Google Git
Sign in
apache / pulsar / 86fd8e789bfa44f424730fa3d62891b124c08e52^! / .
commit86fd8e789bfa44f424730fa3d62891b124c08e52[log] [tgz]
authorAndrey Yegorov <8622884+dlg99@users.noreply.github.com>Sat Jan 22 07:16:15 2022 -0800
committerGitHub <noreply@github.com>Sat Jan 22 07:16:15 2022 -0800
tree9aae146b2897d42abce24f3bcd0311323e72ba3d
parent705e9a2f528aea507ad16ed3b378c1dfd0dbed51 [diff]
Getting rid of CVEs reported in testmocks and buildtools (#13895)

CVE-2020-1945
CVE-2021-36373
CVE-2021-36374
CVE-2020-8908
CVE-2017-18640

buildtools sets dependency version/properties independently of the root
pom.
diff --git a/buildtools/pom.xml b/buildtools/pom.xml
index 2c4b110..4e888f2 100644
--- a/buildtools/pom.xml
+++ b/buildtools/pom.xml

@@ -46,6 +46,10 @@
     <maven-shade-plugin.version>3.2.4</maven-shade-plugin.version>
     <puppycrawl.checkstyle.version>8.37</puppycrawl.checkstyle.version>
     <maven-checkstyle-plugin.version>3.1.2</maven-checkstyle-plugin.version>
+    <guice.version>4.2.3</guice.version>
+    <guava.version>31.0.1-jre</guava.version>
+    <ant.version>1.10.12</ant.version>
+    <snakeyaml.version>1.30</snakeyaml.version>
   </properties>
 
   <dependencyManagement>
@@ -61,6 +65,28 @@
   </dependencyManagement>
 
   <dependencies>
+
+    <dependency>
+      <groupId>org.yaml</groupId>
+      <artifactId>snakeyaml</artifactId>
+      <version>${snakeyaml.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.ant</groupId>
+      <artifactId>ant</artifactId>
+      <version>${ant.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>com.google.guava</groupId>
+      <artifactId>guava</artifactId>
+      <version>${guava.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>com.google.inject</groupId>
+      <artifactId>guice</artifactId>
+      <version>${guice.version}</version>
+    </dependency>
+
     <dependency>
       <groupId>org.testng</groupId>
       <artifactId>testng</artifactId>

diff --git a/pom.xml b/pom.xml
index e34c17b..356c6e3 100644
--- a/pom.xml
+++ b/pom.xml

@@ -204,6 +204,7 @@
     <apache-http-client.version>4.5.13</apache-http-client.version>
     <jetcd.version>0.5.11</jetcd.version>
     <snakeyaml.version>1.30</snakeyaml.version>
+    <ant.version>1.10.12</ant.version>
 
     <!-- test dependencies -->
     <cassandra.version>3.6.0</cassandra.version>
@@ -1222,6 +1223,12 @@
       </dependency>
 
       <dependency>
+        <groupId>org.apache.ant</groupId>
+        <artifactId>ant</artifactId>
+        <version>${ant.version}</version>
+      </dependency>
+
+      <dependency>
         <groupId>com.squareup.okhttp3</groupId>
         <artifactId>okhttp</artifactId>
         <version>${okhttp3.version}</version>