Skip to content

Commit ddd3adb

Browse files
janjwerner-confluentshaikzakiriitm
janjwerner-confluent
authored and
shaikzakiriitm
committed
ESC-581: update dependencies, move dependencies to dependencyManagement section
1 parent 621d7f6 commit ddd3adb

File tree

1 file changed

+35
-5
lines changed

1 file changed

+35
-5
lines changed

pom.xml

Lines changed: 35 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@
3535
<junit.version>4.12</junit.version>
3636
<guava.version>32.0.1-jre</guava.version>
3737
<avro.version>1.8.1</avro.version>
38+
<jackson.version>2.15.2</jackson.version>
3839
<maven.release.plugin.version>2.5.3</maven.release.plugin.version>
3940
</properties>
4041

@@ -86,6 +87,40 @@
8687
</pluginRepository>
8788
</pluginRepositories>
8889

90+
91+
<!-- pin transitive dependencies for CVEs -->
92+
<dependencyManagement>
93+
<dependencies>
94+
<dependency>
95+
<groupId>com.google.guava</groupId>
96+
<artifactId>guava</artifactId>
97+
<version>${guava.version}</version>
98+
</dependency>
99+
<dependency>
100+
<groupId>org.apache.httpcomponents</groupId>
101+
<artifactId>httpclient</artifactId>
102+
<version>${httpclient.version}</version>
103+
</dependency>
104+
<dependency>
105+
<groupId>com.fasterxml.jackson</groupId>
106+
<artifactId>jackson-bom</artifactId>
107+
<version>${jackson.version}</version>
108+
<type>pom</type>
109+
<scope>import</scope>
110+
</dependency>
111+
<dependency>
112+
<groupId>org.xerial.snappy</groupId>
113+
<artifactId>snappy-java</artifactId>
114+
<version>1.1.10.3</version>
115+
</dependency>
116+
<dependency>
117+
<groupId>org.bitbucket.b_c</groupId>
118+
<artifactId>jose4j</artifactId>
119+
<version>0.9.3</version>
120+
</dependency>
121+
</dependencies>
122+
</dependencyManagement>
123+
89124
<dependencies>
90125
<dependency>
91126
<groupId>org.apache.kafka</groupId>
@@ -107,11 +142,6 @@
107142
</exclusion>
108143
</exclusions>
109144
</dependency>
110-
<dependency>
111-
<groupId>com.google.guava</groupId>
112-
<artifactId>guava</artifactId>
113-
<version>${guava.version}</version>
114-
</dependency>
115145
<dependency>
116146
<groupId>junit</groupId>
117147
<artifactId>junit</artifactId>

0 commit comments

Comments
 (0)