Commit efbddb54 authored by Rostislav Vatolin [SLB]'s avatar Rostislav Vatolin [SLB]
Browse files

Merge branch 'fix-deps' into 'master'

Fix security vulnerabilities

See merge request !44
parents af1fe295 f92d1073
Pipeline #43308 passed with stages
in 22 minutes and 58 seconds
......@@ -18,7 +18,6 @@ The following software have components provided under the terms of this license:
- Cobertura code coverage (from http://cobertura.sourceforge.net)
- Plexus :: Default Container (from )
- Plexus Common Utilities (from http://plexus.codehaus.org/plexus-utils)
- StAX (from http://stax.codehaus.org/)
- oro (from )
========================================================================
......@@ -32,9 +31,11 @@ The following software have components provided under the terms of this license:
- ASM Commons (from )
- ASM Core (from )
- ASM Core (from )
- ASM Core (from )
- ASM Tree (from )
- ASM Util (from )
- ASM based accessors helper used by json-smart (from )
- ASM based accessors helper used by json-smart (from )
- Adapter: RxJava (from )
- Apache Ant + JUnit (from http://ant.apache.org/)
- Apache Ant Core (from http://ant.apache.org/)
......@@ -42,6 +43,7 @@ The following software have components provided under the terms of this license:
- Apache Commons BeanUtils (from http://commons.apache.org/proper/commons-beanutils/)
- Apache Commons CLI (from http://commons.apache.org/proper/commons-cli/)
- Apache Commons Codec (from http://commons.apache.org/proper/commons-codec/)
- Apache Commons Collections (from http://commons.apache.org/proper/commons-collections/)
- Apache Commons Lang (from http://commons.apache.org/proper/commons-lang/)
- Apache Commons Logging (from http://commons.apache.org/proper/commons-logging/)
- Apache Commons Validator (from http://commons.apache.org/proper/commons-validator/)
......@@ -70,8 +72,10 @@ The following software have components provided under the terms of this license:
- Asynchronous Http Client (from )
- Asynchronous Http Client Netty Utils (from )
- AutoValue Annotations (from )
- Azure Metrics Spring Boot Starter (from https://github.com/Microsoft/azure-spring-boot)
- Azure Spring Boot Starter for Azure AD Spring Security Integration (from https://github.com/Azure/azure-sdk-for-java)
- Bean Validation API (from http://beanvalidation.org)
- Brave Instrumentation: Http Adapters (from )
- Brave instrumentation for Reactor Netty HTTP (from https://github.com/reactor/reactor-netty)
- Byte Buddy (without dependencies) (from )
- Byte Buddy Java agent (from )
- ClassMate (from http://github.com/cowtowncoder/java-classmate)
......@@ -81,6 +85,7 @@ The following software have components provided under the terms of this license:
- Commons IO (from http://commons.apache.org/io/)
- Commons Lang (from http://commons.apache.org/lang/)
- Converter: Jackson (from )
- Core functionality for the Reactor Netty library (from https://github.com/reactor/reactor-netty)
- Doxia :: APT Module (from )
- Doxia :: Core (from )
- Doxia :: Decoration Model (from http://maven.apache.org/doxia/doxia-sitetools/doxia-decoration-model/)
......@@ -91,6 +96,7 @@ The following software have components provided under the terms of this license:
- Doxia :: XHTML Module (from )
- Elastic JNA Distribution (from https://github.com/java-native-access/jna)
- Elasticsearch: 5.0.0-alpha5 (from https://github.com/elastic/elasticsearch)
- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
- FindBugs-jsr305 (from http://findbugs.sourceforge.net/)
- GSON extensions to the Google HTTP Client Library for Java. (from )
- Google APIs Client Library for Java (from )
......@@ -110,7 +116,9 @@ The following software have components provided under the terms of this license:
- Guava InternalFutureFailureAccess and InternalFutures (from )
- Guava ListenableFuture only (from )
- Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
- Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
- HPPC Collections (from http://labs.carrotsearch.com)
- HTTP functionality for the Reactor Netty library (from https://github.com/reactor/reactor-netty)
- Hibernate Validator Engine (from )
- IBM COS Java SDK for Amazon S3 (from https://github.com/ibm/ibm-cos-sdk-java)
- IBM COS Java SDK for COS KMS (from https://github.com/ibm/ibm-cos-sdk-java)
......@@ -119,11 +127,13 @@ The following software have components provided under the terms of this license:
- Identity and Access Management (IAM) API v1-rev247-1.23.0 (from )
- IntelliJ IDEA Annotations (from http://www.jetbrains.org)
- J2ObjC Annotations (from https://github.com/google/j2objc/)
