Commit efbddb54 authored by Rostislav Vatolin [SLB]'s avatar Rostislav Vatolin [SLB]
Browse files

Merge branch 'fix-deps' into 'master'

Fix security vulnerabilities

See merge request !44
parents af1fe295 f92d1073
Pipeline #43308 passed with stages
in 22 minutes and 58 seconds
This diff is collapsed.
......@@ -10,9 +10,7 @@
<relativePath>../pom.xml</relativePath>
</parent>
<groupId>org.opengroup.osdu.crs-catalog-service</groupId>
<artifactId>crs-catalog-core</artifactId>
<version>0.9.0-SNAPSHOT</version>
<packaging>jar</packaging>
<name>crs-catalog-core</name>
<description>CRS catalog service core</description>
......@@ -44,11 +42,6 @@
<artifactId>javax.inject</artifactId>
<version>1</version>
</dependency>
<dependency>
<groupId>com.auth0</groupId>
<artifactId>jwks-rsa</artifactId>
<version>0.11.0</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
......@@ -80,6 +73,15 @@
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>${springfox-swagger2.version}</version>
<exclusions>
<exclusion>
<!--
Excluding com.google.guava:guava:jar:18.0, because it has security vulnerability
-->
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
......@@ -195,28 +197,6 @@
<version>2.21.0</version>
<configuration>
<redirectTestOutputToFile>true</redirectTestOutputToFile>
<!--
<testFailureIgnore>true</testFailureIgnore>
-->
</configuration>
</plugin>
<plugin>
<groupId>org.whitesource</groupId>
<artifactId>whitesource-maven-plugin</artifactId>
<version>18.11.1</version>
<configuration>
<orgToken>${orgToken}</orgToken>
<wssUrl>https://app-eu.whitesourcesoftware.com/agent</wssUrl>
<aggregateModules>true</aggregateModules>
<product>DE</product>
<aggregateProjectName>de-crs-catalog-service</aggregateProjectName>
<forceCheckAllDependencies>true</forceCheckAllDependencies>
<checkPolicies>false</checkPolicies>
<forceUpdate>true</forceUpdate>
<failOnError>false</failOnError>
<excludes>
<exclude>integration-tests</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
......
......@@ -2,12 +2,6 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.11.RELEASE</version>
</parent>
<properties>
<java.version>1.8</java.version>
<maven.compiler.target>1.8</maven.compiler.target>
......@@ -17,7 +11,6 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<os-core-common.version>0.9.0-rc17</os-core-common.version>
<snakeyaml.version>1.26</snakeyaml.version>
<jackson.version>2.11.2</jackson.version>
<nimbus-jose-jwt.version>7.9</nimbus-jose-jwt.version>
</properties>
......@@ -94,21 +87,31 @@
<version>${os-core-common.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>${nimbus-jose-jwt.version}</version>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId>
<version>${os-core-common.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</pluginManagement>
</build>
</project>
......@@ -25,9 +25,7 @@
<relativePath>../../pom.xml</relativePath>
</parent>
<groupId>org.opengroup.osdu.crs-catalog-service</groupId>
<artifactId>crs-catalog-aws</artifactId>
<version>0.9.0-SNAPSHOT</version>
<packaging>jar</packaging>
<name>crs-catalog-aws</name>
<description>CRS Catalog service on AWS</description>
......@@ -35,9 +33,7 @@
<properties>
<app.version>1</app.version>
<app.id>crs-catalog-aws</app.id>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<objectify.version>5.1.22</objectify.version>
<slf4j.version>1.7.25</slf4j.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
......@@ -55,7 +51,7 @@
<dependency>
<groupId>org.opengroup.osdu.crs-catalog-service</groupId>
<artifactId>crs-catalog-core</artifactId>
<version>0.9.0-SNAPSHOT</version>
<version>${project.version}</version>
</dependency>
<dependency>
......
......@@ -3,7 +3,6 @@
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.opengroup.osdu.crs-catalog-service</groupId>
<artifactId>crs-catalog-service</artifactId>
......@@ -11,9 +10,7 @@
<relativePath>../../../pom.xml</relativePath>
</parent>
<groupId>org.opengroup.osdu.crs-catalog-service</groupId>
<artifactId>crs-catalog-aks</artifactId>
<version>0.9.0-SNAPSHOT</version>
<packaging>jar</packaging>
<name>crs-catalog-aks</name>
<description>CRS Catalog service Google Kubernetes Engine deployment</description>
