/nimbus-jose-jwt)
- Nimbus LangTag (from https://bitbucket.org/connect2id/nimbus-language-tags)
......@@ -266,7 +279,7 @@ The following software have components provided under the terms of this license:
- Okio (from https://github.com/square/okio/, https://repo1.maven.org/maven2/com/squareup/okio/okio)
- OpenCensus (from https://github.com/census-instrumentation/opencensus-java, https://github.com/census-instrumentation/opencensus-proto)
- PWDB :: Database (from https://repo1.maven.org/maven2/org/linguafranca/pwdb/database)
- Plexus :: Component Annotations (from https://repo1.maven.org/maven2/org/codehaus/plexus/plexus-component-annotations)
- Plexus :: Component Annotations (deprecated) (from https://repo1.maven.org/maven2/org/codehaus/plexus/plexus-component-annotations)
- Plexus Common Utilities (from http://plexus.codehaus.org/plexus-utils, https://repo1.maven.org/maven2/org/codehaus/plexus/plexus-utils)
- Plexus I18N Component (from https://repo1.maven.org/maven2/org/codehaus/plexus/plexus-i18n)
- Plexus Interpolation API (from https://repo1.maven.org/maven2/org/codehaus/plexus/plexus-interpolation)
......@@ -421,6 +434,7 @@ The following software have components provided under the terms of this license:
- ASM Tree (from http://asm.ow2.io/)
- ASM Util (from http://asm.ow2.io/)
- AspectJ Weaver (from http://www.aspectj.org, https://www.eclipse.org/aspectj/)
- Expression Language 3.0 (from http://el-spec.java.net, http://uel.java.net, https://projects.eclipse.org/projects/ee4j.el)
- FindBugs-jsr305 (from http://findbugs.sourceforge.net/)
- GAX (Google Api eXtensions) for Java (Core) (from https://github.com/googleapis, https://github.com/googleapis/gax-java, https://repo1.maven.org/maven2/com/google/api/gax)
- GAX (Google Api eXtensions) for Java (HTTP JSON) (from <https://repo1.maven.org/maven2/com/google/api/gax-httpjson>, https://repo1.maven.org/maven2/com/google/api/gax-httpjson)
......@@ -550,6 +564,7 @@ The following software have components provided under the terms of this license:
- Apache Maven Reporting Implementation (from https://repo1.maven.org/maven2/org/apache/maven/reporting/maven-reporting-impl)
- AspectJ Weaver (from http://www.aspectj.org, https://www.eclipse.org/aspectj/)
- Expression Language 3.0 (from http://el-spec.java.net, http://uel.java.net, https://projects.eclipse.org/projects/ee4j.el)
- JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
- JUnit Jupiter API (from http://junit.org/junit5/, https://junit.org/junit5/)
- JUnit Jupiter Engine (from http://junit.org/junit5/, https://junit.org/junit5/)
......@@ -574,6 +589,7 @@ EPL-2.0
The following software have components provided under the terms of this license:
- AspectJ Weaver (from http://www.aspectj.org, https://www.eclipse.org/aspectj/)
- Expression Language 3.0 (from http://el-spec.java.net, http://uel.java.net, https://projects.eclipse.org/projects/ee4j.el)
- JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
- JUnit Jupiter API (from http://junit.org/junit5/, https://junit.org/junit5/)
- JUnit Jupiter Engine (from http://junit.org/junit5/, https://junit.org/junit5/)
......@@ -598,6 +614,7 @@ GPL-2.0-only
The following software have components provided under the terms of this license:
- Cobertura (from http://cobertura.sourceforge.net)
- Expression Language 3.0 (from http://el-spec.java.net, http://uel.java.net, https://projects.eclipse.org/projects/ee4j.el)
- Jakarta Annotations API (from https://projects.eclipse.org/projects/ee4j.ca)
- tomcat-embed-core (from http://tomcat.apache.org/)
......@@ -613,6 +630,7 @@ GPL-2.0-with-classpath-exception
========================================================================
The following software have components provided under the terms of this license:
- Expression Language 3.0 (from http://el-spec.java.net, http://uel.java.net, https://projects.eclipse.org/projects/ee4j.el)
- Jakarta Activation API (from https://github.com/eclipse-ee4j/jaf, https://github.com/jakartaee/jaf-api, https://repo1.maven.org/maven2/jakarta/activation/jakarta.activation-api)
- Jakarta Annotations API (from https://projects.eclipse.org/projects/ee4j.ca)
- Jakarta Validation API (from https://beanvalidation.org)
......@@ -627,6 +645,7 @@ GPL-3.0-only
