Skip to content

Commit

Permalink
Merge pull request #831 from catenax-ng/chore/TRACEFOXX-XXX-fix-high-…
Browse files Browse the repository at this point in the history
…dependency-vulnerability

Chore/tracefoxx xxx fix high dependency vulnerability
  • Loading branch information
ds-lcapellino authored Dec 8, 2023
2 parents 85f87f0 + 632e664 commit 641a61b
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 32 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,10 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
- Parts autocomplete API now is case insensitive when using "startWith" parameter
- changed mapping for manufacturerName when syncing assets_as_planned so it is being resolved when assets are resolved
- Behaviour of auto complete toggle selections
- Updated springboot version from 3.1.3 to 3.1.6
- updated spring core version from 6.0.13 to 6.0.14
- Update tomcat-embed-websocket from 10.0.15 to 10.0.16
- Update logback-classic and logback-core version to 1.4.14 to mitigate high finding

### Removed
- removed asset filters ( qualityInvestigationIdsInStatusActive, qualityInvestigationIdsInStatusActive )
Expand Down
4 changes: 2 additions & 2 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,8 @@ SPDX-License-Identifier: Apache-2.0
</modules>

<properties>
<springboot.version>3.1.3</springboot.version>
<spring-core.version>6.0.13</spring-core.version>
<springboot.version>3.1.6</springboot.version>
<spring-core.version>6.0.14</spring-core.version>
<spring-security-config.version>6.1.3</spring-security-config.version>
<java.version>17</java.version>
<maven.compiler.source>${java.version}</maven.compiler.source>
Expand Down
30 changes: 18 additions & 12 deletions tx-backend/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -50,9 +50,8 @@ SPDX-License-Identifier: Apache-2.0
<!-- https://mvnrepository.com/artifact/org.eclipse.jetty.websocket/websocket-parent -->



<dependencies>
<!-- IRS Client for decentral registry approach -->
<!-- IRS Client for decentral registry approach -->
<dependency>
<groupId>org.eclipse.tractusx.irs</groupId>
<artifactId>irs-registry-client</artifactId>
Expand All @@ -63,6 +62,10 @@ SPDX-License-Identifier: Apache-2.0
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-http</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-websocket</artifactId>
</exclusion>
</exclusions>
</dependency>

Expand Down Expand Up @@ -186,25 +189,16 @@ SPDX-License-Identifier: Apache-2.0
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-websocket</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>10.1.15</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-websocket</artifactId>
<version>10.1.15</version>
<version>10.1.16</version>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
Expand Down Expand Up @@ -436,6 +430,18 @@ SPDX-License-Identifier: Apache-2.0
<version>1.1.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.4.14</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>1.4.14</version>
</dependency>


</dependencies>

<pluginRepositories>
Expand Down
30 changes: 12 additions & 18 deletions tx-models/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -53,26 +53,8 @@ SPDX-License-Identifier: Apache-2.0
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-websocket</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>10.1.15</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-websocket</artifactId>
<version>10.1.15</version>
</dependency>

<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
Expand All @@ -90,6 +72,18 @@ SPDX-License-Identifier: Apache-2.0
<version>${springdoc.version}</version>
</dependency>


<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.4.14</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>1.4.14</version>
</dependency>

</dependencies>
</project>

0 comments on commit 641a61b

Please sign in to comment.