Code Review / so.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 8ed7a37)
Update vulnerable dependencies 26/141526/1
authorFiete Ostkamp <Fiete.Ostkamp@telekom.de>
Mon, 14 Jul 2025 07:37:04 +0000 (09:37 +0200)
committerFiete Ostkamp <Fiete.Ostkamp@telekom.de>
Mon, 14 Jul 2025 07:37:04 +0000 (09:37 +0200)
- consistently use the same logback version everywhere (1.2.10 -> 1.2.11)
- consistently uuse the same kafka-clients version everywhere (3.3.1 -> 3.3.2)
- declare ehcache dependency in aai-client pom instead of common since it
  is only used there

Issue-ID: SO-4199
Change-Id: Id8b5c6c061e6f0921e45fb6763fe2384f0315fe4
Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
asdc-controller/pom.xml patch | blob | history
bpmn/pom.xml patch | blob | history
bpmn/so-bpmn-infrastructure-common/pom.xml patch | blob | history
common/pom.xml patch | blob | history
graph-inventory/aai-client/pom.xml patch | blob | history
pom.xml patch | blob | history

diff --git a/asdc-controller/pom.xml b/asdc-controller/pom.xml
index a2f4a74..febccbe 100644 (file)
--- a/asdc-controller/pom.xml
+++ b/asdc-controller/pom.xml
@@ -16,7 +16,6 @@
     <sdc.tosca.version>1.6.5</sdc.tosca.version>
     <jtosca.version>1.5.1</jtosca.version>
     <sdc-dist-client.version>2.0.0</sdc-dist-client.version>
-    <kafka-clients.version>3.3.2</kafka-clients.version>
   </properties>
   <build>
     <finalName>${project.artifactId}-${project.version}</finalName>
diff --git a/bpmn/pom.xml b/bpmn/pom.xml
index c0a3192..6d2ac6e 100644 (file)
--- a/bpmn/pom.xml
+++ b/bpmn/pom.xml
@@ -19,9 +19,8 @@
     <xmlunit.version>2.4.0</xmlunit.version>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-    <sdnc.northbound.version>3.0.2</sdnc.northbound.version>
     <!-- SDNC northbound API latest version -->
-    <logback-core.version>1.2.10</logback-core.version>
+    <sdnc.northbound.version>3.0.2</sdnc.northbound.version>
   </properties>
   <modules>
     <module>MSOCoreBPMN</module>
diff --git a/bpmn/so-bpmn-infrastructure-common/pom.xml b/bpmn/so-bpmn-infrastructure-common/pom.xml
index 94412a2..cfdb67b 100644 (file)
--- a/bpmn/so-bpmn-infrastructure-common/pom.xml
+++ b/bpmn/so-bpmn-infrastructure-common/pom.xml
@@ -220,7 +220,6 @@
     <dependency>
       <groupId>ch.qos.logback</groupId>
       <artifactId>logback-core</artifactId>
-      <version>${logback-core.version}</version>
     </dependency>
     <dependency>
       <groupId>org.slf4j</groupId>
diff --git a/common/pom.xml b/common/pom.xml
index 9b8b063..894bb15 100644 (file)
--- a/common/pom.xml
+++ b/common/pom.xml
@@ -37,6 +37,7 @@
     <dependency>
       <groupId>com.jayway.jsonpath</groupId>
       <artifactId>json-path</artifactId>
+      <version>2.5.0</version>
     </dependency>
     <dependency>
       <groupId>org.hibernate</groupId>
@@ -145,6 +146,10 @@
           <groupId>io.springfox</groupId>
           <artifactId>springfox-boot-starter</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.apache.kafka</groupId>
+          <artifactId>kafka-clients</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <!-- protobuf dependencies -->
@@ -238,11 +243,7 @@
     <dependency>
       <groupId>javax.cache</groupId>
       <artifactId>cache-api</artifactId>
-      <version>1.0.0</version>
-    </dependency>
-    <dependency>
-      <groupId>org.ehcache</groupId>
-      <artifactId>ehcache</artifactId>
+      <version>1.1.0</version>
     </dependency>
     <dependency>
       <groupId>org.springframework.cloud</groupId>
@@ -252,7 +253,7 @@
     <dependency>
       <groupId>org.apache.kafka</groupId>
       <artifactId>kafka-clients</artifactId>
-      <version>3.3.1</version>
+      <version>${kafka-clients.version}</version>
     </dependency>
     <dependency>
       <groupId>uk.org.webcompere</groupId>
diff --git a/graph-inventory/aai-client/pom.xml b/graph-inventory/aai-client/pom.xml
index 193a33b..b1e7a21 100644 (file)
--- a/graph-inventory/aai-client/pom.xml
+++ b/graph-inventory/aai-client/pom.xml
@@ -139,6 +139,10 @@
       <scope>compile</scope>
       <optional>true</optional>
     </dependency>
+    <dependency>
+      <groupId>org.ehcache</groupId>
+      <artifactId>ehcache</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.apache.cxf</groupId>
       <artifactId>cxf-rt-rs-client</artifactId>
diff --git a/pom.xml b/pom.xml
index a62a4b6..baac654 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -79,6 +79,7 @@
     <jackson.version>2.14.3</jackson.version>
     <grpc.version>1.25.0</grpc.version>
     <logback.version>1.2.11</logback.version>
+    <kafka-clients.version>3.3.2</kafka-clients.version>
   </properties>
   <distributionManagement>
     <repository>
Service Orchestrator