Update vulnerable package dependencies

commons-io -> 2.7
org.freemarker -> 2.3.30

Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: Ie18bd3abffdb64017ab49331864325beea8aa2c4
Issue-ID: SDC-3572

diff --git a/asdctool/pom.xml b/asdctool/pom.xml
index 7161f89..700d9dc 100644 (file)
--- a/asdctool/pom.xml
+++ b/asdctool/pom.xml
@@ -162,6 +162,12 @@
       <artifactId>commons-jci-core</artifactId>
       <version>${commons-jci-core.version}</version>
       <scope>compile</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>commons-io</groupId>
+          <artifactId>commons-io</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>
@@ -289,6 +295,10 @@
           <groupId>org.apache.thrift</groupId>
           <artifactId>libthrift</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>commons-io</groupId>
+          <artifactId>commons-io</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
 

diff --git a/catalog-be/pom.xml b/catalog-be/pom.xml
index 002e3fc..c156b96 100644 (file)
--- a/catalog-be/pom.xml
+++ b/catalog-be/pom.xml
@@ -159,6 +159,12 @@
             <artifactId>commons-jci-core</artifactId>
             <version>${commons-jci-core.version}</version>
             <scope>compile</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-io</groupId>
+                    <artifactId>commons-io</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <!-- Gson -->
@@ -384,6 +390,10 @@
                     <groupId>org.apache.thrift</groupId>
                     <artifactId>libthrift</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>commons-io</groupId>
+                    <artifactId>commons-io</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 

diff --git a/catalog-dao/pom.xml b/catalog-dao/pom.xml
index e487861..8d82dd2 100644 (file)
--- a/catalog-dao/pom.xml
+++ b/catalog-dao/pom.xml
@@ -230,6 +230,12 @@ Modifications copyright (c) 2018 Nokia
       <artifactId>commons-jci-core</artifactId>
       <version>${commons-jci-core.version}</version>
       <scope>test</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>commons-io</groupId>
+          <artifactId>commons-io</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>
@@ -265,6 +271,10 @@ Modifications copyright (c) 2018 Nokia
           <artifactId>groovy</artifactId>
           <groupId>org.codehaus.groovy</groupId>
         </exclusion>
+        <exclusion>
+          <groupId>commons-io</groupId>
+          <artifactId>commons-io</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
 

diff --git a/catalog-fe/pom.xml b/catalog-fe/pom.xml
index a4be186..2383081 100644 (file)
--- a/catalog-fe/pom.xml
+++ b/catalog-fe/pom.xml
@@ -70,6 +70,12 @@
       <artifactId>commons-jci-core</artifactId>
       <version>${commons-jci-core.version}</version>
       <scope>compile</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>commons-io</groupId>
+          <artifactId>commons-io</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>
@@ -265,6 +271,10 @@
               <groupId>log4j</groupId>
               <artifactId>log4j</artifactId>
             </exclusion>
+            <exclusion>
+              <groupId>commons-io</groupId>
+              <artifactId>commons-io</artifactId>
+            </exclusion>
           </exclusions>
         </dependency>
         <dependency>

diff --git a/catalog-model/pom.xml b/catalog-model/pom.xml
index 7666076..ff28ea6 100644 (file)
--- a/catalog-model/pom.xml
+++ b/catalog-model/pom.xml
@@ -166,6 +166,10 @@
           <groupId>org.apache.thrift</groupId>
           <artifactId>libthrift</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>commons-io</groupId>
+          <artifactId>commons-io</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
 
@@ -299,6 +303,12 @@
       <artifactId>commons-jci-core</artifactId>
       <version>${commons-jci-core.version}</version>
       <scope>test</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>commons-io</groupId>
+          <artifactId>commons-io</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>

diff --git a/common-app-api/pom.xml b/common-app-api/pom.xml
index 3542d6e..36df3cf 100644 (file)
--- a/common-app-api/pom.xml
+++ b/common-app-api/pom.xml
@@ -26,8 +26,17 @@
           <groupId>org.springframework</groupId>
           <artifactId>spring-context</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>commons-io</groupId>
+          <artifactId>commons-io</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
+    <dependency>
+      <groupId>commons-io</groupId>
+      <artifactId>commons-io</artifactId>
+      <version>${commons.io.version}</version>
+    </dependency>
     <dependency>
       <groupId>org.springframework</groupId>
       <artifactId>spring-context</artifactId>
@@ -69,6 +78,12 @@
       <artifactId>commons-jci-core</artifactId>
       <version>${commons-jci-core.version}</version>
       <scope>provided</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>commons-io</groupId>
+          <artifactId>commons-io</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <!-- Gson -->

