CORDA-351: force update dependencies and suppress vulnerabilities not… (#1944)

Merge for V2

* CORDA-351: force update dependencies and suppress vulnerabilities not affecting corda

* CORDA-351: force update dependencies and suppress vulnerabilities not affecting corda
This commit is contained in:
bpaunescu 2017-10-26 12:16:57 +01:00 committed by Katelyn Baker
parent b1a197064b
commit 188ca4a5d4
6 changed files with 25 additions and 5 deletions

View File

@ -23,19 +23,19 @@ buildscript {
ext.asm_version = '0.5.3' ext.asm_version = '0.5.3'
ext.artemis_version = '2.1.0' ext.artemis_version = '2.1.0'
ext.jackson_version = '2.8.5' ext.jackson_version = '2.9.2'
ext.jetty_version = '9.3.9.v20160517' ext.jetty_version = '9.4.7.v20170914'
ext.jersey_version = '2.25' ext.jersey_version = '2.25'
ext.jolokia_version = '2.0.0-M3' ext.jolokia_version = '2.0.0-M3'
ext.assertj_version = '3.6.1' ext.assertj_version = '3.8.0'
ext.slf4j_version = '1.7.25' ext.slf4j_version = '1.7.25'
ext.log4j_version = '2.7' ext.log4j_version = '2.9.1'
ext.bouncycastle_version = constants.getProperty("bouncycastleVersion") ext.bouncycastle_version = constants.getProperty("bouncycastleVersion")
ext.guava_version = constants.getProperty("guavaVersion") ext.guava_version = constants.getProperty("guavaVersion")
ext.okhttp_version = '3.5.0' ext.okhttp_version = '3.5.0'
ext.netty_version = '4.1.9.Final' ext.netty_version = '4.1.9.Final'
ext.typesafe_config_version = constants.getProperty("typesafeConfigVersion") ext.typesafe_config_version = constants.getProperty("typesafeConfigVersion")
ext.fileupload_version = '1.3.2' ext.fileupload_version = '1.3.3'
ext.junit_version = '4.12' ext.junit_version = '4.12'
ext.mockito_version = '1.10.19' ext.mockito_version = '1.10.19'
ext.jopt_simple_version = '5.0.2' ext.jopt_simple_version = '5.0.2'
@ -45,6 +45,9 @@ buildscript {
ext.rxjava_version = '1.2.4' ext.rxjava_version = '1.2.4'
ext.dokka_version = '0.9.14' ext.dokka_version = '0.9.14'
ext.eddsa_version = '0.2.0' ext.eddsa_version = '0.2.0'
ext.dependency_checker_version = '3.0.1'
ext.commons_collections_version = '4.1'
ext.beanutils_version = '1.9.3'
// Update 121 is required for ObjectInputFilter and at time of writing 131 was latest: // Update 121 is required for ObjectInputFilter and at time of writing 131 was latest:
ext.java8_minUpdateVersion = '131' ext.java8_minUpdateVersion = '131'

View File

@ -37,6 +37,9 @@ dependencies {
compile 'org.fxmisc.easybind:easybind:1.0.3' compile 'org.fxmisc.easybind:easybind:1.0.3'
// Artemis Client: ability to connect to an Artemis broker and control it. // Artemis Client: ability to connect to an Artemis broker and control it.
// TODO: remove the forced update of commons-collections and beanutils when artemis updates them
compile "org.apache.commons:commons-collections4:${commons_collections_version}"
compile "commons-beanutils:commons-beanutils:${beanutils_version}"
compile "org.apache.activemq:artemis-core-client:${artemis_version}" compile "org.apache.activemq:artemis-core-client:${artemis_version}"
// Unit testing helpers. // Unit testing helpers.

