Skip to content

Commit

Permalink
jackson and commons compress upgrades while extending the use of owas…
Browse files Browse the repository at this point in the history 
… suppression to all artifacts
  • Loading branch information
@teodord
teodord committed Nov 28, 2023
1 parent c0907c2 commit 63364d6
Show file tree
Hide file tree
Showing 19 changed files with 50 additions and 28 deletions.
2 changes: 1 addition & 1 deletion jasperreports/demo/samples/exceldataadapter/ivy.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<extends organisation="net.sf.jasperreports" module="jasperreports" revision="*" location="../../../ivy.xml"/>
</info>
<dependencies>
<dependency org="org.apache.commons" name="commons-compress" rev="1.21" conf="test->*"/>
<dependency org="org.apache.commons" name="commons-compress" rev="1.24" conf="test->*"/>
<dependency org="org.apache.poi" name="poi-ooxml-lite" rev="5.2.2" conf="test->*"/>
<dependency org="org.apache.xmlbeans" name="xmlbeans" rev="5.0.3" conf="test->*"/>
<dependency org="commons-lang" name="commons-lang" rev="2.6" conf="test->*"/>
Expand Down
2 changes: 1 addition & 1 deletion jasperreports/demo/samples/exceldatasource/ivy.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<extends organisation="net.sf.jasperreports" module="jasperreports" revision="*" location="../../../ivy.xml"/>
</info>
<dependencies>
<dependency org="org.apache.commons" name="commons-compress" rev="1.21" conf="test->*"/>
<dependency org="org.apache.commons" name="commons-compress" rev="1.24" conf="test->*"/>
<dependency org="org.apache.poi" name="poi-ooxml-lite" rev="5.2.2" conf="test->*"/>
<dependency org="org.apache.xmlbeans" name="xmlbeans" rev="5.0.3" conf="test->*"/>
</dependencies>
Expand Down
2 changes: 1 addition & 1 deletion jasperreports/demo/samples/fastexceldatasource/ivy.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
</info>
<dependencies>
<dependency org="com.fasterxml" name="aalto-xml" rev="1.3.2" conf="test->*"/>
<dependency org="org.apache.commons" name="commons-compress" rev="1.21" conf="test->*"/>
<dependency org="org.apache.commons" name="commons-compress" rev="1.24" conf="test->*"/>
<dependency org="org.dhatim" name="fastexcel-reader" rev="0.15.6"/>
</dependencies>
</ivy-module>
4 changes: 2 additions & 2 deletions jasperreports/demo/samples/webapp/ivy-lib.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@
<include file="../../../ivy.xml"/>
</configurations>
<dependencies>
<dependency org="com.fasterxml.jackson.core" name="jackson-core" rev="2.14.1"/>
<dependency org="com.fasterxml.jackson.core" name="jackson-databind" rev="2.14.1" conf="test->*"/>
<dependency org="com.fasterxml.jackson.core" name="jackson-core" rev="2.15.3"/>
<dependency org="com.fasterxml.jackson.core" name="jackson-databind" rev="2.15.3" conf="test->*"/>
<dependency org="com.github.librepdf" name="openpdf" rev="1.3.30.jaspersoft.3" conf="test->*"/>
<dependency org="com.zaxxer" name="SparseBitSet" rev="1.2" conf="test->*"/>
<dependency org="commons-beanutils" name="commons-beanutils" rev="1.9.4" conf="test->*"/>
Expand Down
1 change: 1 addition & 0 deletions jasperreports/ext/castor/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
<properties>
<skipInstall>false</skipInstall>
<skipDeploy>false</skipDeploy>
<owasp.suppression.file>${basedir}/../../owasp-suppressions.xml</owasp.suppression.file>
</properties>
<dependencies>
<dependency>
Expand Down
7 changes: 4 additions & 3 deletions jasperreports/ext/chart-customizers/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
<properties>
<skipInstall>false</skipInstall>
<skipDeploy>false</skipDeploy>
<owasp.suppression.file>${basedir}/../../owasp-suppressions.xml</owasp.suppression.file>
</properties>
<dependencies>
<dependency>
Expand Down Expand Up @@ -59,21 +60,21 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>2.14.1</version>
<version>2.15.3</version>
