From dd6a7438d0b312c6cea18bf44ca2f86e55b5b943 Mon Sep 17 00:00:00 2001 From: HuabingZhao Date: Fri, 19 Jan 2018 08:24:26 +0000 Subject: [PATCH] Fix Nexus IQ security issue Update dependencies to latest versions. Issue-ID: MSB-131 Change-Id: I3659a189b3b7b898970ae6efe8bb8e6a61804046 Signed-off-by: HuabingZhao --- .../discovery-service/dependency-reduced-pom.xml | 2 +- sdclient/discovery-service/pom.xml | 283 ++++---- .../onap/msb/sdclient/wrapper/consul/Consul.java | 4 +- sdclient/discovery-standalone/pom.xml | 228 +++--- sdclient/pom.xml | 799 ++++++++++++++++----- 5 files changed, 855 insertions(+), 461 deletions(-) diff --git a/sdclient/discovery-service/dependency-reduced-pom.xml b/sdclient/discovery-service/dependency-reduced-pom.xml index 1200af2..bced298 100644 --- a/sdclient/discovery-service/dependency-reduced-pom.xml +++ b/sdclient/discovery-service/dependency-reduced-pom.xml @@ -73,7 +73,7 @@ junit junit - 4.11 + 4.12 test diff --git a/sdclient/discovery-service/pom.xml b/sdclient/discovery-service/pom.xml index d0e5991..982338d 100644 --- a/sdclient/discovery-service/pom.xml +++ b/sdclient/discovery-service/pom.xml @@ -1,160 +1,143 @@ - + + 4.0.0 - Copyright 2016-2017 ZTE, Inc. and others. + + org.onap.msb.discovery + sdclient + 1.1.0-SNAPSHOT + - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at + org.onap.msb.discovery.sdclient + discovery-service + onap/msb/discovery/sdclient/discovery-service + jar + 1.1.0-SNAPSHOT - http://www.apache.org/licenses/LICENSE-2.0 - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. + + + io.dropwizard + dropwizard-core + + + io.dropwizard + dropwizard-assets + + + io.dropwizard + dropwizard-client + ---> - - - org.onap.msb.discovery - sdclient - 1.1.0-SNAPSHOT - - 4.0.0 - org.onap.msb.discovery.sdclient - discovery-service - onap/msb/discovery/sdclient/discovery-service - jar - 1.1.0-SNAPSHOT - + + junit + junit + test + - - - io.dropwizard - dropwizard-core - - - io.dropwizard - dropwizard-assets - - - io.dropwizard - dropwizard-client - - - io.swagger - swagger-jersey2-jaxrs - compile - - - - org.projectlombok - lombok - + + org.powermock + powermock-module-junit4 + 1.6.6 + test + - - junit - junit - test - + + org.powermock + powermock-api-mockito + 1.6.6 + test + + + javax.servlet + javax.servlet-api + + + io.swagger + swagger-annotations + 1.5.8 + + + io.swagger + swagger-jaxrs + 1.5.8 + + + com.google.guava + guava + ${guava.version} + - - org.powermock - powermock-module-junit4 - test - - - - org.powermock - powermock-api-mockito - test - - - - - - - org.apache.maven.plugins - maven-jar-plugin - 2.4 - - - - true - - - - - - org.apache.maven.plugins - maven-shade-plugin - 2.3 - - true - - - *:* - - META-INF/*.SF - META-INF/*.DSA - META-INF/*.RSA - - - - - - - package - - shade - - - - - - org.onap.msb.sdclient.DiscoverApp - - - - - - - - - - - src/main/java - - **/*.properties - - - - src/main/resources - - - + + + + + org.apache.maven.plugins + maven-jar-plugin + 2.4 + + + + true + + + + + + org.apache.maven.plugins + maven-shade-plugin + 2.3 + + true + + + *:* + + META-INF/*.SF + META-INF/*.DSA + META-INF/*.RSA + + + + + + + package + + shade + + + + + + org.onap.msb.sdclient.DiscoverApp + + + + + + + + + + src/main/java + + **/*.properties + + + + src/main/resources + + + diff --git a/sdclient/discovery-service/src/main/java/org/onap/msb/sdclient/wrapper/consul/Consul.java b/sdclient/discovery-service/src/main/java/org/onap/msb/sdclient/wrapper/consul/Consul.java index 51b6449..a8851fc 100644 --- a/sdclient/discovery-service/src/main/java/org/onap/msb/sdclient/wrapper/consul/Consul.java +++ b/sdclient/discovery-service/src/main/java/org/onap/msb/sdclient/wrapper/consul/Consul.java @@ -66,6 +66,8 @@ public class Consul { public boolean apply(final Class clazz) { return