[archiva] branch master updated: Upgrading transient dependencies to address vulnerability report

Tue, 25 May 2021 10:36:06 -0700 

This is an automated email from the ASF dual-hosted git repository.

martin_s pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/archiva.git


The following commit(s) were added to refs/heads/master by this push:
     new fe117fc  Upgrading transient dependencies to address vulnerability 
report
fe117fc is described below

commit fe117fcc4be288a37db07788a2fd3cc857beeb28
Author: Martin Stockhammer <[email protected]>
AuthorDate: Tue May 25 19:35:54 2021 +0200

    Upgrading transient dependencies to address vulnerability report
---
 .../metadata-store-cassandra/pom.xml               | 34 +++++++---------------
 1 file changed, 10 insertions(+), 24 deletions(-)

diff --git 
a/archiva-modules/metadata/metadata-store-provider/metadata-store-cassandra/pom.xml
 
b/archiva-modules/metadata/metadata-store-provider/metadata-store-cassandra/pom.xml
index 36bf6a2..fc76755 100644
--- 
a/archiva-modules/metadata/metadata-store-provider/metadata-store-cassandra/pom.xml
+++ 
b/archiva-modules/metadata/metadata-store-provider/metadata-store-cassandra/pom.xml
@@ -161,10 +161,16 @@
           <groupId>com.fasterxml.jackson.core</groupId>
           <artifactId>jackson-core</artifactId>
         </exclusion>
+        <!-- Brings hibernate-validator dependency with ancient version, which 
is vulnerable. Not necessary for archiva. -->
         <exclusion>
           <groupId>com.addthis.metrics</groupId>
           <artifactId>reporter-config3</artifactId>
         </exclusion>
+        <!-- Version upgrade, see below -->
+        <exclusion>
+          <groupId>org.apache.tika</groupId>
+          <artifactId>tika-core</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
 
@@ -223,18 +229,11 @@
       <artifactId>jbcrypt</artifactId>
       <version>0.4</version>
     </dependency>
-    <!--
-    <dependency>
-      <groupId>org.codehaus.jackson</groupId>
-      <artifactId>jackson-core-asl</artifactId>
-      <version>1.9.13</version>
-    </dependency>
     <dependency>
-      <groupId>org.codehaus.jackson</groupId>
-      <artifactId>jackson-mapper-asl</artifactId>
-      <version>1.9.13</version>
+      <groupId>org.apache.tika</groupId>
+      <artifactId>tika-core</artifactId>
+      <version>1.26</version>
     </dependency>
-    -->
 
     <!-- Transitive dependency. Declared here to increase the version. -->
     <dependency>
@@ -252,20 +251,7 @@
       <groupId>org.jboss.logging</groupId>
       <artifactId>jboss-logging</artifactId>
     </dependency>
-    <!-- Dependency of cassandra -> replacing by new version -->
-<!--
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-validator</artifactId>
-      <version>4.3.2.Final</version>
-      <exclusions>
-        <exclusion>
-          <groupId>javax.validation</groupId>
-          <artifactId>validation-api</artifactId>
-        </exclusion>
-      </exclusions>
-    </dependency>
--->
+
     <!-- TEST Scope -->
     <dependency>
       <groupId>org.apache.archiva</groupId>

Reply via email to