You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@plc4x.apache.org by cd...@apache.org on 2018/10/29 14:04:52 UTC

[incubator-plc4x] branch master updated: - Managing some transitive dependency versions to avoid CVEs reported starting this afternoon.

This is an automated email from the ASF dual-hosted git repository.

cdutz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-plc4x.git


The following commit(s) were added to refs/heads/master by this push:
     new 4f88afe  - Managing some transitive dependency versions to avoid CVEs reported starting this afternoon.
4f88afe is described below

commit 4f88afe1e91a263eee3276b9aeffd61970547a5e
Author: Christofer Dutz <ch...@c-ware.de>
AuthorDate: Mon Oct 29 15:04:50 2018 +0100

    - Managing some transitive dependency versions to avoid CVEs reported starting this afternoon.
---
 examples/hello-cloud-azure/pom.xml | 42 ++++++++++++++++++++++----------------
 1 file changed, 24 insertions(+), 18 deletions(-)

diff --git a/examples/hello-cloud-azure/pom.xml b/examples/hello-cloud-azure/pom.xml
index d7c5fcd..11c5c5c 100644
--- a/examples/hello-cloud-azure/pom.xml
+++ b/examples/hello-cloud-azure/pom.xml
@@ -33,20 +33,6 @@
     a PLC and making that available in an Azure IoT Hub.
   </description>
 
-  <build>
-    <plugins>
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-dependency-plugin</artifactId>
-        <configuration>
-          <usedDependencies>
-            <usedDependency>org.apache.plc4x:plc4j-protocol-s7</usedDependency>
-          </usedDependencies>
-        </configuration>
-      </plugin>
-    </plugins>
-  </build>
-
   <dependencies>
     <dependency>
       <groupId>org.apache.plc4x</groupId>
@@ -62,7 +48,7 @@
     <dependency>
       <groupId>com.microsoft.azure.sdk.iot</groupId>
       <artifactId>iot-device-client</artifactId>
-      <version>1.3.30</version>
+      <version>1.14.1</version>
     </dependency>
 
     <dependency>
@@ -73,14 +59,34 @@
     </dependency>
   </dependencies>
 
+  <!-- Managed dependencies to eliminate transitively importing libraries with CVEs -->
   <dependencyManagement>
     <dependencies>
       <dependency>
-        <groupId>org.apache.qpid</groupId>
-        <artifactId>proton-j</artifactId>
-        <version>0.18.0</version>
+        <groupId>com.fasterxml.jackson.core</groupId>
+        <artifactId>jackson-core</artifactId>
+        <version>2.9.7</version>
+      </dependency>
+      <dependency>
+        <groupId>org.bouncycastle</groupId>
+        <artifactId>bcmail-jdk15on</artifactId>
+        <version>1.60</version>
       </dependency>
     </dependencies>
   </dependencyManagement>
 
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-dependency-plugin</artifactId>
+        <configuration>
+          <usedDependencies>
+            <usedDependency>org.apache.plc4x:plc4j-protocol-s7</usedDependency>
+          </usedDependencies>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
+
 </project>
\ No newline at end of file