Upgrade vulnerable dependencies

author vasraz <vasyl.razinkov@est.tech>

Wed, 22 Mar 2023 23:14:29 +0000 (23:14 +0000)

committer Vasyl Razinkov <vasyl.razinkov@est.tech>

Thu, 23 Mar 2023 10:05:13 +0000 (10:05 +0000)
author vasraz <vasyl.razinkov@est.tech>
Wed, 22 Mar 2023 23:14:29 +0000 (23:14 +0000)
committer Vasyl Razinkov <vasyl.razinkov@est.tech>
Thu, 23 Mar 2023 10:05:13 +0000 (10:05 +0000)
diff --git a/common-app-api/pom.xml b/common-app-api/pom.xml

index 7f137ac..7e4baae 100644 (file)
--- a/common-app-api/pom.xml
+++ b/common-app-api/pom.xml
@@ -334,7 +334,7 @@
          <dependency>
              <groupId>org.codehaus.jettison</groupId>
              <artifactId>jettison</artifactId>
-            <version>1.3.3</version>
+            <version>1.5.3</version>
          </dependency>
  
          <dependency>
diff --git a/common-be-tests-utils/pom.xml b/common-be-tests-utils/pom.xml

index aa67b00..aeca546 100644 (file)
--- a/common-be-tests-utils/pom.xml
+++ b/common-be-tests-utils/pom.xml
@@ -28,6 +28,10 @@
                      <groupId>com.squareup.okhttp3</groupId>
                      <artifactId>okhttp</artifactId>
                  </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-annotations</artifactId>
+                </exclusion>
              </exclusions>
          </dependency>
          <dependency>
diff --git a/common-be/pom.xml b/common-be/pom.xml

index 0a57575..7432148 100644 (file)
--- a/common-be/pom.xml
+++ b/common-be/pom.xml
@@ -32,6 +32,10 @@
                      <groupId>com.squareup.okhttp3</groupId>
                      <artifactId>okhttp</artifactId>
                  </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-annotations</artifactId>
+                </exclusion>
              </exclusions>
          </dependency>
          <dependency>
diff --git a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMap.java b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMap.java

new file mode 100644 (file)

index 0000000..52cda76
--- /dev/null
+++ b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMap.java
@@ -0,0 +1,55 @@
+/*
+ * ============LICENSE_START=======================================================
+ * SDC
+ * ================================================================================
+ * Copyright (C) 2023 Nordix Foundation. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.sdc.tosca.services;
+
+import java.util.AbstractMap;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Set;
+import lombok.NoArgsConstructor;
+
+@NoArgsConstructor
+public class StrictMap extends AbstractMap {
+
+    private Map<Object, Object> delegate;
+
+    public StrictMap(Map<Object, Object> delegate) {
+        this.delegate = delegate;
+    }
+
+    @Override
+    public Object put(Object key, Object value) {
+        if (delegate == null) {
+            delegate = new LinkedHashMap<>();
+        }
+        if (delegate.containsKey(key)) {
+            throw new IllegalStateException("duplicate key: " + key);
+        }
+        return delegate.put(key, value);
+    }
+
+    @Override
+    public Set<Entry<Object, Object>> entrySet() {
+        if (delegate == null) {
+            delegate = new LinkedHashMap<>();
+        }
+        return delegate.entrySet();
+    }
+}
diff --git a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java

index 678ba00..08af90a 100644 (file)
--- a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java
+++ b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java
@@ -19,9 +19,7 @@
   */
  package org.onap.sdc.tosca.services;
  
-import java.util.AbstractMap;
  import java.util.Map;
-import java.util.Set;
  import org.yaml.snakeyaml.constructor.Constructor;
  import org.yaml.snakeyaml.nodes.MappingNode;
  import org.yaml.snakeyaml.parser.ParserException;
@@ -39,21 +37,7 @@ public class StrictMapAppenderConstructor extends Constructor {
  
      @Override
      protected Map<Object, Object> createDefaultMap(int initSize) {
-        final Map<Object, Object> delegate = super.createDefaultMap(initSize);
-        return new AbstractMap<>() {
-            @Override
-            public Object put(Object key, Object value) {
-                if (delegate.containsKey(key)) {
-                    throw new IllegalStateException("duplicate key: " + key);
-                }
-                return delegate.put(key, value);
-            }
-
-            @Override
-            public Set<Entry<Object, Object>> entrySet() {
-                return delegate.entrySet();
-            }
-        };
+        return new StrictMap(super.createDefaultMap(initSize));
      }
  
      @Override
@@ -64,4 +48,5 @@ public class StrictMapAppenderConstructor extends Constructor {
              throw new ParserException("while parsing MappingNode", node.getStartMark(), exception.getMessage(), node.getEndMark());
          }
      }
+
  }
diff --git a/integration-tests/pom.xml b/integration-tests/pom.xml

index eea5c5a..3b47304 100644 (file)
--- a/integration-tests/pom.xml
+++ b/integration-tests/pom.xml
@@ -55,7 +55,7 @@ limitations under the License.
          <it.helm-validator.version>1.3.1</it.helm-validator.version>
  
