Getting rid of CVEs reported in testmocks and buildtools (#13895)
CVE-2020-1945
CVE-2021-36373
CVE-2021-36374
CVE-2020-8908
CVE-2017-18640
buildtools sets dependency version/properties independently of the root
pom.
diff --git a/buildtools/pom.xml b/buildtools/pom.xml
index 2c4b110..4e888f2 100644
--- a/buildtools/pom.xml
+++ b/buildtools/pom.xml
@@ -46,6 +46,10 @@
<maven-shade-plugin.version>3.2.4</maven-shade-plugin.version>
<puppycrawl.checkstyle.version>8.37</puppycrawl.checkstyle.version>
<maven-checkstyle-plugin.version>3.1.2</maven-checkstyle-plugin.version>
+ <guice.version>4.2.3</guice.version>
+ <guava.version>31.0.1-jre</guava.version>
+ <ant.version>1.10.12</ant.version>
+ <snakeyaml.version>1.30</snakeyaml.version>
</properties>
<dependencyManagement>
@@ -61,6 +65,28 @@
</dependencyManagement>
<dependencies>
+
+ <dependency>
+ <groupId>org.yaml</groupId>
+ <artifactId>snakeyaml</artifactId>
+ <version>${snakeyaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ant</groupId>
+ <artifactId>ant</artifactId>
+ <version>${ant.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ <version>${guava.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.google.inject</groupId>
+ <artifactId>guice</artifactId>
+ <version>${guice.version}</version>
+ </dependency>
+
<dependency>
<groupId>org.testng</groupId>
<artifactId>testng</artifactId>
diff --git a/pom.xml b/pom.xml
index e34c17b..356c6e3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -204,6 +204,7 @@
<apache-http-client.version>4.5.13</apache-http-client.version>
<jetcd.version>0.5.11</jetcd.version>
<snakeyaml.version>1.30</snakeyaml.version>
+ <ant.version>1.10.12</ant.version>
<!-- test dependencies -->
<cassandra.version>3.6.0</cassandra.version>
@@ -1222,6 +1223,12 @@
</dependency>
<dependency>
+ <groupId>org.apache.ant</groupId>
+ <artifactId>ant</artifactId>
+ <version>${ant.version}</version>
+ </dependency>
+
+ <dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
<version>${okhttp3.version}</version>