Code Review / vnfsdk / refrepo.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Merge "Migrate from java 8 to java 11"
[vnfsdk/refrepo.git] / vnfmarket-be / vnf-sdk-marketplace / pom.xml
diff --git a/vnfmarket-be/vnf-sdk-marketplace/pom.xml b/vnfmarket-be/vnf-sdk-marketplace/pom.xml
index a340ffa..85376cf 100644 (file)
--- a/vnfmarket-be/vnf-sdk-marketplace/pom.xml
+++ b/vnfmarket-be/vnf-sdk-marketplace/pom.xml
@@ -11,7 +11,7 @@
     <parent>
         <groupId>org.onap.vnfsdk.refrepo</groupId>
         <artifactId>vnf-sdk-marketplace-core-parent</artifactId>
-        <version>1.3.0</version>
+        <version>1.5.1-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
@@ -26,6 +26,7 @@
         <maven.test.skip>false</maven.test.skip>
         <maven.test.failure.ignore>false</maven.test.failure.ignore>
         <swagger-ui.version>3.12.0</swagger-ui.version>
+        <jmockit.version>1.43</jmockit.version>
     </properties>
 
 
@@ -35,12 +36,24 @@
           <dependency>
             <groupId>org.onap.cli</groupId>
             <artifactId>oclip-grpc-client</artifactId>
-            <version>3.0.0</version>
+            <version>5.0.3</version>
           </dependency>
         <dependency>
             <groupId>org.apache.cxf</groupId>
             <artifactId>cxf-rt-frontend-jaxrs</artifactId>
             <version>${cxf.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.fasterxml.woodstox</groupId>
+                    <artifactId>woodstox-core</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <!-- added invulnerable version of woodstox-core -->
+        <dependency>
+            <groupId>com.fasterxml.woodstox</groupId>
+            <artifactId>woodstox-core</artifactId>
+            <version>5.3.0</version>
         </dependency>
         <dependency>
             <groupId>org.apache.cxf</groupId>
@@ -53,9 +66,15 @@
             <version>${cxf.version}</version>
         </dependency>
         <dependency>
-            <groupId>log4j</groupId>
-            <artifactId>log4j</artifactId>
-            <version>1.2.16</version>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-slf4j-impl</artifactId>
+            <version>2.13.0</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-ext</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>
@@ -64,38 +83,98 @@
             <version>2.1.0</version>
         </dependency>
 
+        <dependency>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>jackson-databind</artifactId>
+            <version>2.10.0</version>
+        </dependency>
+        <!--excluded com.fasterxml.jackson.core:jackson-databind:jar:2.9.5
+            CVE-2018-11307-->
         <dependency>
             <groupId>io.swagger</groupId>
             <artifactId>swagger-jersey2-jaxrs</artifactId>
             <version>1.5.19</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-databind</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.dataformat</groupId>
+                    <artifactId>jackson-dataformat-yaml</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.dataformat</groupId>
+            <artifactId>jackson-dataformat-yaml</artifactId>
+            <version>2.9.5</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.yaml</groupId>
+                    <artifactId>snakeyaml</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.yaml</groupId>
+            <artifactId>snakeyaml</artifactId>
+            <version>1.26</version>
         </dependency>
         <!-- jersey -->
-
+<!-- excluded jetty-util and added invulnerable version -->
         <dependency>
             <groupId>org.glassfish.jersey.containers</groupId>
             <artifactId>jersey-container-jetty-servlet</artifactId>
             <version>2.24.1</version>
+               <exclusions>
+                <exclusion>
+                   <groupId>org.eclipse.jetty</groupId>
+                   <artifactId>jetty-util</artifactId>
+               </exclusion>
+            </exclusions>
         </dependency>
+<!-- commons-codec excluded due to Security Issues:- Sonatype-2012-0050
+       and added invulnerable commons-codec-1.13  -->
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpmime</artifactId>
             <version>4.5.3</version>
+           <exclusions>
+                <exclusion>
+                    <groupId>commons-codec</groupId>
+                    <artifactId>commons-codec</artifactId>
+                </exclusion>
+           </exclusions>
+        </dependency>
+        <dependency>
+           <groupId>commons-codec</groupId>
+           <artifactId>commons-codec</artifactId>
+           <version>1.14</version>
         </dependency>
         <!-- jetty -->
+<!-- Updated jetty-util,jetty-http,jetty-servlet and jetty-server
+due to Security Issues:- CVE-2019-10241,CVE-2019-10247,CVE-2019-10246
+-->
         <dependency>
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-http</artifactId>
-            <version>9.4.11.v20180605</version>
+            <version>9.4.20.v20190813</version>
         </dependency>
         <dependency>
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-servlet</artifactId>
-            <version>9.4.11.v20180605</version>
+            <version>9.4.20.v20190813</version>
         </dependency>
         <dependency>
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-server</artifactId>
-            <version>9.4.11.v20180605</version>
+            <version>9.4.20.v20190813</version>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-util</artifactId>
+            <version>9.4.20.v20190813</version>
         </dependency>
         <!-- consumer -->
         <dependency>
@@ -118,13 +197,23 @@
         <dependency>
             <groupId>org.postgresql</groupId>
             <artifactId>postgresql</artifactId>
-            <version>42.2.5</version>
+            <version>42.2.13</version>
         </dependency>
         <dependency>
             <groupId>org.mybatis</groupId>
             <artifactId>mybatis</artifactId>
             <version>3.2.7</version>
         </dependency>
+        <dependency>
+            <groupId>javax.activation</groupId>
+            <artifactId>javax.activation-api</artifactId>
+            <version>${javax.activation-api.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>javax.xml.bind</groupId>
+            <artifactId>jaxb-api</artifactId>
+            <version>${jaxb-api.version}</version>
+        </dependency>
         <!-- UT -->
         <dependency>
             <groupId>junit</groupId>
@@ -147,7 +236,7 @@
         <dependency>
             <groupId>org.jmockit</groupId>
             <artifactId>jmockit</artifactId>
-            <version>1.19</version>
+            <version>${jmockit.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -189,6 +278,12 @@
                 <skip.unit.tests>false</skip.unit.tests>
             </properties>
         </profile>
+        <profile>
+            <id>docker</id>
+            <properties>
+                <maven.test.skip>true</maven.test.skip>
+            </properties>
+        </profile>
     </profiles>
     <build>
         <finalName>ROOT</finalName>
@@ -200,7 +295,10 @@
                 <version>2.20</version>
                 <configuration>
                     <forkMode>always</forkMode>
-                    <argLine>${surefireArgLine}</argLine>
+                    <argLine>
+                        -javaagent:${settings.localRepository}/org/jmockit/jmockit/${jmockit.version}/jmockit-${jmockit.version}.jar
+                        <!--${surefireArgLine}-->
+                    </argLine>
                     <skip>${maven.test.skip}</skip>
                     <testFailureIgnore>${maven.test.failure.ignore}</testFailureIgnore>
                     <!-- Excludes integration tests when unit tests are run. -->
This repository is for a reference vnf repository