directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smoy...@apache.org
Subject [directory-scimple] branch develop updated: SCIMPLE-87 - Update dependencies
Date Thu, 23 Jan 2020 15:51:19 GMT
This is an automated email from the ASF dual-hosted git repository.

smoyer1 pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/directory-scimple.git


The following commit(s) were added to refs/heads/develop by this push:
     new 3a21dda  SCIMPLE-87 - Update dependencies
     new 6ac2726  Merge pull request #24 from ccrvincent/develop
3a21dda is described below

commit 3a21ddaf1d6223fa52740fa1073a97af38dbe60e
Author: Chad Vincent <ccrvincent@gmail.com>
AuthorDate: Thu Jan 23 09:36:11 2020 -0600

    SCIMPLE-87 - Update dependencies
    
    Update dependencies with CVEs or that block building on a Java 11 JDK.
---
 pom.xml                                | 12 ++++++------
 scim-server/scim-server-common/pom.xml |  2 +-
 scim-spec/scim-spec-protocol/pom.xml   |  2 +-
 scim-spec/scim-spec-schema/pom.xml     |  2 +-
 src/owasp/suppression.xml              | 15 ++++++++++++++-
 5 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/pom.xml b/pom.xml
index ca22106..5b290c0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -36,8 +36,8 @@
     <maven.compiler.source>8</maven.compiler.source>
     <maven.compiler.target>8</maven.compiler.target>
 
-    <version.jackson>2.9.5</version.jackson>
-    <version.lombok>1.16.14</version.lombok>
+    <version.jackson>2.10.1</version.jackson>
+    <version.lombok>1.18.10</version.lombok>
     <version.lombok.plugin>${version.lombok}.0</version.lombok.plugin>
     <version.restfuse>1.2.0</version.restfuse>
   </properties>
@@ -142,7 +142,7 @@
       <dependency>
         <groupId>edu.psu.swe.commons</groupId>
         <artifactId>commons-jaxrs</artifactId>
-        <version>1.31</version>
+        <version>1.40</version>
       </dependency>
       <dependency>
         <groupId>javax</groupId>
@@ -156,7 +156,7 @@
         <version>2.0.1</version>
       </dependency>
       <dependency>
-        <groupId>javax.xml</groupId>
+        <groupId>javax.xml.bind</groupId>
         <artifactId>jaxb-api</artifactId>
         <version>2.1</version>
       </dependency>
@@ -330,7 +330,7 @@
         <plugin>
           <groupId>org.owasp</groupId>
           <artifactId>dependency-check-maven</artifactId>
-          <version>3.3.1</version>
+          <version>5.3.0</version>
           <configuration>
             <failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>
             <suppressionFile>${session.executionRootDirectory}/src/owasp/suppression.xml</suppressionFile>
@@ -456,7 +456,7 @@
           <plugin>
             <groupId>org.jacoco</groupId>
             <artifactId>jacoco-maven-plugin</artifactId>
-            <version>0.8.1</version>
+            <version>0.8.5</version>
           </plugin>
       </plugins>
     </pluginManagement>
diff --git a/scim-server/scim-server-common/pom.xml b/scim-server/scim-server-common/pom.xml
index b3dbfe7..5b7940b 100644
--- a/scim-server/scim-server-common/pom.xml
+++ b/scim-server/scim-server-common/pom.xml
@@ -102,7 +102,7 @@
     <dependency>
       <groupId>io.swagger</groupId>
       <artifactId>swagger-jaxrs</artifactId>
-      <version>1.5.0</version>
+      <version>1.6.0</version>
       <exclusions>
 				<exclusion>
 					<groupId>com.fasterxml.jackson.dataformat</groupId>
diff --git a/scim-spec/scim-spec-protocol/pom.xml b/scim-spec/scim-spec-protocol/pom.xml
index ae4f89d..c1abc2c 100644
--- a/scim-spec/scim-spec-protocol/pom.xml
+++ b/scim-spec/scim-spec-protocol/pom.xml
@@ -37,7 +37,7 @@
 		<dependency>
 			<groupId>io.swagger</groupId>
 			<artifactId>swagger-jaxrs</artifactId>
-			<version>1.5.0</version>
+			<version>1.6.0</version>
 			<exclusions>
 				<exclusion>
 					<groupId>com.fasterxml.jackson.dataformat</groupId>
diff --git a/scim-spec/scim-spec-schema/pom.xml b/scim-spec/scim-spec-schema/pom.xml
index 1879e80..aff71ae 100644
--- a/scim-spec/scim-spec-schema/pom.xml
+++ b/scim-spec/scim-spec-schema/pom.xml
@@ -29,7 +29,7 @@
 
 	<dependencies>
 		<dependency>
-			<groupId>javax.xml</groupId>
+			<groupId>javax.xml.bind</groupId>
 			<artifactId>jaxb-api</artifactId>
 		</dependency>
 		<dependency>
diff --git a/src/owasp/suppression.xml b/src/owasp/suppression.xml
index e8dcf99..808f94d 100644
--- a/src/owasp/suppression.xml
+++ b/src/owasp/suppression.xml
@@ -15,7 +15,7 @@
  KIND, either express or implied.  See the License for the
  specific language governing permissions and limitations
  under the License. -->
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
 
   <!-- Wrong GAV detection -->
   <suppress>
@@ -28,5 +28,18 @@
    <gav regex="true">^org\.apache\.directory\.scim:.*$</gav>
    <cpe>cpe:/a:apache:http_server</cpe>
   </suppress>
+  <!-- Used by compliance test code. Jetty is a transitive dependency of Restfuse, which
has not been updated. -->
+  <suppress>
+   <notes><![CDATA[file name: jetty-http-9.4.8.v20180619.jar]]>
+   <![CDATA[file name: jetty-server-9.4.8.v20180619.jar]]></notes>
+   <vulnerabilityName>CVE-2017-7656</vulnerabilityName>
+   <vulnerabilityName>CVE-2017-7657</vulnerabilityName>
+   <vulnerabilityName>CVE-2017-7658</vulnerabilityName>
+   <vulnerabilityName>CVE-2018-12536</vulnerabilityName>
+   <vulnerabilityName>CVE-2018-12538</vulnerabilityName>
+   <vulnerabilityName>CVE-2018-12545</vulnerabilityName>
+   <vulnerabilityName>CVE-2019-10241</vulnerabilityName>
+   <vulnerabilityName>CVE-2019-10247</vulnerabilityName>
+  </suppress>
 
 </suppressions>


Mime
View raw message