Code Review / so.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: ee59fec)
Update vulnerable dependencies 70/141470/2
authorFiete Ostkamp <Fiete.Ostkamp@telekom.de>
Sun, 6 Jul 2025 19:32:56 +0000 (21:32 +0200)
committerFiete Ostkamp <Fiete.Ostkamp@telekom.de>
Mon, 7 Jul 2025 18:59:25 +0000 (20:59 +0200)
- make sure h2 is test scoped everywhere
- update org.json (2016 + 2022 -> 20250517)
- commons-fileupload (1.4 -> 1.5)
- update kafka-clients (3.3.1 -> 3.3.2)
- consistently use the same logback version everywhere

Issue-ID: SO-4199
Change-Id: I255806239a377822945fcf67bb3d01c04de97ae6
Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
asdc-controller/pom.xml patch | blob | history
bpmn/MSOCoreBPMN/pom.xml patch | blob | history
bpmn/mso-infrastructure-bpmn/pom.xml patch | blob | history
common/pom.xml patch | blob | history
mso-api-handlers/mso-api-handler-infra/pom.xml patch | blob | history
pom.xml patch | blob | history

diff --git a/asdc-controller/pom.xml b/asdc-controller/pom.xml
index 905b029..262f578 100644 (file)
--- a/asdc-controller/pom.xml
+++ b/asdc-controller/pom.xml
@@ -16,7 +16,7 @@
     <sdc.tosca.version>1.6.5</sdc.tosca.version>
     <jtosca.version>1.5.1</jtosca.version>
     <sdc-dist-client.version>2.0.0</sdc-dist-client.version>
-    <kafka-clients.version>3.3.1</kafka-clients.version>
+    <kafka-clients.version>3.3.2</kafka-clients.version>
   </properties>
   <build>
     <finalName>${project.artifactId}-${project.version}</finalName>
diff --git a/bpmn/MSOCoreBPMN/pom.xml b/bpmn/MSOCoreBPMN/pom.xml
index fd26204..0963c3d 100644 (file)
--- a/bpmn/MSOCoreBPMN/pom.xml
+++ b/bpmn/MSOCoreBPMN/pom.xml
@@ -49,7 +49,7 @@
     <dependency>
       <groupId>commons-fileupload</groupId>
       <artifactId>commons-fileupload</artifactId>
-      <version>1.4</version>
+      <version>1.5</version>
     </dependency>
     <dependency>
       <groupId>org.camunda.bpm</groupId>
@@ -76,7 +76,6 @@
     <dependency>
       <groupId>org.json</groupId>
       <artifactId>json</artifactId>
-      <version>20160212</version>
     </dependency>
     <dependency>
       <groupId>org.xmlunit</groupId>
diff --git a/bpmn/mso-infrastructure-bpmn/pom.xml b/bpmn/mso-infrastructure-bpmn/pom.xml
index df93170..7086b68 100644 (file)
--- a/bpmn/mso-infrastructure-bpmn/pom.xml
+++ b/bpmn/mso-infrastructure-bpmn/pom.xml
@@ -262,6 +262,7 @@
     <dependency>
       <groupId>com.h2database</groupId>
       <artifactId>h2</artifactId>
+      <scope>test</scope>
     </dependency>
     <dependency>
       <groupId>org.springframework.cloud</groupId>
diff --git a/common/pom.xml b/common/pom.xml
index fe7b173..7c842cb 100644 (file)
--- a/common/pom.xml
+++ b/common/pom.xml
@@ -15,6 +15,7 @@
     <grpc.netty.version>4.1.30.Final</grpc.netty.version>
     <ccsdk.version>1.1.5</ccsdk.version>
     <tomcat-catalina-version>9.0.105</tomcat-catalina-version>
+    <logback.version>1.2.13</logback.version>
   </properties>
   <dependencies>
     <dependency>
@@ -273,6 +274,16 @@
         <type>pom</type>
         <scope>import</scope>
       </dependency>
+      <dependency>
+        <groupId>ch.qos.logback</groupId>
+        <artifactId>logback-core</artifactId>
+        <version>${logback.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>ch.qos.logback</groupId>
+        <artifactId>logback-classic</artifactId>
+        <version>${logback.version}</version>
+      </dependency>
     </dependencies>
   </dependencyManagement>
   <build>
diff --git a/mso-api-handlers/mso-api-handler-infra/pom.xml b/mso-api-handlers/mso-api-handler-infra/pom.xml
index 560035b..e33cc39 100644 (file)
--- a/mso-api-handlers/mso-api-handler-infra/pom.xml
+++ b/mso-api-handlers/mso-api-handler-infra/pom.xml
@@ -42,6 +42,7 @@
     <dependency>
       <groupId>com.h2database</groupId>
       <artifactId>h2</artifactId>
+      <scope>test</scope>
     </dependency>
     <dependency>
       <groupId>org.springframework.boot</groupId>
diff --git a/pom.xml b/pom.xml
index 4cf4f51..8579dfc 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -78,6 +78,7 @@
     <onap-logging-version>1.6.9</onap-logging-version>
     <jackson.version>2.14.3</jackson.version>
     <grpc.version>1.25.0</grpc.version>
+    <logback.version>1.2.7</logback.version>
   </properties>
   <distributionManagement>
     <repository>
@@ -912,6 +913,16 @@
         <artifactId>logging-filter-spring</artifactId>
         <version>${onap-logging-version}</version>
       </dependency>
+      <dependency>
+        <groupId>ch.qos.logback</groupId>
+        <artifactId>logback-core</artifactId>
+        <version>${logback.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>ch.qos.logback</groupId>
+        <artifactId>logback-classic</artifactId>
+        <version>${logback.version}</version>
+      </dependency>
       <dependency>
         <groupId>org.apache.httpcomponents</groupId>
         <artifactId>httpcore</artifactId>
@@ -986,7 +997,7 @@
       <dependency>
         <groupId>org.json</groupId>
         <artifactId>json</artifactId>
-        <version>20220924</version>
+        <version>20250517</version>
       </dependency>
       <dependency>
         <groupId>org.onap.aai.schema-service</groupId>
Service Orchestrator