From d0392bdd88a1cac06cb5727c93f10c76bdff9e58 Mon Sep 17 00:00:00 2001 From: Kasperki Date: Fri, 29 Jul 2022 18:28:01 +0200 Subject: [PATCH] Fix SDK Vulnerabilities Issue-ID: DCAEGEN2-3220 Signed-off-by: Pawel Change-Id: Ic7df50fd22900bc680f7fff01871625ce809b4b5 --- Changelog.md | 4 ++++ pom.xml | 13 +++++++------ rest-services/cbs-client/pom.xml | 2 +- rest-services/dmaap-client/pom.xml | 2 +- rest-services/http-client/pom.xml | 7 ++++++- rest-services/model/pom.xml | 2 +- rest-services/pom.xml | 6 +++++- security/crypt-password/pom.xml | 2 +- security/pom.xml | 6 +++++- security/ssl/pom.xml | 2 +- services/common/pom.xml | 2 +- services/external-schema-manager/pom.xml | 2 +- services/hv-ves-client/pom.xml | 2 +- services/hv-ves-client/producer/api/pom.xml | 2 +- services/hv-ves-client/producer/ct/pom.xml | 2 +- services/hv-ves-client/producer/impl/pom.xml | 2 +- services/hv-ves-client/producer/pom.xml | 2 +- services/hv-ves-client/protobuf/pom.xml | 17 +++++++++-------- services/pom.xml | 6 +++++- standardization/api-custom-header/pom.xml | 3 +-- standardization/moher-api/healthstate/pom.xml | 2 +- standardization/moher-api/metrics/pom.xml | 2 +- standardization/moher-api/pom.xml | 2 +- standardization/moher-api/server-adapters/pom.xml | 2 +- .../moher-api/server-adapters/reactor-netty/pom.xml | 2 +- .../moher-api/server-adapters/spring-webflux/pom.xml | 3 ++- standardization/pom.xml | 6 +++++- version.properties | 2 +- 28 files changed, 67 insertions(+), 40 deletions(-) diff --git a/Changelog.md b/Changelog.md index 3df29f30..31994d17 100644 --- a/Changelog.md +++ b/Changelog.md @@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [1.8.10] - 2022/07/29 +### Added + - [DCAEGEN2-3220] (https://jira.onap.org/browse/DCAEGEN2-3220) - Fix SDK Vulnerability. Top up Spring-Boot version to 2.7.2 + ## [1.8.9] - 2022/07/15 ### Added - [DCAEGEN2-3223] (https://jira.onap.org/browse/DCAEGEN2-3223) - Fix CBS client environment variable substitution fails for complex cases diff --git a/pom.xml b/pom.xml index 76a0fece..68b37200 100644 --- a/pom.xml +++ b/pom.xml @@ -24,7 +24,7 @@ language governing permissions and limitations under the License. org.onap.dcaegen2.services sdk - 1.8.9-SNAPSHOT + ${revision} dcaegen2-services-sdk Common SDK repo for all DCAE Services @@ -73,28 +73,29 @@ language governing permissions and limitations under the License. 11 - 5.7.0 + 5.9.0 5.7.0 1.3.1 - 2.7.5 + 2.9.0 3.12.2 2020.0.1 1.7.25 - 1.2.3 + 1.2.11 2.28.2 - 3.6.1 + 3.21.1 0.10.2 1.6 16.0.3 3.6.0.2 1.15.1 - 2.5.9 + 2.7.2 1.17.2 1.0.3 5.11.2 ${project.reporting.outputDirectory}/jacoco-ut/jacoco.xml + 1.8.10-SNAPSHOT diff --git a/rest-services/cbs-client/pom.xml b/rest-services/cbs-client/pom.xml index e99fc44a..d7c0753b 100644 --- a/rest-services/cbs-client/pom.xml +++ b/rest-services/cbs-client/pom.xml @@ -20,7 +20,7 @@ language governing permissions and limitations under the License. org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-rest-services - 1.8.9-SNAPSHOT + ${revision} org.onap.dcaegen2.services.sdk.rest.services diff --git a/rest-services/dmaap-client/pom.xml b/rest-services/dmaap-client/pom.xml index b4390981..8123af31 100644 --- a/rest-services/dmaap-client/pom.xml +++ b/rest-services/dmaap-client/pom.xml @@ -20,7 +20,7 @@ language governing permissions and limitations under the License. org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-rest-services - 1.8.9-SNAPSHOT + ${revision} org.onap.dcaegen2.services.sdk.rest.services diff --git a/rest-services/http-client/pom.xml b/rest-services/http-client/pom.xml index f182d63e..4223de02 100644 --- a/rest-services/http-client/pom.xml +++ b/rest-services/http-client/pom.xml @@ -28,7 +28,7 @@ org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-rest-services - 1.8.9-SNAPSHOT + ${revision} org.onap.dcaegen2.services.sdk.rest.services @@ -78,6 +78,11 @@ junit-jupiter-params test + + org.junit.jupiter + junit-jupiter-api + test + org.mockito mockito-core diff --git a/rest-services/model/pom.xml b/rest-services/model/pom.xml index 4a6dbe1d..0b47431c 100644 --- a/rest-services/model/pom.xml +++ b/rest-services/model/pom.xml @@ -27,7 +27,7 @@ org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-rest-services - 1.8.9-SNAPSHOT + ${revision} org.onap.dcaegen2.services.sdk.rest.services diff --git a/rest-services/pom.xml b/rest-services/pom.xml index 5d3be939..cf79b9ba 100644 --- a/rest-services/pom.xml +++ b/rest-services/pom.xml @@ -20,7 +20,7 @@ language governing permissions and limitations under the License. org.onap.dcaegen2.services sdk - 1.8.9-SNAPSHOT + ${revision} org.onap.dcaegen2.services.sdk @@ -36,4 +36,8 @@ language governing permissions and limitations under the License. cbs-client dmaap-client + + + -changelog-missing + diff --git a/security/crypt-password/pom.xml b/security/crypt-password/pom.xml index 5a8795e6..4b479394 100644 --- a/security/crypt-password/pom.xml +++ b/security/crypt-password/pom.xml @@ -19,7 +19,7 @@ language governing permissions and limitations under the License. org.onap.dcaegen2.services.sdk.security dcaegen2-services-sdk-security - 1.8.9-SNAPSHOT + ${revision} 4.0.0 diff --git a/security/pom.xml b/security/pom.xml index 37a3f020..cfc2da9d 100644 --- a/security/pom.xml +++ b/security/pom.xml @@ -20,7 +20,7 @@ language governing permissions and limitations under the License. org.onap.dcaegen2.services sdk - 1.8.9-SNAPSHOT + ${revision} org.onap.dcaegen2.services.sdk.security @@ -35,4 +35,8 @@ language governing permissions and limitations under the License. ssl + + -changelog-missing + + diff --git a/security/ssl/pom.xml b/security/ssl/pom.xml index 389c1aa1..bb2c71ef 100644 --- a/security/ssl/pom.xml +++ b/security/ssl/pom.xml @@ -19,7 +19,7 @@ language governing permissions and limitations under the License. org.onap.dcaegen2.services.sdk.security dcaegen2-services-sdk-security - 1.8.9-SNAPSHOT + ${revision} ssl diff --git a/services/common/pom.xml b/services/common/pom.xml index bb97d648..bee6427a 100644 --- a/services/common/pom.xml +++ b/services/common/pom.xml @@ -20,7 +20,7 @@ language governing permissions and limitations under the License. org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-services - 1.8.9-SNAPSHOT + ${revision} dcaegen2-services-sdk-services-common diff --git a/services/external-schema-manager/pom.xml b/services/external-schema-manager/pom.xml index b8ad8186..c9587910 100644 --- a/services/external-schema-manager/pom.xml +++ b/services/external-schema-manager/pom.xml @@ -20,7 +20,7 @@ language governing permissions and limitations under the License. org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-services - 