Change dependency version for httpclient

[cli.git] / profiles / http / pom.xml

diff --git a/profiles/http/pom.xml b/profiles/http/pom.xml
index edd0064..9268895 100644 (file)
--- a/profiles/http/pom.xml
+++ b/profiles/http/pom.xml
@@ -22,7 +22,7 @@
   <parent>
     <groupId>org.onap.cli</groupId>
     <artifactId>cli-profiles</artifactId>
-    <version>2.0.6</version>
+    <version>4.0.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>cli-profiles-http</artifactId>
@@ -37,11 +37,27 @@
             <artifactId>cli-sample-mock-generator</artifactId>
             <version>${project.version}</version>
         </dependency>
+<!--Change version from 4.3.5 to 4.5.7 due to sonatype-2017-
+0359 and CVE-2015-526.
+Excluded commons-codec vulnerable version and added invulnerable version
+
+ -->
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
-            <version>4.3.5</version>
+            <version>4.5.7</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-codec</groupId>
+                    <artifactId>commons-codec</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
+      <dependency>
+          <groupId>commons-codec</groupId>
+          <artifactId>commons-codec</artifactId>
+          <version>1.13</version>
+      </dependency>
         <dependency>
           <groupId>org.apache.httpcomponents</groupId>
           <artifactId>httpmime</artifactId>
@@ -58,18 +74,6 @@
             <artifactId>jackson-databind</artifactId>
             <version>2.9.4</version>
         </dependency>
-        <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <version>4.11</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.jmockit</groupId>
-            <artifactId>jmockit</artifactId>
-            <version>1.19</version>
-            <scope>test</scope>
-        </dependency>
         <dependency>
             <groupId>org.onap.cli</groupId>
             <artifactId>cli-main</artifactId>
@@ -77,12 +81,6 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>org.jmockit</groupId>
-            <artifactId>jmockit-coverage</artifactId>
-            <version>1.19</version>
-            <scope>test</scope>
-        </dependency>
-      <dependency>
           <groupId>com.github.dreamhead</groupId>
           <artifactId>moco-runner</artifactId>
           <version>0.12.0</version>
@@ -96,14 +94,36 @@
                   <artifactId>logback-classic</artifactId>
               </exclusion>
           </exclusions>
-      </dependency>
-  </dependencies>
+          </dependency>
+          <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.11</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.jmockit</groupId>
+            <artifactId>jmockit</artifactId>
+            <version>1.19</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.jmockit</groupId>
+            <artifactId>jmockit-coverage</artifactId>
+            <version>1.19</version>
+            <scope>test</scope>
+        </dependency>
+   </dependencies>
    <build>
         <plugins>
             <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-dependency-plugin</artifactId>
             </plugin>
+            <plugin>
+              <groupId>org.apache.maven.plugins</groupId>
+              <artifactId>maven-resources-plugin</artifactId>
+            </plugin>
         </plugins>
     </build>
 </project>