- J2ObjC Annotations (from https://github.com/google/j2objc/)
- JBoss Logging 3 (from http://www.jboss.org)
- JCIP Annotations under Apache License (from http://stephenc.github.com/jcip-annotations)
- JDO API (from )
- JDOM (from http://www.jdom.org)
- JSON Small and Fast Parser (from http://www.minidev.net/)
- JSON Small and Fast Parser (from http://www.minidev.net/)
- JSON Web Token support for the JVM (from https://github.com/jwtk/jjwt.git)
- JSON library from Android SDK (from http://developer.android.com/sdk)
- JSONassert (from https://github.com/skyscreamer/JSONassert)
......@@ -146,6 +156,7 @@ The following software have components provided under the terms of this license:
- Java Native Access (from https://github.com/java-native-access/jna)
- Java Native Access Platform (from https://github.com/java-native-access/jna)
- Java Servlet API (from https://projects.eclipse.org/projects/ee4j.servlet)
- Java UUID Generator (from http://wiki.fasterxml.com/JugHome)
- Javassist (from http://www.javassist.org/)
- Javassist (from http://www.javassist.org/)
- Jetty :: Asynchronous HTTP Client (from http://www.eclipse.org/jetty)
......@@ -158,6 +169,7 @@ The following software have components provided under the terms of this license:
- Jetty :: Servlet Annotations (from http://www.eclipse.org/jetty)
- Jetty :: Servlet Handling (from http://www.eclipse.org/jetty)
- Jetty :: Utilities (from http://www.eclipse.org/jetty)
- Jetty :: Utilities :: Ajax(JSON) (from http://www.eclipse.org/jetty)
- Jetty :: Utility Servlets and Filters (from http://www.eclipse.org/jetty)
- Jetty :: Webapp Application Support (from http://www.eclipse.org/jetty)
- Jetty :: Websocket :: API (from https://www.eclipse.org/jetty)
......@@ -192,7 +204,6 @@ The following software have components provided under the terms of this license:
- Lucene Queries (from )
- Lucene QueryParsers (from )
- Lucene Sandbox (from )
- Lucene Spatial (from )
- Lucene Spatial 3D (from )
- Lucene Spatial Extras (from )
- Lucene Suggest (from )
......@@ -217,14 +228,15 @@ The following software have components provided under the terms of this license:
- Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Web Module (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Azure Java Core Library (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure Netty HTTP Client Library (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure SDK for SQL API of Azure Cosmos DB Service (from https://github.com/Azure/azure-sdk-for-java)
- Mockito (from http://mockito.org)
- Mojo's Maven plugin for Cobertura (from http://mojo.codehaus.org/cobertura-maven-plugin/)
- MortBay :: Apache EL :: API and Implementation (from )
- Netty Reactive Streams Implementation (from )
- Netty/Buffer (from http://netty.io/)
- Netty/Codec (from )
- Netty/Codec/DNS (from )
- Netty/Codec/HTTP (from )
- Netty/Codec/HTTP2 (from )
- Netty/Codec/Socks (from )
......@@ -232,16 +244,15 @@ The following software have components provided under the terms of this license:
- Netty/Handler (from )
- Netty/Handler/Proxy (from )
- Netty/Resolver (from )
- Netty/Resolver/DNS (from )
- Netty/TomcatNative [BoringSSL - Static] (from )
- Netty/Transport (from http://netty.io/)
- Netty/Transport/Native/Unix/Common (from )
- Nimbus Content Type (from https://bitbucket.org/connect2id/nimbus-content-type)
- Nimbus Content Type (from https://bitbucket.org/connect2id/nimbus-content-type)
- Nimbus JOSE+JWT (from https://bitbucket.org/connect2id/nimbus-jose-jwt)
- Nimbus LangTag (from https://bitbucket.org/connect2id/nimbus-language-tags)
- Non-Blocking Reactive Foundation for the JVM (from https://github.com/reactor/reactor)
- OAuth 2.0 SDK with OpenID Connect extensions (from https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions)
- OAuth 2.0 SDK with OpenID Connect extensions (from https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions)
- Objenesis (from http://objenesis.org)
- OkHttp (from )
- OkHttp Logging Interceptor (from )
......@@ -262,7 +273,6 @@ The following software have components provided under the terms of this license:
- Reactive Streams Netty driver (from https://github.com/reactor/reactor-netty)
- Retrofit (from )
- Servlet Specification 2.5 API (from )
- Simple XML (from http://simple.sourceforge.net)
- SnakeYAML (from http://www.snakeyaml.org)
- Spring AOP (from https://github.com/spring-projects/spring-framework)
- Spring Beans (from https://github.com/spring-projects/spring-framework)
......@@ -275,6 +285,7 @@ The following software have components provided under the terms of this license:
