Skip to content

Commit

Permalink
Merge pull request #1527 from QuorumEx/azure-23.4.0-CVEs
Browse files Browse the repository at this point in the history
Upgrade dependencies
  • Loading branch information
Krish1979 authored Apr 26, 2024
2 parents 011d7b0 + 9b2c65a commit f0be97e
Show file tree
Hide file tree
Showing 18 changed files with 44 additions and 44 deletions.
18 changes: 9 additions & 9 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,15 @@ plugins {
}

ext {
jettyVersion = "11.0.11"
jettyVersion = "11.0.20"
eclipselinkVersion = "3.0.2"
swaggerVersion = "2.1.13"
jerseyVersion = "3.0.4"
slf4jVersion = "1.7.36"
logbackVersion = "1.2.11"
logbackVersion = "1.2.13"
hk2Version = "3.0.2"
jacksonVersion = "2.14.2"
jacksonDatabindVersion = "2.14.2"
jacksonVersion = "2.16.2"
jacksonDatabindVersion = "2.16.2"
}

allprojects {
Expand Down Expand Up @@ -68,7 +68,7 @@ allprojects {
testImplementation "nl.jqno.equalsverifier:equalsverifier:3.7.1"
testImplementation "com.mockrunner:mockrunner-jdbc:2.0.4"

implementation "org.yaml:snakeyaml:1.33" // transitive dependency of jackson-databind:2.13.3
implementation 'org.yaml:snakeyaml:2.0' // transitive dependency of jackson-databind:2.13.3

implementation "commons-cli:commons-cli:1.5.0"
implementation "commons-codec:commons-codec:1.15"
Expand Down Expand Up @@ -108,22 +108,22 @@ allprojects {
implementation "org.eclipse.jetty:jetty-http:$jettyVersion"
implementation "org.eclipse.jetty:jetty-util:$jettyVersion"

implementation "org.cryptacular:cryptacular:1.2.4"
implementation "org.cryptacular:cryptacular:1.2.6"
implementation "eu.neilalexander:jnacl:1.0.0"

implementation("io.swagger.core.v3:swagger-annotations-jakarta:$swaggerVersion")
implementation("io.swagger.core.v3:swagger-core-jakarta:$swaggerVersion") //implementation "io.swagger.parser.v3:swagger-parser-jakarta:$swaggerVersion"
implementation('io.swagger.parser.v3:swagger-parser-v3:2.0.27')
implementation "io.swagger.core.v3:swagger-jaxrs2-jakarta:$swaggerVersion"

implementation "org.bouncycastle:bcpkix-jdk15on:1.68"
implementation "org.bouncycastle:bcprov-jdk15on:1.68"
implementation "org.bouncycastle:bcpkix-jdk18on:1.78"
implementation "org.bouncycastle:bcprov-jdk18on:1.78"

implementation "com.h2database:h2:2.1.214"
implementation "com.zaxxer:HikariCP:5.0.1"

implementation "org.hsqldb:hsqldb:2.7.1"
implementation "org.xerial:sqlite-jdbc:3.30.1"
implementation "org.xerial:sqlite-jdbc:3.45.1.0"

api 'org.eclipse.jetty.toolchain:jetty-jakarta-servlet-api:5.0.2'
api "jakarta.ws.rs:jakarta.ws.rs-api:3.0.0"
Expand Down
17 changes: 5 additions & 12 deletions cvss-suppressions.xml
Original file line number Diff line number Diff line change
Expand Up @@ -27,17 +27,6 @@
</suppress>
<suppress>
<notes><![CDATA[
file name: snakeyaml-1.33.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org.yaml/snakeyaml@1.33</packageUrl>
<cve>CVE-2022-41854</cve>
<cve>CVE-2022-3064</cve>
<cve>CVE-2022-38752</cve>
<cve>CVE-2022-1471</cve>
<cve>CVE-2021-4235</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: commons-io-2.11.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/commons-io/commons-io@2.11.0</packageUrl>
Expand All @@ -63,26 +52,30 @@
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.glassfish/jakarta\.json@.*$</packageUrl>
<cve>CVE-2022-45688</cve>
<cve>CVE-2023-5072</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: jsonp-jaxrs-2.0.1.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.glassfish/jsonp-jaxrs@.*$</packageUrl>
<cve>CVE-2022-45688</cve>
<cve>CVE-2023-5072</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: jakarta.json-api-2.0.1.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/jakarta\.json/jakarta\.json-api@.*$</packageUrl>
<cve>CVE-2022-45688</cve>
<cve>CVE-2023-5072</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: jackson-core-2.14.2.jar
file name: jackson-core-2.16.2.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson-core@.*$</packageUrl>
<cve>CVE-2022-45688</cve>
<cve>CVE-2023-5072</cve>
</suppress>
</suppressions>
2 changes: 1 addition & 1 deletion enclave/enclave-api/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ dependencies {
implementation project(":encryption:encryption-api")
implementation project(":shared")
implementation project(":key-vault:key-vault-api")
implementation "org.bouncycastle:bcpkix-jdk15on"
implementation "org.bouncycastle:bcpkix-jdk18on"

