Skip to content

Commit c1b441d

Browse files
shaikzakiriitmshaikzakiriitm
authored
Merge pull request #127 from confluentinc/ESC-581
ESC-581: update dependencies, move dependencies to dependencyManageme…
2 parents 621d7f6 + 16dbe01 commit c1b441d

File tree

1 file changed

+30
-5
lines changed

1 file changed

+30
-5
lines changed

pom.xml

Lines changed: 30 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@
3535
<junit.version>4.12</junit.version>
3636
<guava.version>32.0.1-jre</guava.version>
3737
<avro.version>1.8.1</avro.version>
38+
<jackson.version>2.15.2</jackson.version>
3839
<maven.release.plugin.version>2.5.3</maven.release.plugin.version>
3940
</properties>
4041

@@ -86,6 +87,35 @@
8687
</pluginRepository>
8788
</pluginRepositories>
8889

90+
91+
<!-- pin transitive dependencies for CVEs -->
92+
<dependencyManagement>
93+
<dependencies>
94+
<dependency>
95+
<groupId>com.google.guava</groupId>
96+
<artifactId>guava</artifactId>
97+
<version>${guava.version}</version>
98+
</dependency>
99+
<dependency>
100+
<groupId>org.apache.httpcomponents</groupId>
101+
<artifactId>httpclient</artifactId>
102+
<version>${httpclient.version}</version>
103+
</dependency>
104+
<dependency>
105+
<groupId>com.fasterxml.jackson</groupId>
106+
<artifactId>jackson-bom</artifactId>
107+
<version>${jackson.version}</version>
108+
<type>pom</type>
109+
<scope>import</scope>
110+
</dependency>
111+
<dependency>
112+
<groupId>org.xerial.snappy</groupId>
113+
<artifactId>snappy-java</artifactId>
114+
<version>1.1.10.3</version>
115+
</dependency>
116+
</dependencies>
117+
</dependencyManagement>
118+
89119
<dependencies>
90120
<dependency>
91121
<groupId>org.apache.kafka</groupId>
@@ -107,11 +137,6 @@
107137
</exclusion>
108138
</exclusions>
109139
</dependency>
110-
<dependency>
111-
<groupId>com.google.guava</groupId>
112-
<artifactId>guava</artifactId>
113-
<version>${guava.version}</version>
114-
</dependency>
115140
<dependency>
116141
<groupId>junit</groupId>
117142
<artifactId>junit</artifactId>

0 commit comments

Comments
 (0)