- Spring Boot Json Starter (from https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-starters/spring-boot-starter-json)
- Spring Boot Log4J2 Starter (from http://projects.spring.io/spring-boot/)
- Spring Boot Logging Starter (from http://projects.spring.io/spring-boot/)
- Spring Boot Reactor Netty Starter (from https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-starters/spring-boot-starter-reactor-netty)
- Spring Boot Security Starter (from http://projects.spring.io/spring-boot/)
- Spring Boot Starter (from http://projects.spring.io/spring-boot/)
- Spring Boot Test (from http://projects.spring.io/spring-boot/)
......@@ -282,6 +293,7 @@ The following software have components provided under the terms of this license:
- Spring Boot Test Starter (from http://projects.spring.io/spring-boot/)
- Spring Boot Validation Starter (from http://projects.spring.io/spring-boot/)
- Spring Boot Web Starter (from http://projects.spring.io/spring-boot/)
- Spring Boot WebFlux Starter (from https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-starters/spring-boot-starter-webflux)
- Spring Commons Logging Bridge (from https://github.com/spring-projects/spring-framework)
- Spring Context (from https://github.com/spring-projects/spring-framework)
- Spring Core (from https://github.com/spring-projects/spring-framework)
......@@ -295,13 +307,16 @@ The following software have components provided under the terms of this license:
- Spring Transaction (from https://github.com/spring-projects/spring-framework)
- Spring Web (from https://github.com/spring-projects/spring-framework)
- Spring Web MVC (from https://github.com/spring-projects/spring-framework)
- StAX (from http://stax.codehaus.org/)
- StAX API (from http://stax.codehaus.org/)
- Spring WebFlux (from https://github.com/spring-projects/spring-framework)
- T-Digest (from https://github.com/tdunning/t-digest)
- Woodstox (from https://github.com/FasterXML/woodstox)
- Xerces2-j (from https://xerces.apache.org/xerces2-j/)
- Zipkin Reporter Brave (from https://repo1.maven.org/maven2/io/zipkin/reporter2/zipkin-reporter-brave)
- Zipkin Reporter: Core (from )
- Zipkin v2 (from )
- aalto-xml (from )
- aggs-matrix-stats (from https://github.com/elastic/elasticsearch)
- brave (from )
- cli (from https://github.com/elastic/elasticsearch)
- com.google.api.grpc:grpc-google-cloud-pubsub-v1 (from https://github.com/googleapis/googleapis)
- com.google.api.grpc:proto-google-cloud-logging-v2 (from https://github.com/googleapis/googleapis)
......@@ -312,6 +327,8 @@ The following software have components provided under the terms of this license:
- compiler (from http://github.com/spullara/mustache.java)
- datastore-v1-proto-client (from )
- elasticsearch-core (from https://github.com/elastic/elasticsearch)
- elasticsearch-geo (from https://github.com/elastic/elasticsearch)
- error-prone annotations (from )
- error-prone annotations (from )
- io.grpc:grpc-alts (from https://github.com/grpc/grpc-java)
- io.grpc:grpc-api (from https://github.com/grpc/grpc-java)
......@@ -331,6 +348,7 @@ The following software have components provided under the terms of this license:
- javax.inject (from http://code.google.com/p/atinject/)
- lang-mustache (from https://github.com/elastic/elasticsearch)
- lettuce (from http://github.com/mp911de/lettuce/wiki)
- mapper-extras (from https://github.com/elastic/elasticsearch)
- micrometer-core (from https://github.com/micrometer-metrics/micrometer)
- micrometer-registry-azure-monitor (from https://github.com/micrometer-metrics/micrometer)
- org.apiguardian:apiguardian-api (from https://github.com/apiguardian-team/apiguardian)
......@@ -386,9 +404,9 @@ The following software have components provided under the terms of this license:
- Hamcrest Core (from http://hamcrest.org/)
- HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
- Lucene Common Analyzers (from )
- Lucene Core (from )
- Plexus :: Default Container (from )
- Plexus Common Utilities (from http://plexus.codehaus.org/plexus-utils)
- StAX (from http://stax.codehaus.org/)
- Stax2 API (from http://github.com/FasterXML/stax2-api)
- jaxen (from http://jaxen.codehaus.org/)
......@@ -404,6 +422,7 @@ The following software have components provided under the terms of this license:
- ASM Commons (from )
- ASM Core (from )
- ASM Core (from )
- ASM Core (from )
- ASM Tree (from )
- ASM Tree (from )
- ASM Util (from )
......@@ -427,7 +446,6 @@ The following software have components provided under the terms of this license:
- Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Web Module (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
- NanoHttpd-Core (from )
