From a6dcb0487d3efa67e73285623062d700c7ef9cfa Mon Sep 17 00:00:00 2001
From: ChrisC <christophe.closset@intl.att.com>
Date: Fri, 7 May 2021 12:38:57 +0200
Subject: [PATCH] Update vulnerable package dependencies

Update version to 1.9.0
Update vulnerable packages
Fix dependency conflicts

Issue-ID: SDC-3572
Signed-off-by: ChrisC <christophe.closset@intl.att.com>
Change-Id: I2dfac9340555ff41bb8b977bd28d0ed861c19125
---
 pom.xml                                            |  2 +-
 sdc-workflow-designer-be/pom.xml                   | 78 +++++++++++++++++++---
 .../sdc/workflow/api/swagger/UserIdReader.java     |  2 +-
 .../sdc/workflow/server/config/SwaggerConfig.java  |  2 -
 .../sdc/workflow/api/swagger/UserIdReaderTest.java |  6 +-
 sdc-workflow-designer-init/pom.xml                 |  2 +-
 sdc-workflow-designer-ui/pom.xml                   | 15 ++++-
 version.properties                                 |  2 +-
 8 files changed, 87 insertions(+), 22 deletions(-)

diff --git a/pom.xml b/pom.xml
index f6c1aef4..d0f448c3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
     <groupId>org.onap.sdc.sdc-workflow-designer</groupId>
     <artifactId>sdc-workflow-designer-parent</artifactId>
     <name>sdc-sdc-workflow-designer</name>
-    <version>1.8.0-SNAPSHOT</version>
+    <version>1.9.0-SNAPSHOT</version>
     <packaging>pom</packaging>
 
     <properties>
diff --git a/sdc-workflow-designer-be/pom.xml b/sdc-workflow-designer-be/pom.xml
index a25d2fbd..e7be72bf 100644
--- a/sdc-workflow-designer-be/pom.xml
+++ b/sdc-workflow-designer-be/pom.xml
@@ -10,14 +10,14 @@
     <parent>
         <groupId>org.onap.sdc.sdc-workflow-designer</groupId>
         <artifactId>sdc-workflow-designer-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
     </parent>
 
     <properties>
-        <spring.boot.version>2.1.0.RELEASE</spring.boot.version>
+        <spring.boot.version>2.3.10.RELEASE</spring.boot.version>
         <mapstruct.version>1.3.1.Final</mapstruct.version>
         <lombok.version>1.18.0</lombok.version>
-        <springfox.version>2.8.0</springfox.version>
+        <springfox.version>3.0.0</springfox.version>
         <jaxb.api.version>2.3.0</jaxb.api.version>
     </properties>
 
@@ -48,9 +48,35 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-jetty</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-validation</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-data-cassandra</artifactId>
+            <exclusions>
+                <exclusion>
+                    <artifactId>HdrHistogram</artifactId>
+                    <groupId>org.hdrhistogram</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>asm</artifactId>
+                    <groupId>org.ow2.asm</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>asm-analysis</artifactId>
+                    <groupId>org.ow2.asm</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>asm-commons</artifactId>
+                    <groupId>org.ow2.asm</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>asm-tree</artifactId>
+                    <groupId>org.ow2.asm</groupId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -61,15 +87,16 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
             <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <artifactId>asm</artifactId>
+                    <groupId>org.ow2.asm</groupId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>io.springfox</groupId>
-            <artifactId>springfox-swagger-ui</artifactId>
-            <version>${springfox.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>io.springfox</groupId>
-            <artifactId>springfox-swagger2</artifactId>
+            <artifactId>springfox-boot-starter</artifactId>
             <version>${springfox.version}</version>
         </dependency>
         <dependency>
@@ -96,6 +123,13 @@
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
+            <version>4.5.13</version>
+            <exclusions>
+                <exclusion>
+                    <artifactId>commons-codec</artifactId>
+                    <groupId>commons-codec</groupId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.mapstruct</groupId>
@@ -127,17 +161,23 @@
         <dependency>
             <groupId>commons-io</groupId>
             <artifactId>commons-io</artifactId>
-            <version>2.6</version>
+            <version>2.8.0</version>
         </dependency>
         <dependency>
             <groupId>commons-codec</groupId>
             <artifactId>commons-codec</artifactId>
-            <version>1.9</version>
+            <version>1.15</version>
         </dependency>
         <dependency>
             <groupId>org.onap.sdc.sdc-be-common</groupId>
             <artifactId>session-lib</artifactId>
             <version>1.6.0</version>
+            <exclusions>
+                <exclusion>
+                    <artifactId>objenesis</artifactId>
+                    <groupId>org.objenesis</groupId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.onap.sdc.sdc-be-common</groupId>
@@ -159,6 +199,22 @@
                     <groupId>org.springframework.boot</groupId>
                     <artifactId>spring-boot-starter-data-cassandra</artifactId>
                 </exclusion>
+                <exclusion>
+                    <artifactId>jnr-posix</artifactId>
+                    <groupId>com.github.jnr</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>jnr-ffi</artifactId>
+                    <groupId>com.github.jnr</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>zusammen-sdk</artifactId>
+                    <groupId>com.amdocs.zusammen</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>zusammen-commons-configuration</artifactId>
+                    <groupId>com.amdocs.zusammen</groupId>
+                </exclusion>
             </exclusions>
         </dependency>
        <dependency>
diff --git a/sdc-workflow-designer-be/src/main/java/org/onap/sdc/workflow/api/swagger/UserIdReader.java b/sdc-workflow-designer-be/src/main/java/org/onap/sdc/workflow/api/swagger/UserIdReader.java
index d16c9407..0bcac29f 100644
--- a/sdc-workflow-designer-be/src/main/java/org/onap/sdc/workflow/api/swagger/UserIdReader.java
+++ b/sdc-workflow-designer-be/src/main/java/org/onap/sdc/workflow/api/swagger/UserIdReader.java
@@ -19,7 +19,7 @@ package org.onap.sdc.workflow.api.swagger;
 import static org.onap.sdc.workflow.api.RestParams.USER_ID_HEADER;
 
