Code Review / dmaap / dbcapi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Add snapshot exclusions for aaf
[dmaap/dbcapi.git] / pom.xml
diff --git a/pom.xml b/pom.xml
index 1cf8e7f..d9aeb55 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -152,6 +152,36 @@
                  </dependencies>
                </plugin>
 
+               <!-- prevent SNAPSHOT dependencies -->
+               <plugin>
+                       <groupId>org.apache.maven.plugins</groupId>
+                       <artifactId>maven-enforcer-plugin</artifactId>
+                       <executions>
+                               <execution>
+                                       <id>enforce-no-snapshots</id>
+                                       <goals>
+                                               <goal>enforce</goal>
+                                       </goals>
+                                       <configuration>
+                                               <rules>
+                                                       <requireReleaseDeps>
+                                                               <message>No Snapshots Allowed!</message>
+                                                               <excludes>
+                                                                       <exclude>org.onap.aaf.authz:aaf-cadi-client</exclude>
+                                                                       <exclude>org.onap.aaf.authz:aaf-misc-env</exclude>
+                                                                       <exclude>org.onap.aaf.authz:aaf-cadi-aaf</exclude>
+                                                                       <exclude>org.onap.aaf.authz:aaf-auth-client</exclude>
+                                                                       <exclude>org.onap.aaf.authz:aaf-cadi-core</exclude>
+                                                                       <exclude>org.onap.aaf.authz:aaf-misc-rosetta</exclude>
+                                                               </excludes>
+                                                       </requireReleaseDeps>
+                                               </rules>
+                                               <fail>true</fail>
+                                       </configuration>
+                               </execution>
+                       </executions>
+               </plugin>
+
                </plugins>
                <pluginManagement>
                        <plugins>
@@ -207,15 +237,6 @@
                        <artifactId>jackson-annotations</artifactId>
                        <version>${jackson.version}</version>
                </dependency>
-               <dependency>
-                       <groupId>com.fasterxml.jackson.core</groupId>
-                       <artifactId>jackson-databind</artifactId>
-<!-- for DMAAP-205, a point release on the common version
-        addresses a security issue.  Note the add notation here
-                       <version>${jackson.version}.1</version>
-  -->
-                       <version>${jackson.version}</version>
-               </dependency>
                <dependency>
                        <groupId>com.fasterxml.jackson.dataformat</groupId>
                        <artifactId>jackson-dataformat-yaml</artifactId>
@@ -232,16 +253,19 @@
                        <version>1.2.0</version>
                </dependency>
 <!-- DMAAP-656:
-   - removed this dependency because it utilized a third party
-   - lib called com.google.guava:20.0 which had severe threat identified.
-   - build code without this dependency and it seemed to work, so perhaps it
-   - is not needed?
+   - override this dependency because it utilized a third party
+   - lib called com.google.guava:20.0 which had severe security threat identified.
+ -->
+               <dependency>
+                       <groupId>com.google.guava</groupId>
+                       <artifactId>guava</artifactId>
+                       <version>24.1.1-jre</version>
+               </dependency>
                <dependency>
                        <groupId>io.swagger</groupId>
                        <artifactId>swagger-core</artifactId>
                        <version>${swagger.version}</version>
                </dependency>
- -->
                <dependency>
                        <groupId>io.swagger</groupId>
                        <artifactId>swagger-jersey2-jaxrs</artifactId>
Provides a northbound REST API to ONAP clients to manage DMaaP resources. This includes DMaaP components such as MR and DR, as well as provisioning of topics and feeds. Southbound, it communicates with the respective component APIs.