implementation "com.fasterxml.jackson.core:jackson-databind:$jacksonDatabindVersion"
implementation "com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:$jacksonVersion"
Expand Down
4 changes: 2 additions & 2 deletions enclave/enclave-jaxrs/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -61,8 +61,8 @@ dependencies {
implementation "org.glassfish.jersey.media:jersey-media-json-processing"
runtimeOnly "org.glassfish.jersey.media:jersey-media-moxy"
runtimeOnly "com.sun.mail:jakarta.mail"
implementation "org.bouncycastle:bcprov-jdk15on"
implementation "org.bouncycastle:bcpkix-jdk15on"
implementation "org.bouncycastle:bcprov-jdk18on"
implementation "org.bouncycastle:bcpkix-jdk18on"
implementation project(":server:jersey-server")


Expand Down
2 changes: 1 addition & 1 deletion encryption/encryption-api/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,5 @@ plugins {

dependencies {
implementation project(":shared")
testImplementation "org.bouncycastle:bcpkix-jdk15on"
testImplementation "org.bouncycastle:bcpkix-jdk18on"
}
2 changes: 1 addition & 1 deletion encryption/encryption-ec/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,5 @@ plugins {

dependencies {
implementation project(":encryption:encryption-api")
implementation "org.bouncycastle:bcpkix-jdk15on"
implementation "org.bouncycastle:bcpkix-jdk18on"
}
2 changes: 1 addition & 1 deletion key-generation/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,6 @@ dependencies {
implementation project(":config")
implementation project(":shared")
implementation project(":key-vault:key-vault-api")
implementation "org.bouncycastle:bcprov-jdk15on"
implementation "org.bouncycastle:bcprov-jdk18on"
testRuntimeOnly project(":encryption:encryption-ec")
}
10 changes: 5 additions & 5 deletions key-vault/azure-key-vault/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -21,17 +21,17 @@ dependencies {
implementation project(":config")
implementation project(":key-vault:key-vault-api")

implementation ("com.azure:azure-security-keyvault-secrets:4.4.2") {
implementation ("com.azure:azure-security-keyvault-secrets:4.8.2") {
exclude group: 'com.azure', module: 'azure-core-http-netty'
}
implementation("com.azure:azure-identity:1.5.1") {
implementation("com.azure:azure-identity:1.11.4") {
exclude group: 'com.azure', module: 'azure-core-http-netty'
}
implementation("com.azure:azure-core:1.29.1") {
implementation("com.azure:azure-core:1.37.0") {
exclude group: 'com.azure', module: 'azure-core-http-netty'
}
implementation 'com.azure:azure-core-http-okhttp:1.10.1'
implementation 'com.squareup.okio:okio:3.1.0'
implementation 'com.azure:azure-core-http-okhttp:1.11.0'
implementation 'com.squareup.okio:okio:3.4.0'

testImplementation "org.glassfish:jakarta.json"

Expand Down
10 changes: 8 additions & 2 deletions security/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,17 @@ plugins {
id "java-library"
}

configurations.all {
resolutionStrategy {
force 'org.bouncycastle:bcprov-jdk18on:1.78'
}
}

dependencies {
implementation project(":config")
implementation project(":shared")
implementation "org.bouncycastle:bcpkix-jdk15on"
implementation "org.bouncycastle:bcprov-jdk15on"
implementation "org.bouncycastle:bcpkix-jdk18on"
implementation "org.bouncycastle:bcprov-jdk18on"

implementation "org.cryptacular:cryptacular"
implementation "jakarta.xml.bind:jakarta.xml.bind-api"
Expand Down
2 changes: 1 addition & 1 deletion tessera-core/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ dependencies {
implementation "jakarta.transaction:jakarta.transaction-api"
implementation "jakarta.annotation:jakarta.annotation-api"

implementation "org.bouncycastle:bcpkix-jdk15on"
implementation "org.bouncycastle:bcpkix-jdk18on"

testImplementation project(":cli:cli-api")