1.8.9-SNAPSHOT + ${revision} dcaegen2-services-sdk-services-external-schema-manager diff --git a/services/hv-ves-client/pom.xml b/services/hv-ves-client/pom.xml index 5ade0cb3..cfe89c27 100644 --- a/services/hv-ves-client/pom.xml +++ b/services/hv-ves-client/pom.xml @@ -26,7 +26,7 @@ org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-services - 1.8.9-SNAPSHOT + ${revision} dcaegen2-services-sdk-services-hvvesclient diff --git a/services/hv-ves-client/producer/api/pom.xml b/services/hv-ves-client/producer/api/pom.xml index 0c88b3f0..cf39094b 100644 --- a/services/hv-ves-client/producer/api/pom.xml +++ b/services/hv-ves-client/producer/api/pom.xml @@ -26,7 +26,7 @@ org.onap.dcaegen2.services.sdk hvvesclient-producer - 1.8.9-SNAPSHOT + ${revision} hvvesclient-producer-api diff --git a/services/hv-ves-client/producer/ct/pom.xml b/services/hv-ves-client/producer/ct/pom.xml index 6e460450..edf18058 100644 --- a/services/hv-ves-client/producer/ct/pom.xml +++ b/services/hv-ves-client/producer/ct/pom.xml @@ -26,7 +26,7 @@ org.onap.dcaegen2.services.sdk hvvesclient-producer - 1.8.9-SNAPSHOT + ${revision} hvvesclient-producer-ct diff --git a/services/hv-ves-client/producer/impl/pom.xml b/services/hv-ves-client/producer/impl/pom.xml index 21bd7faf..46ff06db 100644 --- a/services/hv-ves-client/producer/impl/pom.xml +++ b/services/hv-ves-client/producer/impl/pom.xml @@ -26,7 +26,7 @@ org.onap.dcaegen2.services.sdk hvvesclient-producer - 1.8.9-SNAPSHOT + ${revision} hvvesclient-producer-impl diff --git a/services/hv-ves-client/producer/pom.xml b/services/hv-ves-client/producer/pom.xml index 4b06d683..b3c28417 100644 --- a/services/hv-ves-client/producer/pom.xml +++ b/services/hv-ves-client/producer/pom.xml @@ -26,7 +26,7 @@ org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-services-hvvesclient - 1.8.9-SNAPSHOT + ${revision} hvvesclient-producer diff --git a/services/hv-ves-client/protobuf/pom.xml b/services/hv-ves-client/protobuf/pom.xml index 36f48387..b3d535a3 100644 --- a/services/hv-ves-client/protobuf/pom.xml +++ b/services/hv-ves-client/protobuf/pom.xml @@ -26,7 +26,7 @@ dcaegen2-services-sdk-services-hvvesclient org.onap.dcaegen2.services.sdk - 1.8.9-SNAPSHOT + ${revision} High Volume VES Collector Client :: Protobuf @@ -38,6 +38,13 @@ + + + com.google.protobuf + protobuf-java + + + @@ -63,6 +70,7 @@ protoc-jar-maven-plugin + generate-sources generate-sources run @@ -86,11 +94,4 @@ - - - com.google.protobuf - protobuf-java - - - diff --git a/services/pom.xml b/services/pom.xml index 3aaf1962..7ddb0cc0 100644 --- a/services/pom.xml +++ b/services/pom.xml @@ -26,7 +26,7 @@ org.onap.dcaegen2.services sdk - 1.8.9-SNAPSHOT + ${revision} org.onap.dcaegen2.services.sdk @@ -40,4 +40,8 @@ hv-ves-client external-schema-manager + + + -changelog-missing + diff --git a/standardization/api-custom-header/pom.xml b/standardization/api-custom-header/pom.xml index a2cf6615..4f58163b 100644 --- a/standardization/api-custom-header/pom.xml +++ b/standardization/api-custom-header/pom.xml @@ -20,7 +20,7 @@ language governing permissions and limitations under the License. org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-standardization - 1.8.9-SNAPSHOT + ${revision} .. @@ -42,7 +42,6 @@ language governing permissions and limitations under the License. com.google.code.gson gson - 2.8.5 