From 41cf36e27232dd1b17473e092201672a0faf0eb5 Mon Sep 17 00:00:00 2001
From: Maxim Lapan <maxim.lapan@exasol.com>
Date: Wed, 23 Oct 2024 14:27:26 +0200
Subject: [PATCH] Cleanup in pom
---
pom.xml | 52 ++--------------------------------------------------
1 file changed, 2 insertions(+), 50 deletions(-)
diff --git a/pom.xml b/pom.xml
index 0aec551..8bb1ca2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -189,41 +189,6 @@
</exclusion>
</exclusions>
</dependency>
- <!-- <dependency>-->
- <!-- <!– Upgrade transitive dependency of io.github.embeddedkafka:embedded-kafka-schema-registry_2.13 to fix CVE-2024-27309 –>-->
- <!-- <groupId>org.apache.kafka</groupId>-->
- <!-- <artifactId>kafka-metadata</artifactId>-->
- <!-- <version>3.6.2</version>-->
- <!-- <scope>test</scope>-->
- <!-- </dependency>-->
- <!-- <dependency>-->
- <!-- <!– Upgrade transitive dependency of io.github.embeddedkafka:embedded-kafka-schema-registry_2.13 to fix CVE-2023-5072 –>-->
- <!-- <groupId>org.json</groupId>-->
- <!-- <artifactId>json</artifactId>-->
- <!-- <version>20240303</version>-->
- <!-- <scope>test</scope>-->
- <!-- </dependency>-->
- <!-- <dependency>-->
- <!-- <!– Upgrade transitive dependency of io.github.embeddedkafka:embedded-kafka-schema-registry_2.13 to fix CVE-2023-44981 –>-->
- <!-- <groupId>org.apache.zookeeper</groupId>-->
- <!-- <artifactId>zookeeper</artifactId>-->
- <!-- <version>3.9.2</version>-->
- <!-- <scope>test</scope>-->
- <!-- </dependency>-->
- <!-- <dependency>-->
- <!-- <!– Upgrade transitive dependency of io.github.embeddedkafka:embedded-kafka-schema-registry_2.13 to fix CVE-2023-51775 –>-->
- <!-- <groupId>org.bitbucket.b_c</groupId>-->
- <!-- <artifactId>jose4j</artifactId>-->
- <!-- <version>0.9.6</version>-->
- <!-- <scope>test</scope>-->
- <!-- </dependency>-->
- <!-- <dependency>-->
- <!-- <!– Upgrade transitive dependency org.eclipse.jetty.http2:http2-common of io.github.embeddedkafka:embedded-kafka-schema-registry_2.13 to fix CVE-2024-22201, CVE-2023-36479, CVE-2024-9823, CVE-2024-6762 and CVE-2024-8184 –>-->
- <!-- <groupId>org.eclipse.jetty.http2</groupId>-->
- <!-- <artifactId>http2-server</artifactId>-->
- <!-- <version>11.0.24</version>-->
- <!-- <scope>test</scope>-->
- <!-- </dependency>-->
<dependency>
<!-- Upgrade while we're waiting for the fix of CVE-2024-6763 (but it is not here yet) -->
<groupId>org.eclipse.jetty</groupId>
@@ -232,13 +197,14 @@
<scope>test</scope>
</dependency>
<dependency>
+ <!-- Upgrade to fix CVE-2024-8184 in dependency io.github.embeddedkafka:embedded-kafka-schema-registry_2.13 -->
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
<version>9.4.56.v20240826</version>
<scope>test</scope>
</dependency>
<dependency>
- <!-- Upgrade to fix CVE-2024-6762 and CVE-2024-9823 -->
+ <!-- Upgrade while we're waiting for the fix of CVE-2023-36479 (but it is not there yet) -->
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-servlets</artifactId>
<version>9.4.56.v20240826</version>
@@ -273,19 +239,6 @@
<artifactId>kafka-clients</artifactId>
<version>3.7.1</version>
</dependency>
- <!-- <dependency>-->
- <!-- <!– Upgrade transitive dependency of org.apache.kafka:kafka-clients to fix CVE-2023-43642 –>-->
- <!-- <groupId>org.xerial.snappy</groupId>-->
- <!-- <artifactId>snappy-java</artifactId>-->
- <!-- <version>1.1.10.5</version>-->
- <!-- </dependency>-->
- <!-- <dependency>-->
- <!-- <!– Upgrade transitive dependency of io.github.embeddedkafka:embedded-kafka-schema-registry_2.13 to fix CVE-2024-23080 –>-->
- <!-- <groupId>joda-time</groupId>-->
- <!-- <artifactId>joda-time</artifactId>-->
- <!-- <version>2.12.7</version>-->
- <!-- <scope>test</scope>-->
- <!-- </dependency>-->
<dependency>
<!-- Upgrade transitive dependency of io.github.embeddedkafka:embedded-kafka-schema-registry_2.13 to fix CVE-2021-47621 -->
<groupId>io.github.classgraph</groupId>
@@ -485,7 +438,6 @@
<excludeVulnerabilityIds>
<exclude>CVE-2024-6763</exclude>
<exclude>CVE-2023-36479</exclude>
- <exclude>CVE-2024-8184</exclude>
</excludeVulnerabilityIds>
</configuration>
</plugin>