- Netty/Codec/HTTP (from )
- Plexus Common Utilities (from http://plexus.codehaus.org/plexus-utils)
- Protocol Buffer Java API (from https://developers.google.com/protocol-buffers/)
......@@ -472,7 +490,6 @@ CDDL-1.0
The following software have components provided under the terms of this license:
- Java EE Transaction API (from http://jcp.org/en/jsr/detail?id=907)
- JavaMail API (from )
- Servlet Specification 2.5 API (from )
- javax.annotation-api (from http://jcp.org/en/jsr/detail?id=250)
......@@ -482,7 +499,6 @@ CDDL-1.1
The following software have components provided under the terms of this license:
- JavaBeans Activation Framework (from )
- JavaBeans(TM) Activation Framework (from http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp)
========================================================================
CPL-1.0
......@@ -496,6 +512,7 @@ EPL-1.0
========================================================================
The following software have components provided under the terms of this license:
- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
- JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
- Jakarta WebSocket - Server API (from https://projects.eclipse.org/projects/ee4j.websocket)
- Java Servlet API (from https://projects.eclipse.org/projects/ee4j.servlet)
......@@ -509,6 +526,7 @@ The following software have components provided under the terms of this license:
- Jetty :: Servlet Annotations (from http://www.eclipse.org/jetty)
- Jetty :: Servlet Handling (from http://www.eclipse.org/jetty)
- Jetty :: Utilities (from http://www.eclipse.org/jetty)
- Jetty :: Utilities :: Ajax(JSON) (from http://www.eclipse.org/jetty)
- Jetty :: Utility Servlets and Filters (from http://www.eclipse.org/jetty)
- Jetty :: Webapp Application Support (from http://www.eclipse.org/jetty)
- Jetty :: Websocket :: API (from https://www.eclipse.org/jetty)
......@@ -535,13 +553,13 @@ The following software have components provided under the terms of this license:
- org.junit.jupiter:junit-jupiter-params (from http://junit.org/junit5/)
- org.junit.platform:junit-platform-commons (from http://junit.org/junit5/)
- org.junit.platform:junit-platform-engine (from http://junit.org/junit5/)
- org.junit.vintage:junit-vintage-engine (from http://junit.org/junit5/)
========================================================================
EPL-2.0
========================================================================
The following software have components provided under the terms of this license:
- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
- JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
- Jakarta WebSocket - Server API (from https://projects.eclipse.org/projects/ee4j.websocket)
- Java Servlet API (from https://projects.eclipse.org/projects/ee4j.servlet)
......@@ -551,7 +569,6 @@ The following software have components provided under the terms of this license:
- org.junit.jupiter:junit-jupiter-params (from http://junit.org/junit5/)
- org.junit.platform:junit-platform-commons (from http://junit.org/junit5/)
- org.junit.platform:junit-platform-engine (from http://junit.org/junit5/)
- org.junit.vintage:junit-vintage-engine (from http://junit.org/junit5/)
========================================================================
GPL-2.0-only
......@@ -562,7 +579,6 @@ The following software have components provided under the terms of this license:
- Cobertura code coverage (from http://cobertura.sourceforge.net)
- Commons Lang (from http://commons.apache.org/lang/)
- JavaBeans Activation Framework (from )
- JavaMail API (from )
- Mojo's Maven plugin for Cobertura (from http://mojo.codehaus.org/cobertura-maven-plugin/)
- javax.annotation-api (from http://jcp.org/en/jsr/detail?id=250)
......@@ -580,10 +596,10 @@ The following software have components provided under the terms of this license:
- Checker Qual (from https://checkerframework.org)
- Cobertura code coverage (from http://cobertura.sourceforge.net)
- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
- Jakarta WebSocket - Server API (from https://projects.eclipse.org/projects/ee4j.websocket)
- Java Servlet API (from https://projects.eclipse.org/projects/ee4j.servlet)
- JavaBeans Activation Framework (from )
- JavaMail API (from )
- jakarta.annotation-api (from https://projects.eclipse.org/projects/ee4j.ca)
- javax.annotation-api (from http://jcp.org/en/jsr/detail?id=250)
......@@ -592,10 +608,18 @@ GPL-3.0-only
========================================================================
The following software have components provided under the terms of this license:
- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
- Java Servlet API (from https://projects.eclipse.org/projects/ee4j.servlet)
- Project Lombok (from https://projectlombok.org)
- jakarta.annotation-api (from https://projects.eclipse.org/projects/ee4j.ca)
========================================================================
JSON
========================================================================
The following software have components provided under the terms of this license:
- JSON in Java (from https://github.com/douglascrockford/JSON-java)
========================================================================
LGPL-2.1-only
========================================================================
......@@ -624,7 +648,6 @@ LGPL-2.1-or-later
========================================================================
The following software have components provided under the terms of this license:
- Java Native Access Platform (from https://github.com/java-native-access/jna)
- Javassist (from http://www.javassist.org/)
- SnakeYAML (from http://www.snakeyaml.org)
......@@ -642,12 +665,11 @@ MIT
The following software have components provided under the terms of this license:
- Animal Sniffer Annotations (from )
- Azure AD Spring Security Integration Spring Boot Starter (from https://github.com/Microsoft/azure-spring-boot)
- Azure Java Client Authentication Library for AutoRest (from https://github.com/Azure/autorest-clientruntime-for-java)
- Azure Java Client Runtime for ARM (from https://github.com/Azure/autorest-clientruntime-for-java)
- Azure Java Client Runtime for AutoRest (from https://github.com/Azure/autorest-clientruntime-for-java)
- Azure Metrics Spring Boot Starter (from https://github.com/Microsoft/azure-spring-boot)
- Azure Spring Boot AutoConfigure (from https://github.com/Microsoft/azure-spring-boot)
- Azure Spring Boot Starter (from https://github.com/Microsoft/azure-spring-boot)
- Azure Spring Boot AutoConfigure (from https://github.com/Azure/azure-sdk-for-java)
- Checker Qual (from https://checkerframework.org)
- Checker Qual (from https://checkerframework.org)
- Extensions on Apache Proton-J library (from https://github.com/Azure/qpid-proton-j-extensions)
- JOpt Simple (from http://pholser.github.io/jopt-simple)
......@@ -656,7 +678,6 @@ The following software have components provided under the terms of this license:
- Java JWT (from http://www.jwt.io)
- Jetty :: Utilities (from http://www.eclipse.org/jetty)
- Lucene Core (from )
- Lucene Sandbox (from )
- Microsoft Application Insights Java SDK Core (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Web Module (from https://github.com/Microsoft/ApplicationInsights-Java)
......@@ -664,10 +685,13 @@ The following software have components provided under the terms of this license:
- Microsoft Azure Java Core Library (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure Netty HTTP Client Library (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure SDK annotations (from https://github.com/Microsoft/java-api-annotations)
- Microsoft Azure SDK for EventGrid Management (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure SDK for SQL API of Azure Cosmos DB Service (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure SDK for Service Bus (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure SDK for eventgrid (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure client library for Blob Storage (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure client library for Identity (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure client library for KeyVault Keys (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure client library for KeyVault Secrets (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure common module for Storage (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure internal Avro module for Storage (from https://github.com/Azure/azure-sdk-for-java)
......@@ -679,10 +703,12 @@ The following software have components provided under the terms of this license:
- Plexus Default Interactivity Handler (from )
- Project Lombok (from https://projectlombok.org)
- SLF4J API Module (from http://www.slf4j.org)
- SLF4J API Module (from http://www.slf4j.org)
- Spongy Castle (from http://rtyley.github.io/spongycastle/)
- Spring Data for Azure Cosmos DB SQL API (from https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/cosmos/azure-spring-data-cosmos)
- adal4j (from https://github.com/AzureAD/azure-activedirectory-library-for-java)
- jwks-rsa (from http://www.auth0.com)
- azure-documentdb (from https://azure.microsoft.com/en-us/services/cosmos-db/)
- documentdb-bulkexecutor (from http://azure.microsoft.com/en-us/services/documentdb/)
- micrometer-core (from https://github.com/micrometer-metrics/micrometer)
- mockito-junit-jupiter (from https://github.com/mockito/mockito)
- msal4j (from https://github.com/AzureAD/microsoft-authentication-library-for-java)
......@@ -738,6 +764,7 @@ SPL-1.0
========================================================================
The following software have components provided under the terms of this license:
- Checker Qual (from https://checkerframework.org)
- Checker Qual (from https://checkerframework.org)
========================================================================
......@@ -763,16 +790,18 @@ The following software have components provided under the terms of this license:
- Asynchronous Http Client (from )
- Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
- Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
- HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
- HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
- Joda-Time (from http://www.joda.org/joda-time/)
- LatencyUtils (from http://latencyutils.github.io/LatencyUtils/)
- Microsoft Application Insights Java SDK Core (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Azure SDK for EventGrid Management (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure SDK for SQL API of Azure Cosmos DB Service (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure client library for Blob Storage (from https://github.com/Azure/azure-sdk-for-java)
- Project Lombok (from https://projectlombok.org)
- Spring Web (from https://github.com/spring-projects/spring-framework)
- StAX API (from http://stax.codehaus.org/)
- azure-documentdb (from https://azure.microsoft.com/en-us/services/cosmos-db/)
- msal4j (from https://github.com/AzureAD/microsoft-authentication-library-for-java)
- reactive-streams (from http://www.reactive-streams.org/)
- xml-apis (from )
......@@ -783,10 +812,10 @@ unknown
The following software have components provided under the terms of this license:
- Byte Buddy (without dependencies) (from )
- Checker Qual (from https://checkerframework.org)
- JUnit (from http://junit.org)
- JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
- JavaBeans Activation Framework API jar (from )
- JavaMail API (from )
- Servlet Specification 2.5 API (from )
- Spongy Castle (from http://rtyley.github.io/spongycastle/)
- jakarta.xml.bind-api (from )
......@@ -795,7 +824,6 @@ The following software have components provided under the terms of this license:
- org.junit.jupiter:junit-jupiter-params (from http://junit.org/junit5/)
- org.junit.platform:junit-platform-commons (from http://junit.org/junit5/)
- org.junit.platform:junit-platform-engine (from http://junit.org/junit5/)
- org.junit.vintage:junit-vintage-engine (from http://junit.org/junit5/)
- xml-apis (from )
......@@ -10,9 +10,7 @@
<relativePath>../pom.xml</relativePath>
</parent>
<groupId>org.opengroup.osdu.crs-catalog-service</groupId>
<artifactId>crs-catalog-core</artifactId>
<version>0.9.0-SNAPSHOT</version>
<packaging>jar</packaging>
<name>crs-catalog-core</name>
<description>CRS catalog service core</description>
......@@ -44,11 +42,6 @@
<artifactId>javax.inject</artifactId>
<version>1</version>
</dependency>
<dependency>
<groupId>com.auth0</groupId>
<artifactId>jwks-rsa</artifactId>
<version>0.11.0</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
......@@ -80,6 +73,15 @@
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>${springfox-swagger2.version}</version>
<exclusions>
<exclusion>
<!--
Excluding com.google.guava:guava:jar:18.0, because it has security vulnerability
-->
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
......@@ -195,28 +197,6 @@
<version>2.21.0</version>
<configuration>
<redirectTestOutputToFile>true</redirectTestOutputToFile>
<!--
<testFailureIgnore>true</testFailureIgnore>
-->
</configuration>
</plugin>
<plugin>
<groupId>org.whitesource</groupId>
<artifactId>whitesource-maven-plugin</artifactId>
<version>18.11.1</version>
<configuration>
<orgToken>${orgToken}</orgToken>
<wssUrl>https://app-eu.whitesourcesoftware.com/agent</wssUrl>
<aggregateModules>true</aggregateModules>
<product>DE</product>
<aggregateProjectName>de-crs-catalog-service</aggregateProjectName>
<forceCheckAllDependencies>true</forceCheckAllDependencies>
<checkPolicies>false</checkPolicies>
<forceUpdate>true</forceUpdate>
<failOnError>false</failOnError>
<excludes>
<exclude>integration-tests</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
......