========================================================================
The following software have components provided under the terms of this license:
- Expression Language 3.0 (from http://el-spec.java.net, http://uel.java.net, https://projects.eclipse.org/projects/ee4j.el)
- Jakarta Annotations API (from https://projects.eclipse.org/projects/ee4j.ca)
========================================================================
......@@ -681,7 +700,7 @@ The following software have components provided under the terms of this license:
- Java Native Access (from https://github.com/java-native-access/jna, https://github.com/twall/jna)
- Java Native Access Platform (from https://github.com/java-native-access/jna)
- Javassist (from http://www.javassist.org/)
- Javassist (from http://www.javassist.org/, https://www.javassist.org/)
========================================================================
MIT
......@@ -737,7 +756,7 @@ The following software have components provided under the terms of this license:
- QpidJMS Client (from https://repo1.maven.org/maven2/org/apache/qpid/qpid-jms-client)
- SLF4J API Module (from http://www.slf4j.org)
- Spongy Castle (from http://rtyley.github.io/spongycastle/)
- Spring Data for Azure Cosmos DB SQL API (from https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/cosmos/azure-spring-data-cosmos)
- Spring Data for Azure Cosmos DB SQL API (from https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/cosmos/azure-spring-data-cosmos, https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/spring/azure-spring-data-cosmos)
- ThreeTen backport (from https://github.com/ThreeTen/threetenbp, https://www.threeten.org/threetenbp)
- adal4j (from https://github.com/AzureAD/azure-activedirectory-library-for-java)
- micrometer-commons (from https://github.com/micrometer-metrics/micrometer)
......@@ -754,7 +773,7 @@ MPL-1.1
The following software have components provided under the terms of this license:
- Cobertura (from http://cobertura.sourceforge.net)
- Javassist (from http://www.javassist.org/)
- Javassist (from http://www.javassist.org/, https://www.javassist.org/)
========================================================================
Plexus
......
provider/partition-azure/pom.xml
+ 39
3
View file @ 93a70beb
......@@ -17,7 +17,10 @@
<osdu.corelibazure.version>0.25.0</osdu.corelibazure.version>
<junit.version>4.13.2</junit.version>
<spring-webmvc.version>5.3.22</spring-webmvc.version>
<reactor-netty-http.version>1.1.13</reactor-netty-http.version>
<reactor-core.version>3.4.19</reactor-core.version>
<reactor-netty.version>1.1.14</reactor-netty.version>
<nimbus-jose-jwt.version>9.30.2</nimbus-jose-jwt.version>
<okhttp.version>4.12.0</okhttp.version>
</properties>
<dependencyManagement>
......@@ -112,12 +115,33 @@
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
<!-- reactor-netty related dependencies -->
<dependency>
<groupId>io.projectreactor.netty</groupId>
<artifactId>reactor-netty-http</artifactId>
<version>${reactor-netty-http.version}</version>
<version>${reactor-netty.version}</version>
</dependency>
<dependency>
<groupId>io.projectreactor.netty</groupId>
<artifactId>reactor-netty-core</artifactId>
<version>${reactor-netty.version}</version>
</dependency>
<dependency>
<groupId>io.projectreactor.netty</groupId>
<artifactId>reactor-netty-http-brave</artifactId>
<version>${reactor-netty.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.projectreactor.netty</groupId>
<artifactId>reactor-netty</artifactId>
<version>${reactor-netty.version}</version>
</dependency>
<dependency>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-core</artifactId>
<version>${reactor-core.version}</version>
</dependency>
<!-- Azure dependencies -->
<!-- https://mvnrepository.com/artifact/com.azure/azure-storage-blob -->
<dependency>
......@@ -142,6 +166,18 @@
<artifactId>lombok</artifactId>
<version>1.18.26</version>
</dependency>
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>${nimbus-jose-jwt.version}</version>
</dependency>
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
<version>${okhttp.version}</version>
</dependency>
<!-- Test dependencies -->
<dependency>
<groupId>junit</groupId>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment