SECCOM has issued a directive on which dependencies should be used, see
this wiki page:
https://wiki.onap.org/display/SV/Jakarta+Policy
This is the policy parent review to comply with the SECCOM directive.
Zookeeper is added as a test dependency, it is no longer pulled in as a
transitive dependency by Kafka.
Issue-ID: POLICY-3849
Change-Id: Id504b308cd4e806e9e2e9489842abf1a7f93b9dc
Signed-off-by: liamfallon <liam.fallon@est.tech>
<encoding>UTF-8</encoding>
<file.encoding>UTF-8</file.encoding>
<version.commons-cli>1.4</version.commons-cli>
- <version.kafka>2.3.0</version.kafka>
+ <version.kafka>3.0.0</version.kafka>
<version.hibernate>5.3.7.Final</version.hibernate>
<version.policy.common>1.10.1-SNAPSHOT</version.policy.common>
<version.policy.models>2.6.1-SNAPSHOT</version.policy.models>
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.apache.zookeeper</groupId>
+ <artifactId>zookeeper</artifactId>
+ <version>3.7.0</version>
+ <scope>test</scope>
+ <exclusions>
+ <!-- The default netty version in kafka-junit4 has vulnerabilities -->
+ <exclusion>
+ <groupId>io.netty</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
<!-- This netty version fixes the vulnerabilities -->
<dependency>
<groupId>io.netty</groupId>