<scope>compile</scope>
<optional>false</optional>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.14.1</version>
<version>2.15.3</version>
<scope>compile</scope>
<optional>false</optional>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>2.14.1</version>
<version>2.15.3</version>
<scope>compile</scope>
<optional>false</optional>
</dependency>
Expand Down
7 changes: 7 additions & 0 deletions jasperreports/ext/chart-themes/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
<properties>
<skipInstall>false</skipInstall>
<skipDeploy>false</skipDeploy>
<owasp.suppression.file>${basedir}/../../owasp-suppressions.xml</owasp.suppression.file>
</properties>
<dependencies>
<dependency>
Expand Down Expand Up @@ -62,6 +63,12 @@
<version>1.4.1</version>
<scope>compile</scope>
<optional>true</optional>
<exclusions>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<build>
Expand Down
1 change: 1 addition & 0 deletions jasperreports/ext/custom-visualization/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
<properties>
<skipInstall>false</skipInstall>
<skipDeploy>false</skipDeploy>
<owasp.suppression.file>${basedir}/../../owasp-suppressions.xml</owasp.suppression.file>
</properties>
<dependencies>
<dependency>
Expand Down
1 change: 1 addition & 0 deletions jasperreports/ext/fastexcel/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
<properties>
<skipInstall>false</skipInstall>
<skipDeploy>false</skipDeploy>
<owasp.suppression.file>${basedir}/../../owasp-suppressions.xml</owasp.suppression.file>
</properties>
<dependencies>
<dependency>
Expand Down
1 change: 1 addition & 0 deletions jasperreports/ext/fonts/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
<skipDeploy>false</skipDeploy>
<maven.source.skip>true</maven.source.skip>
<maven.javadoc.skip>true</maven.javadoc.skip>
<dependency-check.skip>true</dependency-check.skip>
</properties>
<build>
<sourceDirectory>./</sourceDirectory>
Expand Down
1 change: 1 addition & 0 deletions jasperreports/ext/functions/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
<properties>
<skipInstall>false</skipInstall>
<skipDeploy>false</skipDeploy>
<owasp.suppression.file>${basedir}/../../owasp-suppressions.xml</owasp.suppression.file>
</properties>
<dependencies>
<dependency>
Expand Down
1 change: 1 addition & 0 deletions jasperreports/ext/xalan/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
<properties>
<skipInstall>false</skipInstall>
<skipDeploy>false</skipDeploy>
<owasp.suppression.file>${basedir}/../../owasp-suppressions.xml</owasp.suppression.file>
</properties>
<dependencies>
<dependency>
Expand Down
10 changes: 5 additions & 5 deletions jasperreports/ivy.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,11 @@
<dependency org="com.adobe.xmp" name="xmpcore" rev="6.1.11"/>
<dependency org="com.beust" name="jcommander" rev="1.78" conf="test->*"/>
<dependency org="com.drewnoakes" name="metadata-extractor" rev="2.18.0" conf="compile->*"/>
<dependency org="com.fasterxml.jackson.core" name="jackson-annotations" rev="2.14.1" conf="compile,annotations->*"/>
<dependency org="com.fasterxml.jackson.core" name="jackson-core" rev="2.14.1" conf="compile,annotations->*"/>
<dependency org="com.fasterxml.jackson.core" name="jackson-databind" rev="2.14.1" conf="compile,annotations->*"/>
<dependency org="com.fasterxml.jackson.dataformat" name="jackson-dataformat-xml" rev="2.14.1" conf="compile->*"/>
<dependency org="com.fasterxml.jackson.module" name="jackson-module-jaxb-annotations" rev="2.14.1" conf="test->*"/>
<dependency org="com.fasterxml.jackson.core" name="jackson-annotations" rev="2.15.3" conf="compile,annotations->*"/>
<dependency org="com.fasterxml.jackson.core" name="jackson-core" rev="2.15.3" conf="compile,annotations->*"/>
<dependency org="com.fasterxml.jackson.core" name="jackson-databind" rev="2.15.3" conf="compile,annotations->*"/>