 import com.fasterxml.classmate.TypeResolver;
-import com.google.common.base.Optional;
+import java.util.Optional;
 import org.onap.sdc.workflow.services.annotations.UserId;
 import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
diff --git a/sdc-workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/SwaggerConfig.java b/sdc-workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/SwaggerConfig.java
index a2eca63a..d6f2e3e1 100644
--- a/sdc-workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/SwaggerConfig.java
+++ b/sdc-workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/SwaggerConfig.java
@@ -23,10 +23,8 @@ import org.springframework.context.annotation.Configuration;
 import springfox.documentation.builders.RequestHandlerSelectors;
 import springfox.documentation.spi.DocumentationType;
 import springfox.documentation.spring.web.plugins.Docket;
-import springfox.documentation.swagger2.annotations.EnableSwagger2;
 
 @Configuration
-@EnableSwagger2
 public class SwaggerConfig {
 
     @Bean
diff --git a/sdc-workflow-designer-be/src/test/java/org/onap/sdc/workflow/api/swagger/UserIdReaderTest.java b/sdc-workflow-designer-be/src/test/java/org/onap/sdc/workflow/api/swagger/UserIdReaderTest.java
index 6899e984..b82cb438 100644
--- a/sdc-workflow-designer-be/src/test/java/org/onap/sdc/workflow/api/swagger/UserIdReaderTest.java
+++ b/sdc-workflow-designer-be/src/test/java/org/onap/sdc/workflow/api/swagger/UserIdReaderTest.java
@@ -23,7 +23,7 @@ import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 import com.fasterxml.classmate.TypeResolver;
-import com.google.common.base.Optional;
+import java.util.Optional;
 import java.lang.annotation.Annotation;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -60,7 +60,7 @@ public class UserIdReaderTest {
     @Test
     public void shouldNotCallToParameterBuilderIfUserIdAnnotationNotFound() {
         when(parameterContext.resolvedMethodParameter()).thenReturn(resolvedMethodParameter);
-        when(resolvedMethodParameter.findAnnotation(UserId.class)).thenReturn(Optional.absent());
+        when(resolvedMethodParameter.findAnnotation(UserId.class)).thenReturn(Optional.empty());
         userIdReader.apply(parameterContext);
         verify(parameterContext, times(0)).parameterBuilder();
     }
@@ -70,7 +70,7 @@ public class UserIdReaderTest {
 
         doReturn(resolvedMethodParameter).when(parameterContext).resolvedMethodParameter();
         doReturn(parameterBuilder).when(parameterContext).parameterBuilder();
-        doReturn(parameterBuilder).when(parameterBuilder).parameterType(any());
+        doReturn(parameterBuilder).when(parameterBuilder).parameterType((String)(any()));
         doReturn(parameterBuilder).when(parameterBuilder).name(any());
         doReturn(parameterBuilder).when(parameterBuilder).type(any());
         doReturn(Optional.of(USER_ID_ANNOTATION)).when(resolvedMethodParameter).findAnnotation(UserId.class);
diff --git a/sdc-workflow-designer-init/pom.xml b/sdc-workflow-designer-init/pom.xml
index a665e1a5..178a2dd6 100644
--- a/sdc-workflow-designer-init/pom.xml
+++ b/sdc-workflow-designer-init/pom.xml
@@ -10,7 +10,7 @@
     <parent>
         <groupId>org.onap.sdc.sdc-workflow-designer</groupId>
         <artifactId>sdc-workflow-designer-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
     </parent>
 
     <profiles>
diff --git a/sdc-workflow-designer-ui/pom.xml b/sdc-workflow-designer-ui/pom.xml
index 887267b4..4cfc8d15 100644
--- a/sdc-workflow-designer-ui/pom.xml
+++ b/sdc-workflow-designer-ui/pom.xml
@@ -27,7 +27,7 @@
     <parent>
         <groupId>org.onap.sdc.sdc-workflow-designer</groupId>
         <artifactId>sdc-workflow-designer-parent</artifactId>
-        <version>1.8.0-SNAPSHOT</version>
+        <version>1.9.0-SNAPSHOT</version>
     </parent>
 
     <properties>
@@ -39,7 +39,13 @@
         <dependency>
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-proxy</artifactId>
-            <version>9.4.18.v20190429</version>
+            <version>9.4.40.v20210413</version>
+            <exclusions>
+                <exclusion>
+                    <artifactId>jetty-http</artifactId>
+                    <groupId>org.eclipse.jetty</groupId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>javax.servlet</groupId>
@@ -47,6 +53,11 @@
             <version>3.0.1</version>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-http</artifactId>
+            <version>9.4.40.v20210413</version>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/version.properties b/version.properties
index 11f03832..0986d1f0 100644
--- a/version.properties
+++ b/version.properties
@@ -3,7 +3,7 @@
 # because they are used in Jenkins, whose plug-in doesn't support
 
 major=1
-minor=8
+minor=9
 patch=0
 
 base_version=${major}.${minor}.${patch}
-- 
2.16.6