You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@plc4x.apache.org by cd...@apache.org on 2018/10/29 14:04:52 UTC
[incubator-plc4x] branch master updated: - Managing some transitive
dependency versions to avoid CVEs reported starting this afternoon.
This is an automated email from the ASF dual-hosted git repository.
cdutz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-plc4x.git
The following commit(s) were added to refs/heads/master by this push:
new 4f88afe - Managing some transitive dependency versions to avoid CVEs reported starting this afternoon.
4f88afe is described below
commit 4f88afe1e91a263eee3276b9aeffd61970547a5e
Author: Christofer Dutz <ch...@c-ware.de>
AuthorDate: Mon Oct 29 15:04:50 2018 +0100
- Managing some transitive dependency versions to avoid CVEs reported starting this afternoon.
---
examples/hello-cloud-azure/pom.xml | 42 ++++++++++++++++++++++----------------
1 file changed, 24 insertions(+), 18 deletions(-)
diff --git a/examples/hello-cloud-azure/pom.xml b/examples/hello-cloud-azure/pom.xml
index d7c5fcd..11c5c5c 100644
--- a/examples/hello-cloud-azure/pom.xml
+++ b/examples/hello-cloud-azure/pom.xml
@@ -33,20 +33,6 @@
a PLC and making that available in an Azure IoT Hub.
</description>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-dependency-plugin</artifactId>
- <configuration>
- <usedDependencies>
- <usedDependency>org.apache.plc4x:plc4j-protocol-s7</usedDependency>
- </usedDependencies>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
<dependencies>
<dependency>
<groupId>org.apache.plc4x</groupId>
@@ -62,7 +48,7 @@
<dependency>
<groupId>com.microsoft.azure.sdk.iot</groupId>
<artifactId>iot-device-client</artifactId>
- <version>1.3.30</version>
+ <version>1.14.1</version>
</dependency>
<dependency>
@@ -73,14 +59,34 @@
</dependency>
</dependencies>
+ <!-- Managed dependencies to eliminate transitively importing libraries with CVEs -->
<dependencyManagement>
<dependencies>
<dependency>
- <groupId>org.apache.qpid</groupId>
- <artifactId>proton-j</artifactId>
- <version>0.18.0</version>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ <version>2.9.7</version>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcmail-jdk15on</artifactId>
+ <version>1.60</version>
</dependency>
</dependencies>
</dependencyManagement>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <configuration>
+ <usedDependencies>
+ <usedDependency>org.apache.plc4x:plc4j-protocol-s7</usedDependency>
+ </usedDependencies>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
</project>
\ No newline at end of file