......@@ -21,43 +18,68 @@
<properties>
<app.version>1</app.version>
<app.id>crs-catalog-aks</app.id>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<objectify.version>5.1.22</objectify.version>
<azure.version>2.1.7</azure.version>
<slf4j.version>1.7.25</slf4j.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.showDeprecation>true</maven.compiler.showDeprecation>
<maven.compiler.showDeprecation>true</maven.compiler.showDeprecation>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<osdu.corelibazure.version>0.0.42</osdu.corelibazure.version>
<osdu.corelibazure.version>0.9.0-rc8</osdu.corelibazure.version>
<json-smart.version>2.4.6</json-smart.version>
</properties>
<prerequisites>
<maven>3.1.0</maven>
</prerequisites>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>core-lib-azure</artifactId>
<version>${osdu.corelibazure.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.opengroup.osdu.crs-catalog-service</groupId>
<artifactId>crs-catalog-core</artifactId>
<version>0.9.0-SNAPSHOT</version>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>core-lib-azure</artifactId>
<version>${osdu.corelibazure.version}</version>
</dependency>
<dependency>
<groupId>net.minidev</groupId>
<artifactId>json-smart</artifactId>
<version>${json-smart.version}</version>
</dependency>
<dependency>
<groupId>com.azure.spring</groupId>
<artifactId>azure-spring-boot-starter-active-directory</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Compile/runtime dependencies -->
<dependency>
<groupId>javax.jdo</groupId>
<artifactId>jdo-api</artifactId>
<version>3.1</version>
</dependency>
<dependency>
<groupId>javax.jdo</groupId>
<artifactId>jdo-api</artifactId>
<version>3.1</version>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.8.5</version>
......@@ -101,18 +123,6 @@
<version>2.7</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure-active-directory-spring-boot-starter</artifactId>
<version>${azure.version}</version>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<build>
......@@ -164,13 +174,8 @@
<version>2.21.0</version>
<configuration>
<redirectTestOutputToFile>true</redirectTestOutputToFile>
<!--
<testFailureIgnore>true</testFailureIgnore>
-->
</configuration>
</plugin>
</plugins>
</build>
</project>
......@@ -3,7 +3,6 @@
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.opengroup.osdu.crs-catalog-service</groupId>
<artifactId>crs-catalog-service</artifactId>
......@@ -11,9 +10,7 @@
<relativePath>../../../pom.xml</relativePath>
</parent>
<groupId>org.opengroup.osdu.crs-catalog-service</groupId>
<artifactId>crs-catalog-gke</artifactId>
<version>0.9.0-SNAPSHOT</version>
<packaging>jar</packaging>
<name>crs-catalog-gke</name>
<description>CRS Catalog service Google Kubernetes Engine deployment</description>
......@@ -21,9 +18,7 @@
<properties>
<app.version>1</app.version>
<app.id>crs-catalog-gke</app.id>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<objectify.version>5.1.22</objectify.version>
<slf4j.version>1.7.25</slf4j.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
......@@ -41,7 +36,7 @@
<dependency>
<groupId>org.opengroup.osdu.crs-catalog-service</groupId>
<artifactId>crs-catalog-core</artifactId>
<version>0.9.0-SNAPSHOT</version>
<version>${project.version}</version>
</dependency>
<!-- Compile/runtime dependencies -->
<dependency>
......
......@@ -3,7 +3,6 @@
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.opengroup.osdu.crs-catalog-service</groupId>
<artifactId>crs-catalog-service</artifactId>
......@@ -19,9 +18,7 @@
<properties>
<app.version>1</app.version>
<app.id>crs-catalog-ocp</app.id>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<objectify.version>5.1.22</objectify.version>
<os-core-lib-ibm.version>0.7.0</os-core-lib-ibm.version>
<slf4j.version>1.7.25</slf4j.version>
......@@ -40,7 +37,7 @@
<dependency>
<groupId>org.opengroup.osdu.crs-catalog-service</groupId>
<artifactId>crs-catalog-core</artifactId>
<version>0.9.0-SNAPSHOT</version>
<version>${project.version}</version>
</dependency>
<!-- Compile/runtime dependencies -->
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment