From b2343d5bb3a12faddb7ffcae26a8cc51623105cc Mon Sep 17 00:00:00 2001 From: SheetalAtre Date: Thu, 14 Sep 2023 15:04:55 +0530 Subject: [PATCH 1/2] fix(clouddriver-artifacts,clouddriver-core): update to fix some cve in 13sep23 report --- clouddriver-artifacts/clouddriver-artifacts.gradle | 2 +- clouddriver-core/clouddriver-core.gradle | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/clouddriver-artifacts/clouddriver-artifacts.gradle b/clouddriver-artifacts/clouddriver-artifacts.gradle index b9102c03f5f..c217bb90acb 100644 --- a/clouddriver-artifacts/clouddriver-artifacts.gradle +++ b/clouddriver-artifacts/clouddriver-artifacts.gradle @@ -49,7 +49,7 @@ dependencies { implementation "com.squareup.okhttp:okhttp:2.7.5" implementation "com.sun.jersey:jersey-client:1.9.1" implementation "org.apache.commons:commons-lang3" - implementation "org.apache.ivy:ivy:2.5.1" + implementation "org.apache.ivy:ivy:2.5.2" implementation "org.apache.maven:maven-resolver-provider:3.5.4" implementation "org.apache.groovy:groovy" implementation "org.springframework.boot:spring-boot-actuator" diff --git a/clouddriver-core/clouddriver-core.gradle b/clouddriver-core/clouddriver-core.gradle index e62df1f4ffa..dc022411558 100644 --- a/clouddriver-core/clouddriver-core.gradle +++ b/clouddriver-core/clouddriver-core.gradle @@ -71,6 +71,7 @@ dependencies { testImplementation "org.springframework.boot:spring-boot-starter-test" testImplementation "com.google.cloud:google-cloud-secretmanager" testImplementation "io.spinnaker.kork:kork-cloud-config-server" + testImplementation("com.google.guava:guava:32.1.1-jre") } tasks.withType(Test).configureEach{ jvmArgs = ['--add-opens=java.base/java.util=ALL-UNNAMED'] From 6f3a363c44ff5ffdc0dc43bbaf58b75384f8a8b1 Mon Sep 17 00:00:00 2001 From: SheetalAtre Date: Thu, 14 Sep 2023 18:53:14 +0530 Subject: [PATCH 2/2] fix(clouddriver-elastic, build.gradle): update version to fix some cve in 13sep23 report --- build.gradle | 6 ++++++ clouddriver-elasticsearch/clouddriver-elasticsearch.gradle | 1 + 2 files changed, 7 insertions(+) diff --git a/build.gradle b/build.gradle index b77da034619..121b1446450 100644 --- a/build.gradle +++ b/build.gradle @@ -67,6 +67,12 @@ subprojects { implementation("org.apache.ivy:ivy:2.5.1") implementation("org.json:json:20230227") implementation("org.yaml:snakeyaml:2.0") + implementation("net.minidev:json-smart:2.4.9") + implementation("com.google.guava:guava:32.1.1-jre") + + testImplementation("org.yaml:snakeyaml:2.0") + testImplementation("net.minidev:json-smart:2.4.9") + testImplementation("com.google.guava:guava:32.1.1-jre") annotationProcessor platform("io.spinnaker.kork:kork-bom:$korkVersion") annotationProcessor "org.projectlombok:lombok" diff --git a/clouddriver-elasticsearch/clouddriver-elasticsearch.gradle b/clouddriver-elasticsearch/clouddriver-elasticsearch.gradle index b6e91f30182..c0e77efd349 100644 --- a/clouddriver-elasticsearch/clouddriver-elasticsearch.gradle +++ b/clouddriver-elasticsearch/clouddriver-elasticsearch.gradle @@ -25,5 +25,6 @@ dependencies { testImplementation "org.spockframework:spock-core" testImplementation "org.spockframework:spock-spring" testImplementation "org.springframework:spring-test" + testImplementation "org.yaml:snakeyaml:2.0" }