org.jetbrains diff --git a/standardization/moher-api/healthstate/pom.xml b/standardization/moher-api/healthstate/pom.xml index 19ae0a6a..85252188 100644 --- a/standardization/moher-api/healthstate/pom.xml +++ b/standardization/moher-api/healthstate/pom.xml @@ -25,7 +25,7 @@ dcaegen2-sdk-moher-api org.onap.dcaegen2.services.sdk - 1.8.9-SNAPSHOT + ${revision} Monitoring and Healthcheck :: Health state diff --git a/standardization/moher-api/metrics/pom.xml b/standardization/moher-api/metrics/pom.xml index 53d7547a..c9308602 100644 --- a/standardization/moher-api/metrics/pom.xml +++ b/standardization/moher-api/metrics/pom.xml @@ -26,7 +26,7 @@ dcaegen2-sdk-moher-api org.onap.dcaegen2.services.sdk - 1.8.9-SNAPSHOT + ${revision} Monitoring and Healthcheck :: Metrics diff --git a/standardization/moher-api/pom.xml b/standardization/moher-api/pom.xml index 22abb5b2..fd360c4f 100644 --- a/standardization/moher-api/pom.xml +++ b/standardization/moher-api/pom.xml @@ -26,7 +26,7 @@ dcaegen2-services-sdk-standardization org.onap.dcaegen2.services.sdk - 1.8.9-SNAPSHOT + ${revision} Monitoring and Healthcheck diff --git a/standardization/moher-api/server-adapters/pom.xml b/standardization/moher-api/server-adapters/pom.xml index d396a773..72ffa370 100644 --- a/standardization/moher-api/server-adapters/pom.xml +++ b/standardization/moher-api/server-adapters/pom.xml @@ -25,7 +25,7 @@ dcaegen2-sdk-moher-api org.onap.dcaegen2.services.sdk - 1.8.9-SNAPSHOT + ${revision} Monitoring and Healthcheck :: Server Adapters diff --git a/standardization/moher-api/server-adapters/reactor-netty/pom.xml b/standardization/moher-api/server-adapters/reactor-netty/pom.xml index 72db4ab6..f238b955 100644 --- a/standardization/moher-api/server-adapters/reactor-netty/pom.xml +++ b/standardization/moher-api/server-adapters/reactor-netty/pom.xml @@ -25,7 +25,7 @@ dcaegen2-sdk-moher-server-adapters org.onap.dcaegen2.services.sdk - 1.8.9-SNAPSHOT + ${revision} Monitoring and Healthcheck :: Server Adapters :: Reactor Netty diff --git a/standardization/moher-api/server-adapters/spring-webflux/pom.xml b/standardization/moher-api/server-adapters/spring-webflux/pom.xml index b71aa43b..4fea8dbd 100644 --- a/standardization/moher-api/server-adapters/spring-webflux/pom.xml +++ b/standardization/moher-api/server-adapters/spring-webflux/pom.xml @@ -25,7 +25,7 @@ dcaegen2-sdk-moher-server-adapters org.onap.dcaegen2.services.sdk - 1.8.9-SNAPSHOT + ${revision} Monitoring and Healthcheck :: Server Adapters :: Spring Webflux @@ -45,6 +45,7 @@ org.springframework spring-webflux + org.onap.dcaegen2.services.sdk diff --git a/standardization/pom.xml b/standardization/pom.xml index 193c080d..af0ec538 100644 --- a/standardization/pom.xml +++ b/standardization/pom.xml @@ -21,7 +21,7 @@ language governing permissions and limitations under the License. org.onap.dcaegen2.services sdk - 1.8.9-SNAPSHOT + ${revision} .. @@ -37,4 +37,8 @@ language governing permissions and limitations under the License. moher-api + + -changelog-missing + + diff --git a/version.properties b/version.properties index 4ae65b7e..51dd6a7c 100644 --- a/version.properties +++ b/version.properties @@ -1,6 +1,6 @@ major=1 minor=8 -patch=9 +patch=10 base_version=${major}.${minor}.${patch} release_version=${base_version} snapshot_version=${base_version}-SNAPSHOT -- 2.16.6