</dependencies>
</plugin>
+ <!-- prevent SNAPSHOT dependencies -->
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>enforce-no-snapshots</id>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <rules>
+ <requireReleaseDeps>
+ <message>No Snapshots Allowed!</message>
+ <excludes>
+ <exclude>org.onap.aaf.authz:aaf-cadi-client</exclude>
+ <exclude>org.onap.aaf.authz:aaf-misc-env</exclude>
+ <exclude>org.onap.aaf.authz:aaf-cadi-aaf</exclude>
+ <exclude>org.onap.aaf.authz:aaf-auth-client</exclude>
+ <exclude>org.onap.aaf.authz:aaf-cadi-core</exclude>
+ <exclude>org.onap.aaf.authz:aaf-misc-rosetta</exclude>
+ </excludes>
+ </requireReleaseDeps>
+ </rules>
+ <fail>true</fail>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
</plugins>
<pluginManagement>
<plugins>
<artifactId>jackson-annotations</artifactId>
<version>${jackson.version}</version>
</dependency>
- <dependency>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-databind</artifactId>
-<!-- for DMAAP-205, a point release on the common version
- addresses a security issue. Note the add notation here
- <version>${jackson.version}.1</version>
- -->
- <version>${jackson.version}</version>
- </dependency>
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-yaml</artifactId>
<version>1.2.0</version>
</dependency>
<!-- DMAAP-656:
- - removed this dependency because it utilized a third party
- - lib called com.google.guava:20.0 which had severe threat identified.
- - build code without this dependency and it seemed to work, so perhaps it
- - is not needed?
+ - override this dependency because it utilized a third party
+ - lib called com.google.guava:20.0 which had severe security threat identified.
+ -->
+ <dependency>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ <version>24.1.1-jre</version>
+ </dependency>
<dependency>
<groupId>io.swagger</groupId>
<artifactId>swagger-core</artifactId>
<version>${swagger.version}</version>
</dependency>
- -->
<dependency>
<groupId>io.swagger</groupId>
<artifactId>swagger-jersey2-jaxrs</artifactId>