Skip to content
This repository has been archived by the owner on Jan 12, 2024. It is now read-only.

Commit

Permalink
chore(dependency-management): Update dependencies to fix build. (#276)
Browse files Browse the repository at this point in the history
* chore(dependency-management): Update dependencies to fix build.
  • Loading branch information
tunderwood authored Nov 2, 2020
1 parent a7b1873 commit e35bfda
Show file tree
Hide file tree
Showing 7 changed files with 829 additions and 644 deletions.
6 changes: 3 additions & 3 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -128,9 +128,9 @@ subprojects {
mavenBom("org.springframework.boot:spring-boot-dependencies:${versions.springBoot}")
}
dependencies {
//upgrading tomcat manually until Spring-Boot 2.3.2 is released to resolve a security vulnerability
dependency 'org.apache.tomcat.embed:tomcat-embed-core:9.0.37'
dependency 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.37'
//upgrading tomcat manually until Spring-Boot 2.3.5 is released to resolve a security vulnerability
dependency 'org.apache.tomcat.embed:tomcat-embed-core:9.0.39'
dependency 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.39'
}
}

Expand Down
2 changes: 1 addition & 1 deletion cerberus-api-tests/cerberus-api-tests.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ repositories {

configurations.all {
resolutionStrategy {
force 'org.apache.ant:ant:1.10.8'
force 'org.apache.ant:ant:1.10.9'
}
}
dependencies {
Expand Down
1,224 changes: 591 additions & 633 deletions cerberus-dashboard/package-lock.json

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion cerberus-dashboard/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@
"eslint-loader": "1.3.0",
"eslint-plugin-react": "5.2.2",
"estraverse-fb": "1.3.1",
"react-scripts": "3.4.3",
"react-scripts": "3.4.4",
"redux-devtools": "3.3.1"
},
"browserslist": {
Expand Down
12 changes: 6 additions & 6 deletions cerberus-web/cerberus-web.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -42,23 +42,23 @@ dependencies {
implementation 'org.springframework.boot:spring-boot-starter-security'

// DB: Mybatis, Flyway, C3p0
implementation 'org.mybatis.spring.boot:mybatis-spring-boot-starter:2.1.1'
implementation 'org.mybatis:mybatis-spring:2.0.3'
implementation 'org.mybatis:mybatis:3.5.3'
implementation 'org.mybatis.spring.boot:mybatis-spring-boot-starter:2.1.2'
implementation 'org.mybatis:mybatis-spring:2.0.5'
implementation 'org.mybatis:mybatis:3.5.6'
implementation 'com.mchange:c3p0:0.9.5.4'
implementation 'mysql:mysql-connector-java:8.0.18'
implementation 'mysql:mysql-connector-java:8.0.22'
implementation 'org.flywaydb:flyway-core:5.2.4' // Can't upgrade this past this version until Aurora is upgraded to 5.7

// First secrets
implementation "com.netflix.spinnaker.kork:kork-secrets:${versions.kork}"

// Misc
implementation "com.netflix.hystrix:hystrix-core:1.5.12" // TODO remove hystrix and use resilience4j
implementation "com.netflix.hystrix:hystrix-core:1.5.18" // TODO remove hystrix and use resilience4j
implementation group: 'com.google.guava', name: 'guava', version: "${versions.guava}" // todo, pretty sure with Java 11, we can get ride of this, we mostly use this for the collection builders.
implementation 'com.google.code.gson:gson:2.8.1' // todo delete, should use jackson. see cipher text utils

// Secure File Mime Type
implementation group: 'org.apache.tika', name: 'tika-core', version: '1.22'
implementation group: 'org.apache.tika', name: 'tika-core', version: '1.24.1'

// AWS
implementation "com.amazonaws:aws-java-sdk-core:${versions.awsSdkVersion}"
Expand Down
21 changes: 21 additions & 0 deletions dependency-check-supressions.xml
Original file line number Diff line number Diff line change
Expand Up @@ -104,4 +104,25 @@
<packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib\-common@.*$</packageUrl>
<cve>CVE-2020-15824</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: mybatis-spring-2.0.5.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.mybatis/mybatis\-spring@.*$</packageUrl>
<cve>CVE-2020-26945</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: mybatis-spring-boot-autoconfigure-2.1.2.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.mybatis\.spring\.boot/mybatis\-spring\-boot\-autoconfigure@.*$</packageUrl>
<cpe>cpe:/a:mybatis:mybatis</cpe>
</suppress>
<suppress>
<notes><![CDATA[
file name: mybatis-spring-boot-starter-2.1.2.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.mybatis\.spring\.boot/mybatis\-spring\-boot\-starter@.*$</packageUrl>
<cpe>cpe:/a:mybatis:mybatis</cpe>
</suppress>
</suppressions>
Loading

0 comments on commit e35bfda

Please sign in to comment.