......@@ -2,12 +2,6 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.11.RELEASE</version>
</parent>
<properties>
<java.version>1.8</java.version>
<maven.compiler.target>1.8</maven.compiler.target>
......@@ -17,7 +11,6 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<os-core-common.version>0.9.0-rc17</os-core-common.version>
<snakeyaml.version>1.26</snakeyaml.version>
<jackson.version>2.11.2</jackson.version>
<nimbus-jose-jwt.version>7.9</nimbus-jose-jwt.version>
</properties>
......@@ -94,21 +87,31 @@
<version>${os-core-common.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>${nimbus-jose-jwt.version}</version>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId>
<version>${os-core-common.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</pluginManagement>
</build>
</project>
......@@ -25,9 +25,7 @@
<relativePath>../../pom.xml</relativePath>
</parent>
<groupId>org.opengroup.osdu.crs-catalog-service</groupId>
<artifactId>crs-catalog-aws</artifactId>
<version>0.9.0-SNAPSHOT</version>
<packaging>jar</packaging>
<name>crs-catalog-aws</name>
<description>CRS Catalog service on AWS</description>
......@@ -35,9 +33,7 @@
<properties>
<app.version>1</app.version>
<app.id>crs-catalog-aws</app.id>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<objectify.version>5.1.22</objectify.version>
<slf4j.version>1.7.25</slf4j.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
......@@ -55,7 +51,7 @@
<dependency>
<groupId>org.opengroup.osdu.crs-catalog-service</groupId>
<artifactId>crs-catalog-core</artifactId>
<version>0.9.0-SNAPSHOT</version>
<version>${project.version}</version>
</dependency>
<dependency>
......
......@@ -3,7 +3,6 @@
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.opengroup.osdu.crs-catalog-service</groupId>
<artifactId>crs-catalog-service</artifactId>
......@@ -11,9 +10,7 @@
<relativePath>../../../pom.xml</relativePath>
</parent>
<groupId>org.opengroup.osdu.crs-catalog-service</groupId>
<artifactId>crs-catalog-aks</artifactId>
<version>0.9.0-SNAPSHOT</version>
<packaging>jar</packaging>
<name>crs-catalog-aks</name>
<description>CRS Catalog service Google Kubernetes Engine deployment</description>
......@@ -21,43 +18,68 @@
<properties>
<app.version>1</app.version>
<app.id>crs-catalog-aks</app.id>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<objectify.version>5.1.22</objectify.version>
<azure.version>2.1.7</azure.version>
<slf4j.version>1.7.25</slf4j.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.showDeprecation>true</maven.compiler.showDeprecation>
<maven.compiler.showDeprecation>true</maven.compiler.showDeprecation>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<osdu.corelibazure.version>0.0.42</osdu.corelibazure.version>
<osdu.corelibazure.version>0.9.0-rc8</osdu.corelibazure.version>
<json-smart.version>2.4.6</json-smart.version>
</properties>
<prerequisites>
<maven>3.1.0</maven>
</prerequisites>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>core-lib-azure</artifactId>
<version>${osdu.corelibazure.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.opengroup.osdu.crs-catalog-service</groupId>
<artifactId>crs-catalog-core</artifactId>
<version>0.9.0-SNAPSHOT</version>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>core-lib-azure</artifactId>
<version>${osdu.corelibazure.version}</version>
</dependency>
<dependency>
<groupId>net.minidev</groupId>
<artifactId>json-smart</artifactId>
<version>${json-smart.version}</version>
</dependency>
<dependency>
<groupId>com.azure.spring</groupId>
<artifactId>azure-spring-boot-starter-active-directory</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Compile/runtime dependencies -->
<dependency>
<groupId>javax.jdo</groupId>
<artifactId>jdo-api</artifactId>