JacksonJaxbJsonProvider.class.isAssignableFrom(clazz); } + + }).first().isPresent()) { builder.register(JacksonJaxbJsonProvider.class); } @@ -197,7 +199,7 @@ public class Consul { */ public Builder withHostAndPort(HostAndPort hostAndPort) { try { - this.url = new URL("http", hostAndPort.getHostText(), hostAndPort.getPort(), ""); + this.url = new URL("http", hostAndPort.getHost(), hostAndPort.getPort(), ""); } catch (MalformedURLException e) { throw new RuntimeException(e); } diff --git a/sdclient/discovery-standalone/pom.xml b/sdclient/discovery-standalone/pom.xml index f1cacd9..7152336 100644 --- a/sdclient/discovery-standalone/pom.xml +++ b/sdclient/discovery-standalone/pom.xml @@ -1,126 +1,120 @@ - + + + org.onap.msb.discovery + sdclient + 1.1.0-SNAPSHOT + + 4.0.0 + org.onap.msb.discovery.sdclient + discovery-standalone + onap/msb/discovery/sdclient/discovery-standalone + pom + 1.1.0-SNAPSHOT - Copyright 2016-2017 ZTE, Inc. and others. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - ---> - - - org.onap.msb.discovery - sdclient - 1.1.0-SNAPSHOT - - 4.0.0 - org.onap.msb.discovery.sdclient - discovery-standalone - onap/msb/discovery/sdclient/discovery-standalone - pom - 1.1.0-SNAPSHOT - - - discovery-standalone - target/assembly/ - + + discovery-standalone + target/assembly/ + - - org.onap.msb.discovery.sdclient - discovery-service - ${project.version} - true - - + + org.onap.msb.discovery.sdclient + discovery-service + ${project.version} + true + + - - - - maven-resources-plugin - - - copy-resources - process-resources - - copy-resources - - - ${outputdir} - true - - - src/assembly/resources/ - false - - **/* - - - - true - - - - - - org.apache.maven.plugins - maven-dependency-plugin - 2.8 - - - copy-jar - - copy - - prepare-package - - - - org.onap.msb.discovery.sdclient - discovery-service - jar - true - ${outputdir}/discover/ - discovery-service.jar - - - - - - - - - org.apache.maven.plugins - maven-antrun-plugin - - - distribution - package - - run - - - - - - - - - - - - - + + + maven-resources-plugin + + + copy-resources + process-resources + + copy-resources + + + ${outputdir} + true + + + src/assembly/resources/ + false + + **/* + + + + true + + + + + + org.apache.maven.plugins + maven-dependency-plugin + 2.8 + + + copy-jar + + copy + + prepare-package + + + + org.onap.msb.discovery.sdclient + discovery-service + jar + true + ${outputdir}/discover/ + discovery-service.jar + + + + + + + + + org.apache.maven.plugins + maven-antrun-plugin + + + distribution + package + + run + + + + + + + + + + + + + + diff --git a/sdclient/pom.xml b/sdclient/pom.xml index 89caaf9..81b78bf 100644 --- a/sdclient/pom.xml +++ b/sdclient/pom.xml @@ -1,229 +1,220 @@ - + 4.0.0 - org.onap.msb.discovery - msb-discovery-parent - 1.1.0-SNAPSHOT + org.onap.msb.discovery + msb-discovery-parent + 1.1.0-SNAPSHOT - org.onap.msb.discovery + org.onap.msb.discovery sdclient 1.1.0-SNAPSHOT onap/msb/discovery/sdclient pom - + discovery-service discovery-standalone - UTF-8 - UTF-8 - - - - 1.7 - 1.7 - ${maven.compiler.source} - ${maven.compiler.target} - - - - 1.2.0 - 1.5.3 - 1.16.16 - - 9.2.9.v20150224 - 2.9.1 - 2.16 - 1.7.12 - 1.1.3 - - - - 18.0 - 1.2 - - 4.11 - 1.6.6 - + UTF-8 + UTF-8 + UTF-8 + UTF-8 + 1.2.2 + 23.5-jre + 2.25.1 + 2.9.3 + 9.4.8.v20171121 + 3.0.0.v201112011016 + 3.2.5 + 1.7.25 + 1.2.3 + 1.4.196 + - - - - com.google.guava - guava - ${guava.version} - - - - - javax.annotation - javax.annotation-api - ${annotation-api.version} - - - - - - com.fasterxml.jackson.jaxrs - jackson-jaxrs-base - ${jackson-version} - - - com.fasterxml.jackson.jaxrs - jackson-jaxrs-json-provider - ${jackson-version} - - - - com.fasterxml.jackson.datatype - jackson-datatype-guava - ${jackson-version} - - - - org.glassfish.jersey.core - jersey-client - ${jersey.version} - - - - junit - junit - ${junit.version} - test - - - org.powermock - powermock-module-junit4 - ${powermock.version} - test - - - - org.powermock - powermock-api-mockito - ${powermock.version} - test - - - + - io.dropwizard - dropwizard-core - ${dropwizard.version} + org.objenesis + objenesis + 2.6 - - io.dropwizard - dropwizard-assets - ${dropwizard.version} + org.apache.commons + commons-lang3 + 3.6 - - - io.dropwizard - dropwizard-client - ${dropwizard.version} + com.google.guava + guava + ${guava.version} - - io.swagger - swagger-jersey2-jaxrs - ${swagger.version} - compile + net.sourceforge.argparse4j + argparse4j + 0.7.0 - - org.projectlombok - lombok - ${lombok.version} + com.google.code.findbugs + jsr305 + 3.0.2 - - org.glassfish.jersey.media - jersey-media-multipart - ${jersey.version} + joda-time + joda-time + 2.9.9 - org.glassfish.jersey.containers - jersey-container-servlet-core - ${jersey.version} + org.hibernate + hibernate-validator + 5.4.2.Final - org.glassfish.jersey.core - jersey-common - ${jersey.version} + org.glassfish + javax.el + 3.0.0 + + + javax.servlet + javax.servlet-api + 3.1.0 + + + org.apache.httpcomponents + httpclient + 4.5.3 + + + commons-logging + commons-logging + + + + + org.apache.tomcat + tomcat-jdbc + 8.5.24 + + + com.h2database + h2 + ${h2.version} + + + org.jadira.usertype + usertype.core + 6.0.1.GA + + + org.slf4j + slf4j-api + + + org.joda + joda-money + + + org.apache.geronimo.specs + geronimo-jta_1.1_spec + + + + + org.hibernate + hibernate-core + 5.2.12.Final + + + org.jboss.logging + jboss-logging + + - - - com.fasterxml.jackson.core - jackson-core - ${jackson-version} + org.javassist + javassist + 3.22.0-GA - com.fasterxml.jackson.core - jackson-databind - 2.9.1 + com.fasterxml + classmate + 1.3.4 - com.fasterxml.jackson.core - jackson-annotations - ${jackson-version} + org.hsqldb + hsqldb + 2.4.0 - com.fasterxml.jackson.dataformat - jackson-dataformat-xml - ${jackson-version} + org.liquibase + liquibase-core + 3.5.3 + + + org.yaml + snakeyaml + + - com.fasterxml.jackson.dataformat - jackson-dataformat-yaml - ${jackson-version} + com.mattbertolini + liquibase-slf4j + 2.0.0 + + + org.slf4j + slf4j-api + + + org.liquibase + liquibase-core + + - com.fasterxml.jackson.module - jackson-module-jaxb-annotations - ${jackson-version} + net.jcip + jcip-annotations + 1.0 + + + com.github.spullara.mustache.java + compiler + 0.9.5 + + + com.google.guava + guava + + + + + org.freemarker + freemarker + 2.3.27-incubating + + + org.jdbi + jdbi + 2.78 - + org.eclipse.jetty - jetty-io + jetty-server ${jetty.version} @@ -233,69 +224,493 @@ org.eclipse.jetty - jetty-http + jetty-webapp ${jetty.version} org.eclipse.jetty - jetty-client + jetty-continuation ${jetty.version} - + org.eclipse.jetty - jetty-servlet + jetty-http + tests ${jetty.version} org.eclipse.jetty - jetty-security + jetty-alpn-openjdk8-server + ${jetty.version} + + + org.eclipse.jetty.http2 + http2-server + ${jetty.version} + + + org.eclipse.jetty.http2 + http2-client ${jetty.version} org.eclipse.jetty - jetty-server + jetty-client + ${jetty.version} + + + org.eclipse.jetty.http2 + http2-http-client-transport + ${jetty.version} + + + org.eclipse.jetty + jetty-alpn-openjdk8-client + ${jetty.version} + + + org.eclipse.jetty + jetty-alpn-conscrypt-server ${jetty.version} - + + org.eclipse.jetty.toolchain.setuid + jetty-setuid-java + 1.0.3 + + + org.eclipse.jetty + jetty-util + + + org.eclipse.jetty + jetty-server + + + + + + + com.fasterxml.jackson + jackson-bom + ${jackson.version} + pom + import + + + + + org.glassfish.jersey + jersey-bom + ${jersey.version} + pom + import + + + + + io.dropwizard.metrics + metrics-annotation + ${metrics3.version} + + + io.dropwizard.metrics + metrics-core + ${metrics3.version} + + + org.slf4j + slf4j-api + + + + + io.dropwizard.metrics + metrics-jvm + ${metrics3.version} + + + org.slf4j + slf4j-api + + + + + io.dropwizard.metrics + metrics-servlets + ${metrics3.version} + + + com.fasterxml.jackson.core + jackson-databind + + + org.slf4j + slf4j-api + + + + + io.dropwizard.metrics + metrics-healthchecks + ${metrics3.version} + + + org.slf4j + slf4j-api + + + + + io.dropwizard.metrics + metrics-logback + ${metrics3.version} + + + ch.qos.logback + logback-classic + + + org.slf4j + slf4j-api + + + + + io.dropwizard.metrics + metrics-jersey2 + ${metrics3.version} + + + org.glassfish.jersey.core + jersey-server + + + org.slf4j + slf4j-api + + + + + io.dropwizard.metrics + metrics-jetty9 + ${metrics3.version} + + + org.eclipse.jetty + jetty-server + + + org.slf4j + slf4j-api + + + + + io.dropwizard.metrics + metrics-httpclient + ${metrics3.version} + + + commons-logging + commons-logging + + + org.slf4j + slf4j-api + + + org.apache.httpcomponents + httpclient + + + + + io.dropwizard.metrics + metrics-jdbi + ${metrics3.version} + + + org.jdbi + jdbi + + + org.slf4j + slf4j-api + + + + + io.dropwizard.metrics + metrics-ganglia + ${metrics3.version} + + + org.slf4j + slf4j-api + + + + + io.dropwizard.metrics + metrics-graphite + ${metrics3.version} + + + org.slf4j + slf4j-api + + + + + org.slf4j slf4j-api ${slf4j.version} - + + org.slf4j + jul-to-slf4j + ${slf4j.version} + + + org.slf4j + log4j-over-slf4j + ${slf4j.version} + + + org.slf4j + jcl-over-slf4j + ${slf4j.version} + ch.qos.logback - logback-classic + logback-access ${logback.version} - - ch.qos.logback logback-core ${logback.version} + + ch.qos.logback + logback-classic + ${logback.version} + + + org.slf4j + slf4j-api + + + + + + + junit + junit + 4.12 + + + org.hamcrest + hamcrest-core + 1.3 + + + org.glassfish.jersey.test-framework + jersey-test-framework-core + ${jersey.version} + + + javax.servlet + javax.servlet-api + + + + + org.glassfish.jersey.test-framework.providers + jersey-test-framework-provider-grizzly2 + ${jersey.version} + + + javax.servlet + javax.servlet-api + + + + + org.glassfish.jersey.test-framework.providers + jersey-test-framework-provider-inmemory + ${jersey.version} + + + javax.servlet + javax.servlet-api + + + + + + + io.dropwizard + dropwizard-assets + ${dropwizard.version} + + + io.dropwizard + dropwizard-auth + ${dropwizard.version} + + + io.dropwizard + dropwizard-client + ${dropwizard.version} + + + io.dropwizard + dropwizard-configuration + ${dropwizard.version} + + + io.dropwizard + dropwizard-core + ${dropwizard.version} + + + io.dropwizard + dropwizard-db + ${dropwizard.version} + + + io.dropwizard + dropwizard-forms + ${dropwizard.version} + + + io.dropwizard + dropwizard-hibernate + ${dropwizard.version} + + + io.dropwizard + dropwizard-jackson + ${dropwizard.version} + + + io.dropwizard + dropwizard-jdbi + ${dropwizard.version} + + + io.dropwizard + dropwizard-jersey + ${dropwizard.version} + + + io.dropwizard + dropwizard-jetty + ${dropwizard.version} + + + io.dropwizard + dropwizard-lifecycle + ${dropwizard.version} + + + io.dropwizard + dropwizard-logging + ${dropwizard.version} + + + io.dropwizard + dropwizard-metrics + ${dropwizard.version} + + + io.dropwizard + dropwizard-metrics-ganglia + ${dropwizard.version} + + + io.dropwizard + dropwizard-metrics-graphite + ${dropwizard.version} + + + io.dropwizard + dropwizard-migrations + ${dropwizard.version} + + + io.dropwizard + dropwizard-request-logging + ${dropwizard.version} + + + io.dropwizard + dropwizard-servlets + ${dropwizard.version} + + + io.dropwizard + dropwizard-testing + ${dropwizard.version} + + + io.dropwizard + dropwizard-util + ${dropwizard.version} + + + io.dropwizard + dropwizard-validation + ${dropwizard.version} + + + io.dropwizard + dropwizard-views + ${dropwizard.version} + + + io.dropwizard + dropwizard-views-freemarker + ${dropwizard.version} + + + io.dropwizard + dropwizard-views-mustache + ${dropwizard.version} + + + io.dropwizard + dropwizard-http2 + ${dropwizard.version} + + + + - - -- 2.16.6