Expand Down
2 changes: 1 addition & 1 deletion tessera-data/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ dependencies {
implementation project(":encryption:encryption-api")
implementation project(":eclipselink-utils")
implementation "jakarta.transaction:jakarta.transaction-api"
implementation "org.bouncycastle:bcprov-jdk15on"
implementation "org.bouncycastle:bcprov-jdk18on"
implementation "jakarta.validation:jakarta.validation-api"
runtimeOnly "com.h2database:h2"
implementation "com.zaxxer:HikariCP"
Expand Down
2 changes: 1 addition & 1 deletion tessera-dist/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ dependencies {

implementation project(":tessera-context")

implementation "org.bouncycastle:bcpkix-jdk15on"
implementation "org.bouncycastle:bcpkix-jdk18on"
implementation "jakarta.inject:jakarta.inject-api"

implementation "org.glassfish.jersey.core:jersey-common"
Expand Down
2 changes: 1 addition & 1 deletion tessera-jaxrs/openapi/generate/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ plugins {

configurations.all {
resolutionStrategy {
force 'org.yaml:snakeyaml:1.33', 'com.fasterxml.jackson.core:jackson-databind:2.14.0-rc1'
force 'org.yaml:snakeyaml:2.0', 'com.fasterxml.jackson.core:jackson-databind:2.16.2'
}
}

Expand Down
2 changes: 1 addition & 1 deletion tessera-jaxrs/sync-jaxrs/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ plugins {

configurations.all {
resolutionStrategy {
force 'org.yaml:snakeyaml:1.33', 'com.fasterxml.jackson.core:jackson-databind:2.14.0-rc1'
force 'org.yaml:snakeyaml:2.0', 'com.fasterxml.jackson.core:jackson-databind:2.16.2'
}
}

Expand Down
2 changes: 1 addition & 1 deletion tessera-jaxrs/thirdparty-jaxrs/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ plugins {

configurations.all {
resolutionStrategy {
force 'org.yaml:snakeyaml:1.33', 'com.fasterxml.jackson.core:jackson-databind:2.14.0-rc1'
force 'org.yaml:snakeyaml:2.0', 'com.fasterxml.jackson.core:jackson-databind:2.16.2'
}
}

Expand Down
2 changes: 1 addition & 1 deletion tessera-jaxrs/transaction-jaxrs/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ plugins {

configurations.all {
resolutionStrategy {
force 'org.yaml:snakeyaml:1.33', 'com.fasterxml.jackson.core:jackson-databind:2.14.0-rc1'
force 'org.yaml:snakeyaml:2.0', 'com.fasterxml.jackson.core:jackson-databind:2.16.2'
}
}

Expand Down
6 changes: 3 additions & 3 deletions tests/acceptance-test/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,8 @@ dependencies {
testImplementation "com.github.jnr:jnr-unixsocket"
testImplementation "org.glassfish:jakarta.el"

testImplementation "org.bouncycastle:bcpkix-jdk15on"
testImplementation "org.bouncycastle:bcprov-jdk15on"
testImplementation "org.bouncycastle:bcpkix-jdk18on"
testImplementation "org.bouncycastle:bcprov-jdk18on"


testRuntimeOnly "org.eclipse.persistence:org.eclipse.persistence.moxy"
Expand All @@ -70,7 +70,7 @@ dependencies {

testImplementation "org.eclipse.jetty:jetty-servlet"

testImplementation "org.yaml:snakeyaml"
implementation "org.yaml:snakeyaml"

}

Expand Down
1 change: 1 addition & 0 deletions tests/acceptance-test/src/main/java/module-info.java
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,5 @@
requires jdk.httpserver;
requires java.net.http;
requires jakarta.json;
requires org.yaml.snakeyaml;
}

0 comments on commit f0be97e

Please sign in to comment.