[Snyk] Fix for 9 vulnerabilities (#1008)

* fix: examples/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6094942 - https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6094943 - https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6097492 - https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6097493 - https://snyk.io/vuln/SNYK-JAVA-COMJAYWAYJSONPATH-6140361 - https://snyk.io/vuln/SNYK-JAVA-NETMINIDEV-1078499 - https://snyk.io/vuln/SNYK-JAVA-NETMINIDEV-1298655 - https://snyk.io/vuln/SNYK-JAVA-NETMINIDEV-3369748 - https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153 Signed-off-by: Artur Souza <asouza.pro@gmail.com> * Fix Examples not to depend on Springboot version for json path. Signed-off-by: Artur Souza <asouza.pro@gmail.com> * Fix new required dependencies. Signed-off-by: Artur Souza <asouza.pro@gmail.com> --------- Signed-off-by: Artur Souza <asouza.pro@gmail.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2024-02-09 10:06:45 -08:00 · 2024-02-09 10:06:45 -08:00 · cd81ee8cd4
parent b2968af896
commit cd81ee8cd4
3 changed files with 17 additions and 10 deletions
--- a/examples/pom.xml
+++ b/examples/pom.xml
@ -24,7 +24,7 @@
    <maven.deploy.skip>true</maven.deploy.skip>
    <spotbugs.fail>false</spotbugs.fail>
    <opentelemetry.version>0.14.0</opentelemetry.version>
-    <springboot.version>3.0.13</springboot.version>
+    <springboot.version>3.2.0</springboot.version>
  </properties>

  <dependencies>
@ -77,7 +77,7 @@
    <dependency>
      <groupId>com.jayway.jsonpath</groupId>
      <artifactId>json-path</artifactId>
-      <version>2.4.0</version>
+      <version>2.9.0</version>
    </dependency>
    <dependency>
      <groupId>io.opentelemetry</groupId>
@ -140,6 +140,16 @@
      <artifactId>javax.annotation-api</artifactId>
      <version>1.3.2</version>
    </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-context</artifactId>
+      <version>6.1.1</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-core</artifactId>
+      <version>6.1.1</version>
+    </dependency>
  </dependencies>

  <build>
--- a/examples/src/main/java/io/dapr/examples/tracing/Validation.java
+++ b/examples/src/main/java/io/dapr/examples/tracing/Validation.java
@ -19,16 +19,13 @@ import com.evanlennick.retry4j.config.RetryConfig;
 import com.evanlennick.retry4j.config.RetryConfigBuilder;
 import com.jayway.jsonpath.DocumentContext;
 import com.jayway.jsonpath.JsonPath;
-import net.minidev.json.JSONArray;
 import okhttp3.HttpUrl;
 import okhttp3.OkHttpClient;
 import okhttp3.Request;
 import okhttp3.Response;

-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-import java.util.Calendar;
-import java.util.TimeZone;
+import java.util.List;
+import java.util.Map;

 import static java.time.temporal.ChronoUnit.SECONDS;

@ -112,7 +109,7 @@ final class Validation {
  }

  private static Object readOne(DocumentContext documentContext, String path) {
-    JSONArray arr = documentContext.read(path);
+    List<Map<String, Object>> arr = documentContext.read(path);
    if (arr.size() == 0) {
      throw new RuntimeException("No record found for " + path);
    }
@ -121,7 +118,7 @@ final class Validation {
  }

  private static void assertCount(DocumentContext documentContext, String path, int expectedCount) {
-    JSONArray arr = documentContext.read(path);
+    List<Map<String, Object>> arr = documentContext.read(path);
    if (arr.size() != expectedCount) {
      throw new RuntimeException(
          String.format("Unexpected count %d vs expected %d for %s", arr.size(), expectedCount, path));
--- a/pom.xml
+++ b/pom.xml
@ -30,7 +30,7 @@
        which conflict with dapr-sdk's jackson dependencies
        https://github.com/microsoft/durabletask-java/blob/main/client/build.gradle#L16
        -->
-    <jackson.version>2.12.3</jackson.version>
+    <jackson.version>2.16.1</jackson.version>
    <gpg.skip>true</gpg.skip>
    <spotbugs.fail>true</spotbugs.fail>
    <spotbugs.exclude.filter.file>../spotbugs-exclude.xml</spotbugs.exclude.filter.file>