To reduce the number of ONAP security vulnerabilities, ONAP is using the O-Parent project to provide centralized version management of common 3rd party Java libraries. This has the benefit of reducing the number of disparate versions of the same 3rd party package that is being used across ONAP, and reduces the attack surface correspondingly. More detailed discussion on this thread is here.
How to Use
- Import Dependency Versions
- Remove Specific Library Versions from Project pom
...
Set the parent POM in your pom.xml as follows. Be sure to use the current version of oparent as declared in the version manifest; see ONAP Version Manifest Maven Plugin.
| Code Block |
|---|
<parent>
<groupId>org.onap.oparent</groupId>
<artifactId>oparent</artifactId>
<version>1.2.0</version>
<relativePath/>
</parent> |
...
Add the following dependency to the dependencyManagement section in your pom.xml. Be sure to use the current version of oparent:dependencies as declared in the version manifest; see ONAP Version Manifest Maven Plugin.
| Code Block |
|---|
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.onap.oparent</groupId>
<artifactId>dependencies</artifactId>
<version>1.2.0</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement> |
...