You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2020/01/23 15:51:19 UTC
[directory-scimple] branch develop updated: SCIMPLE-87 - Update
dependencies
This is an automated email from the ASF dual-hosted git repository.
smoyer1 pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/directory-scimple.git
The following commit(s) were added to refs/heads/develop by this push:
new 3a21dda SCIMPLE-87 - Update dependencies
new 6ac2726 Merge pull request #24 from ccrvincent/develop
3a21dda is described below
commit 3a21ddaf1d6223fa52740fa1073a97af38dbe60e
Author: Chad Vincent <cc...@gmail.com>
AuthorDate: Thu Jan 23 09:36:11 2020 -0600
SCIMPLE-87 - Update dependencies
Update dependencies with CVEs or that block building on a Java 11 JDK.
---
pom.xml | 12 ++++++------
scim-server/scim-server-common/pom.xml | 2 +-
scim-spec/scim-spec-protocol/pom.xml | 2 +-
scim-spec/scim-spec-schema/pom.xml | 2 +-
src/owasp/suppression.xml | 15 ++++++++++++++-
5 files changed, 23 insertions(+), 10 deletions(-)
diff --git a/pom.xml b/pom.xml
index ca22106..5b290c0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -36,8 +36,8 @@
<maven.compiler.source>8</maven.compiler.source>
<maven.compiler.target>8</maven.compiler.target>
- <version.jackson>2.9.5</version.jackson>
- <version.lombok>1.16.14</version.lombok>
+ <version.jackson>2.10.1</version.jackson>
+ <version.lombok>1.18.10</version.lombok>
<version.lombok.plugin>${version.lombok}.0</version.lombok.plugin>
<version.restfuse>1.2.0</version.restfuse>
</properties>
@@ -142,7 +142,7 @@
<dependency>
<groupId>edu.psu.swe.commons</groupId>
<artifactId>commons-jaxrs</artifactId>
- <version>1.31</version>
+ <version>1.40</version>
</dependency>
<dependency>
<groupId>javax</groupId>
@@ -156,7 +156,7 @@
<version>2.0.1</version>
</dependency>
<dependency>
- <groupId>javax.xml</groupId>
+ <groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.1</version>
</dependency>
@@ -330,7 +330,7 @@
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
- <version>3.3.1</version>
+ <version>5.3.0</version>
<configuration>
<failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>
<suppressionFile>${session.executionRootDirectory}/src/owasp/suppression.xml</suppressionFile>
@@ -456,7 +456,7 @@
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
- <version>0.8.1</version>
+ <version>0.8.5</version>
</plugin>
</plugins>
</pluginManagement>
diff --git a/scim-server/scim-server-common/pom.xml b/scim-server/scim-server-common/pom.xml
index b3dbfe7..5b7940b 100644
--- a/scim-server/scim-server-common/pom.xml
+++ b/scim-server/scim-server-common/pom.xml
@@ -102,7 +102,7 @@
<dependency>
<groupId>io.swagger</groupId>
<artifactId>swagger-jaxrs</artifactId>
- <version>1.5.0</version>
+ <version>1.6.0</version>
<exclusions>
<exclusion>
<groupId>com.fasterxml.jackson.dataformat</groupId>
diff --git a/scim-spec/scim-spec-protocol/pom.xml b/scim-spec/scim-spec-protocol/pom.xml
index ae4f89d..c1abc2c 100644
--- a/scim-spec/scim-spec-protocol/pom.xml
+++ b/scim-spec/scim-spec-protocol/pom.xml
@@ -37,7 +37,7 @@
<dependency>
<groupId>io.swagger</groupId>
<artifactId>swagger-jaxrs</artifactId>
- <version>1.5.0</version>
+ <version>1.6.0</version>
<exclusions>
<exclusion>
<groupId>com.fasterxml.jackson.dataformat</groupId>
diff --git a/scim-spec/scim-spec-schema/pom.xml b/scim-spec/scim-spec-schema/pom.xml
index 1879e80..aff71ae 100644
--- a/scim-spec/scim-spec-schema/pom.xml
+++ b/scim-spec/scim-spec-schema/pom.xml
@@ -29,7 +29,7 @@
<dependencies>
<dependency>
- <groupId>javax.xml</groupId>
+ <groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
</dependency>
<dependency>
diff --git a/src/owasp/suppression.xml b/src/owasp/suppression.xml
index e8dcf99..808f94d 100644
--- a/src/owasp/suppression.xml
+++ b/src/owasp/suppression.xml
@@ -15,7 +15,7 @@
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License. -->
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<!-- Wrong GAV detection -->
<suppress>
@@ -28,5 +28,18 @@
<gav regex="true">^org\.apache\.directory\.scim:.*$</gav>
<cpe>cpe:/a:apache:http_server</cpe>
</suppress>
+ <!-- Used by compliance test code. Jetty is a transitive dependency of Restfuse, which has not been updated. -->
+ <suppress>
+ <notes><![CDATA[file name: jetty-http-9.4.8.v20180619.jar]]>
+ <![CDATA[file name: jetty-server-9.4.8.v20180619.jar]]></notes>
+ <vulnerabilityName>CVE-2017-7656</vulnerabilityName>
+ <vulnerabilityName>CVE-2017-7657</vulnerabilityName>
+ <vulnerabilityName>CVE-2017-7658</vulnerabilityName>
+ <vulnerabilityName>CVE-2018-12536</vulnerabilityName>
+ <vulnerabilityName>CVE-2018-12538</vulnerabilityName>
+ <vulnerabilityName>CVE-2018-12545</vulnerabilityName>
+ <vulnerabilityName>CVE-2019-10241</vulnerabilityName>
+ <vulnerabilityName>CVE-2019-10247</vulnerabilityName>
+ </suppress>
</suppressions>