diff --git a/integration-tests/pom.xml b/integration-tests/pom.xml
index 87761e6..4fd4304 100644 (file)
--- a/integration-tests/pom.xml
+++ b/integration-tests/pom.xml
@@ -149,6 +149,10 @@ limitations under the License.
                     <groupId>org.apache.thrift</groupId>
                     <artifactId>libthrift</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>commons-io</groupId>
+                    <artifactId>commons-io</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>

diff --git a/onboarding/pom.xml b/onboarding/pom.xml
index 0ab08d0..aec0e92 100644 (file)
--- a/onboarding/pom.xml
+++ b/onboarding/pom.xml
@@ -64,13 +64,11 @@
     <classmate.version>1.3.3</classmate.version>
     <commons.codec.version>1.10</commons.codec.version>
     <commons.digester.version>2.1</commons.digester.version>
-    <commons.io.version>2.5</commons.io.version>
     <commons.lang.version>2.6</commons.lang.version>
     <commons.lang3.version>3.4</commons.lang3.version>
     <cxf.version>3.3.6</cxf.version>
     <datastax.cassandra.version>3.8.0</datastax.cassandra.version>
     <groovy.minimal.version>1.5.8</groovy.minimal.version>
-    <freemarker.version>2.3.26-incubating</freemarker.version>
     <hibernate.validator.version>5.3.6.Final</hibernate.validator.version>
     <http.client.version>4.5.3</http.client.version>
     <http.core.version>4.4.1</http.core.version>

diff --git a/openecomp-be/lib/openecomp-sdc-model-lib/openecomp-sdc-model-impl/pom.xml b/openecomp-be/lib/openecomp-sdc-model-lib/openecomp-sdc-model-impl/pom.xml
index 997e81a..c086f9a 100644 (file)
--- a/openecomp-be/lib/openecomp-sdc-model-lib/openecomp-sdc-model-impl/pom.xml
+++ b/openecomp-be/lib/openecomp-sdc-model-lib/openecomp-sdc-model-impl/pom.xml
@@ -63,7 +63,7 @@
         <dependency>
             <groupId>commons-io</groupId>
             <artifactId>commons-io</artifactId>
-            <version>2.5</version>
+            <version>${commons.io.version}</version>
         </dependency>
         <dependency>
             <groupId>org.openecomp.sdc</groupId>

diff --git a/openecomp-be/lib/openecomp-sdc-tosca-generator-lib/openecomp-sdc-tosca-generator-core/pom.xml b/openecomp-be/lib/openecomp-sdc-tosca-generator-lib/openecomp-sdc-tosca-generator-core/pom.xml
index 52c2568..9f8f9b1 100644 (file)
--- a/openecomp-be/lib/openecomp-sdc-tosca-generator-lib/openecomp-sdc-tosca-generator-core/pom.xml
+++ b/openecomp-be/lib/openecomp-sdc-tosca-generator-lib/openecomp-sdc-tosca-generator-core/pom.xml
@@ -53,7 +53,7 @@
     <dependency>
       <groupId>commons-io</groupId>
       <artifactId>commons-io</artifactId>
-      <version>2.5</version>
+      <version>${commons.io.version}</version>
     </dependency>
   </dependencies>
 

diff --git a/openecomp-be/lib/openecomp-sdc-translator-lib/openecomp-sdc-translator-core/pom.xml b/openecomp-be/lib/openecomp-sdc-translator-lib/openecomp-sdc-translator-core/pom.xml
index 6f55624..66c6d53 100644 (file)
--- a/openecomp-be/lib/openecomp-sdc-translator-lib/openecomp-sdc-translator-core/pom.xml
+++ b/openecomp-be/lib/openecomp-sdc-translator-lib/openecomp-sdc-translator-core/pom.xml
@@ -68,7 +68,7 @@
     <dependency>
       <groupId>commons-io</groupId>
       <artifactId>commons-io</artifactId>
-      <version>2.5</version>
+      <version>${commons.io.version}</version>
     </dependency>
     <dependency>
       <groupId>org.openecomp.sdc</groupId>

diff --git a/openecomp-be/lib/openecomp-sdc-vendor-software-product-lib/openecomp-sdc-vendor-software-product-api/pom.xml b/openecomp-be/lib/openecomp-sdc-vendor-software-product-lib/openecomp-sdc-vendor-software-product-api/pom.xml
index 81a5233..666f464 100644 (file)
--- a/openecomp-be/lib/openecomp-sdc-vendor-software-product-lib/openecomp-sdc-vendor-software-product-api/pom.xml
+++ b/openecomp-be/lib/openecomp-sdc-vendor-software-product-lib/openecomp-sdc-vendor-software-product-api/pom.xml
@@ -1,72 +1,75 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xmlns="http://maven.apache.org/POM/4.0.0"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <modelVersion>4.0.0</modelVersion>
+  xmlns="http://maven.apache.org/POM/4.0.0"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
 
