Vulnerability removal for ves collector

- remove junit from runtime dependencies
- update junit to 5.7.1
- update springfox libraries to 3.0.0

Issue-ID: DCAEGEN2-2593
Signed-off-by: tkogut <tomasz.kogut@nokia.com>
Change-Id: I9ed39668474349013f8d8768abd4784afe24da52

diff --git a/Changelog.md b/Changelog.md
index 5b08467..747a0c5 100644 (file)
--- a/Changelog.md
+++ b/Changelog.md
@@ -38,5 +38,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
          - [DCAEGEN2-2462](https://jira.onap.org/browse/DCAEGEN2-2462) - Adapt schema-map.json and test files to updated 3GPP repos 
 ## [1.7.8] - 13/10/2020
           - [DCAEGEN2-2478](https://jira.onap.org/browse/DCAEGEN2-2478) - Add logs from external-repo-manager lib
- # [1.7.9] - 01/11/2020
+## [1.7.9] - 01/11/2020
          -  [DCAEGEN2-2495](https://jira.onap.org/browse/DCAEGEN2-2495) - Ves Collector is down because of java heap space
+## [1.7.10] - 10/02/2021
+         -  [DCAEGEN2-2593](https://jira.onap.org/browse/DCAEGEN2-2593) - Vulnerability removal for ves collector

diff --git a/pom.xml b/pom.xml
index 762980f..9e6a1c0 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -24,7 +24,7 @@
   </parent>\r
   <groupId>org.onap.dcaegen2.collectors.ves</groupId>\r
   <artifactId>VESCollector</artifactId>\r
-  <version>1.7.9-SNAPSHOT</version>\r
+  <version>1.7.10-SNAPSHOT</version>\r
   <name>dcaegen2-collectors-ves</name>\r
   <description>VESCollector</description>\r
   <properties>\r
@@ -68,8 +68,8 @@
     <commons-configuration.version>1.10</commons-configuration.version>\r
     <vavr.version>0.9.2</vavr.version>\r
     <spring-boot-starter-log4j2.version>2.1.5.RELEASE</spring-boot-starter-log4j2.version>\r
-    <springfox-swagger2.version>2.8.0</springfox-swagger2.version>\r
-    <junit-jupiter-api.version>5.3.1</junit-jupiter-api.version>\r
+    <springfox-swagger2.version>3.0.0</springfox-swagger2.version>\r
+    <junit-jupiter-api.version>5.7.1</junit-jupiter-api.version>\r
     <mockito-junit-jupiter.version>2.23.0</mockito-junit-jupiter.version>\r
     <assertj-core.version>3.8.0</assertj-core.version>\r
     <jimfs.version>1.1</jimfs.version>\r
@@ -80,6 +80,7 @@
     <functionaljava.version>4.8.1</functionaljava.version>\r
     <external-schema-manager.version>1.4.3</external-schema-manager.version>\r
     <sdk.version>1.4.2</sdk.version>\r
+    <guava.version>30.1-jre</guava.version>\r
   </properties>\r
   <build>\r
     <pluginManagement>\r
@@ -306,6 +307,12 @@
       <groupId>com.googlecode.json-simple</groupId>\r
       <artifactId>json-simple</artifactId>\r
       <version>${json-simple.version}</version>\r
+      <exclusions>\r
+        <exclusion>\r
+          <groupId>junit</groupId>\r
+          <artifactId>junit</artifactId>\r
+        </exclusion>\r
+      </exclusions>\r
     </dependency>\r
     <dependency>\r
       <groupId>com.networknt</groupId>\r
@@ -328,6 +335,11 @@
       <artifactId>json</artifactId>\r
       <version>${json.version}</version>\r
     </dependency>\r
+    <dependency>\r
+      <groupId>com.google.guava</groupId>\r
+      <artifactId>guava</artifactId>\r
+      <version>${guava.version}</version>\r
+    </dependency>\r
     <!-- REST API RELATED -->\r
     <dependency>\r
       <groupId>com.att.nsa</groupId>\r

diff --git a/version.properties b/version.properties
index 6501a4a..96125af 100644 (file)
--- a/version.properties
+++ b/version.properties
@@ -1,6 +1,6 @@
 major=1
 minor=7
-patch=9
+patch=10
 base_version=${major}.${minor}.${patch}
 release_version=${base_version}
 snapshot_version=${base_version}-SNAPSHOT