<dependency org="com.fasterxml.jackson.dataformat" name="jackson-dataformat-xml" rev="2.15.3" conf="compile->*"/>
<dependency org="com.fasterxml.jackson.module" name="jackson-module-jaxb-annotations" rev="2.15.3" conf="test->*"/>
<dependency org="com.fasterxml.woodstox" name="woodstox-core" rev="6.4.0" conf="test->*"/>
<dependency org="com.github.kklisura.cdt" name="cdt-java-client" rev="4.0.0"/>
<dependency org="com.google.zxing" name="core" rev="3.4.0"/>
Expand Down
5 changes: 5 additions & 0 deletions jasperreports/owasp-suppressions.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,10 @@
<suppress>
<cve>CVE-2021-37533</cve>
<cve>CVE-2022-45688</cve>
<cve>CVE-2023-5072</cve>
<cve>CVE-2022-0869</cve>
<cve>CVE-2023-45960</cve>
<cve>CVE-2015-0897</cve>
<cve>CVE-2023-34411</cve>
</suppress>
</suppressions>
10 changes: 5 additions & 5 deletions jasperreports/pom-common.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -324,35 +324,35 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>2.14.1</version>
<version>2.15.3</version>
<scope>compile</scope>
<optional>false</optional>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.14.1</version>
<version>2.15.3</version>
<scope>compile</scope>
<optional>false</optional>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>2.14.1</version>
<version>2.15.3</version>
<scope>compile</scope>
<optional>false</optional>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-xml</artifactId>
<version>2.14.1</version>
<version>2.15.3</version>
<scope>compile</scope>
<optional>false</optional>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.module</groupId>
<artifactId>jackson-module-jaxb-annotations</artifactId>
<version>2.14.1</version>
<version>2.15.3</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
Expand Down
9 changes: 9 additions & 0 deletions jasperreports/pom-parent.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@
<scmConnection>scm:git:https://github.com/TIBCOSoftware/jasperreports.git</scmConnection>
<scmUrl>https://github.com/TIBCOSoftware/jasperreports</scmUrl>
<maven.buildNumber.doCheck>true</maven.buildNumber.doCheck>
<owasp.suppression.file>${basedir}/owasp-suppressions.xml</owasp.suppression.file>
</properties>
<repositories>
<repository>
Expand Down Expand Up @@ -181,6 +182,14 @@
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>7.4.0</version>
<configuration>
<suppressionFile>${owasp.suppression.file}</suppressionFile>
</configuration>
</plugin>
</plugins>
</build>
</project>
8 changes: 0 additions & 8 deletions jasperreports/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,14 +53,6 @@
<ignoredDifferencesFile>${basedir}/clirr-ignore.xml</ignoredDifferencesFile>
</configuration>
</plugin>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>7.4.0</version>
<configuration>
<suppressionFile>${basedir}/owasp-suppressions.xml</suppressionFile>
</configuration>
</plugin>
</plugins>
</build>
</project>
1 change: 1 addition & 0 deletions jasperreports/tools/annotation-processors/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
<properties>
<skipInstall>false</skipInstall>
<skipDeploy>false</skipDeploy>
<owasp.suppression.file>${basedir}/../../owasp-suppressions.xml</owasp.suppression.file>
</properties>
<dependencies>
<dependency>
Expand Down
5 changes: 3 additions & 2 deletions jasperreports/tools/metadata/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,18 +21,19 @@
<properties>
<skipInstall>false</skipInstall>
<skipDeploy>false</skipDeploy>
<owasp.suppression.file>${basedir}/../../owasp-suppressions.xml</owasp.suppression.file>
</properties>
<dependencies>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>2.14.1</version>
<version>2.15.3</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.14.1</version>
<version>2.15.3</version>
<scope>compile</scope>
</dependency>
</dependencies>
Expand Down

0 comments on commit 63364d6

Please sign in to comment.