-    <parent>
-        <groupId>org.openecomp.sdc</groupId>
-        <artifactId>openecomp-sdc-vendor-software-product-lib</artifactId>
-        <version>1.9.0-SNAPSHOT</version>
-    </parent>
+  <parent>
+    <groupId>org.openecomp.sdc</groupId>
+    <artifactId>openecomp-sdc-vendor-software-product-lib</artifactId>
+    <version>1.9.0-SNAPSHOT</version>
+  </parent>
 
-    <artifactId>openecomp-sdc-vendor-software-product-api</artifactId>
+  <artifactId>openecomp-sdc-vendor-software-product-api</artifactId>
 
+  <properties>
+    <freemarker.version>2.3.30</freemarker.version>
+  </properties>
 
-    <dependencies>
-        <dependency>
-            <groupId>org.openecomp.sdc.core</groupId>
-            <artifactId>openecomp-core-lib</artifactId>
-            <type>pom</type>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.openecomp.sdc.core</groupId>
-            <artifactId>openecomp-facade-core</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.openecomp.sdc.core</groupId>
-            <artifactId>openecomp-nosqldb-core</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.openecomp.sdc</groupId>
-            <artifactId>openecomp-sdc-versioning-core</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.openecomp.sdc</groupId>
-            <artifactId>openecomp-sdc-translator-core</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.openecomp.sdc</groupId>
-            <artifactId>openecomp-sdc-enrichment-api</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.freemarker</groupId>
-            <artifactId>freemarker</artifactId>
-            <version>${freemarker.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.openecomp.sdc.core</groupId>
-            <artifactId>openecomp-config-lib</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.projectlombok</groupId>
-            <artifactId>lombok</artifactId>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.openecomp.sdc.be</groupId>
-            <artifactId>common-be</artifactId>
-            <version>${project.version}</version>
-            <scope>compile</scope>
-        </dependency>
-    </dependencies>
+  <dependencies>
+    <dependency>
+      <groupId>org.openecomp.sdc.core</groupId>
+      <artifactId>openecomp-core-lib</artifactId>
+      <type>pom</type>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.openecomp.sdc.core</groupId>
+      <artifactId>openecomp-facade-core</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.openecomp.sdc.core</groupId>
+      <artifactId>openecomp-nosqldb-core</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.openecomp.sdc</groupId>
+      <artifactId>openecomp-sdc-versioning-core</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.openecomp.sdc</groupId>
+      <artifactId>openecomp-sdc-translator-core</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.openecomp.sdc</groupId>
+      <artifactId>openecomp-sdc-enrichment-api</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.freemarker</groupId>
+      <artifactId>freemarker</artifactId>
+      <version>${freemarker.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.openecomp.sdc.core</groupId>
+      <artifactId>openecomp-config-lib</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.projectlombok</groupId>
+      <artifactId>lombok</artifactId>
+      <scope>provided</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.openecomp.sdc.be</groupId>
+      <artifactId>common-be</artifactId>
+      <version>${project.version}</version>
+      <scope>compile</scope>
+    </dependency>
+  </dependencies>
 
 
 </project>

diff --git a/pom.xml b/pom.xml
index 00ec81f..5427d1d 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -57,7 +57,8 @@ Modifications copyright (c) 2018-2019 Nokia
         <cadi.version>2.1.8</cadi.version>
         <lombok.version>1.18.18</lombok.version>
         <commons-beanutils>1.9.4</commons-beanutils>
-        <commons-configuration>2.3</commons-configuration>
+        <commons.io.version>2.7</commons.io.version>
+        <commons-configuration>2.7</commons-configuration>
         <apache-poi.version>4.1.0</apache-poi.version>
         <onap.logging.version>1.6.1</onap.logging.version>
         <apache-commons-text.version>1.9</apache-commons-text.version>

diff --git a/utils/webseal-simulator/pom.xml b/utils/webseal-simulator/pom.xml
index ca95ef8..7703896 100644 (file)
--- a/utils/webseal-simulator/pom.xml
+++ b/utils/webseal-simulator/pom.xml
@@ -45,7 +45,7 @@
     <dependency>
       <groupId>commons-io</groupId>
       <artifactId>commons-io</artifactId>
-      <version>2.4</version>
+      <version>2.7</version>
     </dependency>
 
     <dependency>