          <!-- parser-->
-        <sdc-tosca-parser.version>1.7.0</sdc-tosca-parser.version>
+        <sdc-tosca-parser.version>1.8.0</sdc-tosca-parser.version>
          <docker.showLogs>false</docker.showLogs>
      </properties>
  
diff --git a/pom.xml b/pom.xml

index a211a0d..ba2b8a7 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -47,7 +47,7 @@ Modifications copyright (c) 2018-2019 Nokia
          <lang3.version>3.10</lang3.version>
          <guava.version>30.1-jre</guava.version>
          <janusgraph.version>0.3.3</janusgraph.version>
-        <spring.version>5.3.20</spring.version>
+        <spring.version>5.3.25</spring.version>
          <spring.boot.version>2.2.13.RELEASE</spring.boot.version>
  
          <!-- update to 2.36 bring error-->
@@ -91,14 +91,14 @@ Modifications copyright (c) 2018-2019 Nokia
          <keycloak.version>18.0.0</keycloak.version>
  
          <!-- JSON and YAML Parsing -->
-        <jackson.version>2.12.7</jackson.version>
+        <jackson.version>2.14.2</jackson.version>
          <jackson-annotations.version>${jackson.version}</jackson-annotations.version>
  
          <clearspring.version>2.1.1</clearspring.version>
          <skipYamlJsonValidator>false</skipYamlJsonValidator>
  
          <!-- Yaml for properties -->
-        <snakeyaml.version>1.29</snakeyaml.version>
+        <snakeyaml.version>1.33</snakeyaml.version>
          <functionaljava.version>4.9</functionaljava.version>
          <httpclient.version>4.5.13</httpclient.version>
          <httpcore.version>4.4.15</httpcore.version>
@@ -172,12 +172,12 @@ Modifications copyright (c) 2018-2019 Nokia
          <sitePath>/content/sites/site/org/openecomp/sdc/${project.version}</sitePath>
          <staging.profile.id>176c31dfe190a</staging.profile.id>
          <!--togglz version-->
-        <togglz.version>2.6.1.Final</togglz.version>
+        <togglz.version>3.3.3</togglz.version>
  
          <joda.time.version>2.9.9</joda.time.version>
  
          <!--sdc-security-utils-->
-        <security.util.lib.version>1.7.1</security.util.lib.version>
+        <security.util.lib.version>1.8.0</security.util.lib.version>
          <!--jacoco-->
          <jacoco.version>0.8.7</jacoco.version>
  
@@ -337,6 +337,18 @@ Modifications copyright (c) 2018-2019 Nokia
                      <groupId>org.bouncycastle</groupId>
                      <artifactId>*</artifactId>
                  </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-databind</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-annotations</artifactId>
+                </exclusion>
              </exclusions>
          </dependency>
          <dependency>
@@ -353,6 +365,18 @@ Modifications copyright (c) 2018-2019 Nokia
                      <groupId>org.bouncycastle</groupId>
                      <artifactId>*</artifactId>
                  </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-databind</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-annotations</artifactId>
+                </exclusion>
              </exclusions>
          </dependency>
          <dependency>
@@ -364,6 +388,14 @@ Modifications copyright (c) 2018-2019 Nokia
                      <groupId>org.bouncycastle</groupId>
                      <artifactId>*</artifactId>
                  </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-databind</artifactId>
+                </exclusion>
              </exclusions>
          </dependency>
          <dependency>
diff --git a/utils/webseal-simulator/pom.xml b/utils/webseal-simulator/pom.xml

index d9790e4..73f22ef 100644 (file)
--- a/utils/webseal-simulator/pom.xml
+++ b/utils/webseal-simulator/pom.xml
@@ -65,6 +65,14 @@
                      <groupId>org.apache.httpcomponents</groupId>
                      <artifactId>httpcore</artifactId>
                  </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-databind</artifactId>
+                </exclusion>
              </exclusions>
          </dependency>
author	vasraz <vasyl.razinkov@est.tech>
	Wed, 22 Mar 2023 23:14:29 +0000 (23:14 +0000)
committer	Vasyl Razinkov <vasyl.razinkov@est.tech>
	Thu, 23 Mar 2023 10:05:13 +0000 (10:05 +0000)
common-app-api/pom.xml		patch \| blob \| history
common-be-tests-utils/pom.xml		patch \| blob \| history
common-be/pom.xml		patch \| blob \| history
common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMap.java	[new file with mode: 0644]	patch \| blob
common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java		patch \| blob \| history
integration-tests/pom.xml		patch \| blob \| history
pom.xml		patch \| blob \| history
utils/webseal-simulator/pom.xml		patch \| blob \| history