From b70927180a0fde58d0ad53903ee5d297ea3d3d88 Mon Sep 17 00:00:00 2001 From: Mikayla Thompson Date: Tue, 23 Apr 2024 03:05:38 -0600 Subject: [PATCH] Merge pull request #600 from mikaylathompson/transitive-mend-fixes Mend fixes for various transitive dependencies --- TrafficCapture/dockerSolution/build.gradle | 5 +++++ .../trafficCaptureProxyServer/build.gradle | 5 +++++ .../trafficCaptureProxyServerTest/build.gradle | 3 +++ TrafficCapture/trafficReplayer/build.gradle | 12 +++++++++++- 4 files changed, 24 insertions(+), 1 deletion(-) diff --git a/TrafficCapture/dockerSolution/build.gradle b/TrafficCapture/dockerSolution/build.gradle index a056deada..c4413864a 100644 --- a/TrafficCapture/dockerSolution/build.gradle +++ b/TrafficCapture/dockerSolution/build.gradle @@ -14,6 +14,11 @@ def calculateDockerHash = { projectName -> dependencies { implementation project(':trafficCaptureProxyServer') implementation project(':trafficReplayer') + constraints { + implementation('software.amazon.awssdk:secretsmanager:2.25.19') { + because 'mend security issue' + } + } } def dockerFilesForExternalServices = [ diff --git a/TrafficCapture/trafficCaptureProxyServer/build.gradle b/TrafficCapture/trafficCaptureProxyServer/build.gradle index 129f481b9..43528ea3a 100644 --- a/TrafficCapture/trafficCaptureProxyServer/build.gradle +++ b/TrafficCapture/trafficCaptureProxyServer/build.gradle @@ -46,6 +46,11 @@ dependencies { testImplementation group: 'org.testcontainers', name: 'kafka', version: '1.19.7' testImplementation group: 'org.testcontainers', name: 'testcontainers', version: '1.19.7' testImplementation group: 'org.testcontainers', name: 'toxiproxy', version: '1.19.7' + constraints { + testImplementation('org.apache.commons:commons-compress:1.26.0') { + because 'mend security issue' + } + } } tasks.withType(Tar){ diff --git a/TrafficCapture/trafficCaptureProxyServerTest/build.gradle b/TrafficCapture/trafficCaptureProxyServerTest/build.gradle index 70e301680..7f4017070 100644 --- a/TrafficCapture/trafficCaptureProxyServerTest/build.gradle +++ b/TrafficCapture/trafficCaptureProxyServerTest/build.gradle @@ -54,6 +54,9 @@ dependencies { implementation('org.apache.tika:tika-core:1.28.4') { because 'mend security issue' } + implementation('com.jayway.jsonpath:json-path:2.9.0') { + because 'mend security issue' + } } } diff --git a/TrafficCapture/trafficReplayer/build.gradle b/TrafficCapture/trafficReplayer/build.gradle index 601cdbfbe..99cabbd68 100644 --- a/TrafficCapture/trafficReplayer/build.gradle +++ b/TrafficCapture/trafficReplayer/build.gradle @@ -58,7 +58,7 @@ dependencies { implementation group: 'software.amazon.awssdk', name: 'arns', version: '2.20.102' implementation group: 'software.amazon.awssdk', name: 'auth', version: '2.20.102' implementation group: 'software.amazon.awssdk', name: 'sdk-core', version: '2.20.102' - implementation group: 'software.amazon.awssdk', name: 'secretsmanager', version: '2.20.127' + implementation group: 'software.amazon.awssdk', name: 'secretsmanager', version: '2.25.19' implementation group: 'software.amazon.msk', name: 'aws-msk-iam-auth', version: '2.0.3' implementation 'org.apache.commons:commons-compress:1.26.0' @@ -86,9 +86,19 @@ dependencies { testImplementation group: 'org.testcontainers', name: 'junit-jupiter', version: '1.19.7' testImplementation group: 'org.testcontainers', name: 'kafka', version: '1.19.7' testImplementation group: 'org.testcontainers', name: 'testcontainers', version: '1.19.7' + testImplementation group: 'org.mockito', name:'mockito-core', version:'4.6.1' testImplementation group: 'org.mockito', name:'mockito-junit-jupiter', version:'4.6.1' testRuntimeOnly group:'org.junit.jupiter', name:'junit-jupiter-engine', version:'5.x.x' + + constraints { + testImplementation('org.apache.commons:commons-compress:1.26.0') { + because 'mend security issue' + } + implementation('io.netty:netty-codec-http:4.1.108.Final') { + because 'mend security issue' + } + } } configurations.all {