<parent>
<groupId>org.onap.vnfsdk.refrepo</groupId>
<artifactId>vnf-sdk-marketplace-core-parent</artifactId>
- <version>1.3.0</version>
+ <version>1.5.1-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<maven.test.skip>false</maven.test.skip>
<maven.test.failure.ignore>false</maven.test.failure.ignore>
<swagger-ui.version>3.12.0</swagger-ui.version>
+ <jmockit.version>1.43</jmockit.version>
</properties>
<dependency>
<groupId>org.onap.cli</groupId>
<artifactId>oclip-grpc-client</artifactId>
- <version>3.0.0</version>
+ <version>5.0.3</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxrs</artifactId>
<version>${cxf.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.woodstox</groupId>
+ <artifactId>woodstox-core</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <!-- added invulnerable version of woodstox-core -->
+ <dependency>
+ <groupId>com.fasterxml.woodstox</groupId>
+ <artifactId>woodstox-core</artifactId>
+ <version>5.3.0</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<version>${cxf.version}</version>
</dependency>
<dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- <version>1.2.16</version>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-slf4j-impl</artifactId>
+ <version>2.13.0</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-ext</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<version>2.1.0</version>
</dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ <version>2.10.0</version>
+ </dependency>
+ <!--excluded com.fasterxml.jackson.core:jackson-databind:jar:2.9.5
+ CVE-2018-11307-->
<dependency>
<groupId>io.swagger</groupId>
<artifactId>swagger-jersey2-jaxrs</artifactId>
<version>1.5.19</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.dataformat</groupId>
+ <artifactId>jackson-dataformat-yaml</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.dataformat</groupId>
+ <artifactId>jackson-dataformat-yaml</artifactId>
+ <version>2.9.5</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.yaml</groupId>
+ <artifactId>snakeyaml</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.yaml</groupId>
+ <artifactId>snakeyaml</artifactId>
+ <version>1.26</version>
</dependency>
<!-- jersey -->
-
+<!-- excluded jetty-util and added invulnerable version -->
<dependency>
<groupId>org.glassfish.jersey.containers</groupId>
<artifactId>jersey-container-jetty-servlet</artifactId>
<version>2.24.1</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-util</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
+<!-- commons-codec excluded due to Security Issues:- Sonatype-2012-0050
+ and added invulnerable commons-codec-1.13 -->
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpmime</artifactId>
<version>4.5.3</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ <version>1.14</version>
</dependency>
<!-- jetty -->
+<!-- Updated jetty-util,jetty-http,jetty-servlet and jetty-server
+due to Security Issues:- CVE-2019-10241,CVE-2019-10247,CVE-2019-10246
+-->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-http</artifactId>
- <version>9.4.11.v20180605</version>
+ <version>9.4.20.v20190813</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-servlet</artifactId>
- <version>9.4.11.v20180605</version>
+ <version>9.4.20.v20190813</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
- <version>9.4.11.v20180605</version>
+ <version>9.4.20.v20190813</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-util</artifactId>
+ <version>9.4.20.v20190813</version>
</dependency>
<!-- consumer -->
<dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
- <version>42.2.5</version>
+ <version>42.2.13</version>
</dependency>
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis</artifactId>
<version>3.2.7</version>
</dependency>
+ <dependency>
+ <groupId>javax.activation</groupId>
+ <artifactId>javax.activation-api</artifactId>
+ <version>${javax.activation-api.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>javax.xml.bind</groupId>
+ <artifactId>jaxb-api</artifactId>
+ <version>${jaxb-api.version}</version>
+ </dependency>
<!-- UT -->
<dependency>
<groupId>junit</groupId>
<dependency>
<groupId>org.jmockit</groupId>
<artifactId>jmockit</artifactId>
- <version>1.19</version>
+ <version>${jmockit.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<skip.unit.tests>false</skip.unit.tests>
</properties>
</profile>
+ <profile>
+ <id>docker</id>
+ <properties>
+ <maven.test.skip>true</maven.test.skip>
+ </properties>
+ </profile>
</profiles>
<build>
<finalName>ROOT</finalName>
<version>2.20</version>
<configuration>
<forkMode>always</forkMode>
- <argLine>${surefireArgLine}</argLine>
+ <argLine>
+ -javaagent:${settings.localRepository}/org/jmockit/jmockit/${jmockit.version}/jmockit-${jmockit.version}.jar
+ <!--${surefireArgLine}-->
+ </argLine>
<skip>${maven.test.skip}</skip>
<testFailureIgnore>${maven.test.failure.ignore}</testFailureIgnore>
<!-- Excludes integration tests when unit tests are run. -->