View File

@ -11,6 +11,10 @@ dependencies {
compile "org.jetbrains.kotlin:kotlin-stdlib-jre8:$kotlin_version" compile "org.jetbrains.kotlin:kotlin-stdlib-jre8:$kotlin_version"
compile "org.jetbrains.kotlin:kotlin-reflect:$kotlin_version" compile "org.jetbrains.kotlin:kotlin-reflect:$kotlin_version"
testCompile "org.jetbrains.kotlin:kotlin-test:$kotlin_version" testCompile "org.jetbrains.kotlin:kotlin-test:$kotlin_version"
// TODO: remove the forced update of commons-collections and beanutils when artemis updates them
compile "org.apache.commons:commons-collections4:${commons_collections_version}"
compile "commons-beanutils:commons-beanutils:${beanutils_version}"
compile "org.apache.activemq:artemis-core-client:${artemis_version}" compile "org.apache.activemq:artemis-core-client:${artemis_version}"
compile "org.apache.activemq:artemis-commons:${artemis_version}" compile "org.apache.activemq:artemis-commons:${artemis_version}"

View File

@ -95,6 +95,9 @@ dependencies {
compile "net.sf.jopt-simple:jopt-simple:$jopt_simple_version" compile "net.sf.jopt-simple:jopt-simple:$jopt_simple_version"
// Artemis: for reliable p2p message queues. // Artemis: for reliable p2p message queues.
// TODO: remove the forced update of commons-collections and beanutils when artemis updates them
compile "org.apache.commons:commons-collections4:${commons_collections_version}"
compile "commons-beanutils:commons-beanutils:${beanutils_version}"
compile "org.apache.activemq:artemis-server:${artemis_version}" compile "org.apache.activemq:artemis-server:${artemis_version}"
compile "org.apache.activemq:artemis-core-client:${artemis_version}" compile "org.apache.activemq:artemis-core-client:${artemis_version}"
runtime ("org.apache.activemq:artemis-amqp-protocol:${artemis_version}") { runtime ("org.apache.activemq:artemis-amqp-protocol:${artemis_version}") {

View File

@ -33,6 +33,10 @@ dependencies {
compile "org.jetbrains.kotlin:kotlin-stdlib-jre8:$kotlin_version" compile "org.jetbrains.kotlin:kotlin-stdlib-jre8:$kotlin_version"
compile "org.jetbrains.kotlin:kotlin-reflect:$kotlin_version" compile "org.jetbrains.kotlin:kotlin-reflect:$kotlin_version"
testCompile "org.jetbrains.kotlin:kotlin-test:$kotlin_version" testCompile "org.jetbrains.kotlin:kotlin-test:$kotlin_version"
// TODO: remove the forced update of commons-collections and beanutils when artemis updates them
compile "org.apache.commons:commons-collections4:${commons_collections_version}"
compile "commons-beanutils:commons-beanutils:${beanutils_version}"
compile "org.apache.activemq:artemis-core-client:${artemis_version}" compile "org.apache.activemq:artemis-core-client:${artemis_version}"
// Log4J: logging framework (with SLF4J bindings) // Log4J: logging framework (with SLF4J bindings)

View File

@ -49,6 +49,9 @@ dependencies {
compile "net.sf.jopt-simple:jopt-simple:$jopt_simple_version" compile "net.sf.jopt-simple:jopt-simple:$jopt_simple_version"
// Jersey for JAX-RS implementation for use in Jetty // Jersey for JAX-RS implementation for use in Jetty
// TODO: remove force upgrade when jersey catches up
compile "org.eclipse.jetty:jetty-continuation:${jetty_version}"
compile "org.glassfish.jersey.core:jersey-server:$jersey_version" compile "org.glassfish.jersey.core:jersey-server:$jersey_version"
compile "org.glassfish.jersey.containers:jersey-container-servlet-core:$jersey_version" compile "org.glassfish.jersey.containers:jersey-container-servlet-core:$jersey_version"
compile "org.glassfish.jersey.containers:jersey-container-jetty-http:$jersey_version" compile "org.glassfish.jersey.containers:jersey-container-jetty-http:$jersey_version"