Page Comparison

...

Repository

Group

Impact Analysis

Action

logging-analytics

pomba-aai-context-builder

pomba-context-aggregator

pomba-network-discovery-context-builder

pomba-sdc-context-builder

pomba-sdnc-context-builder

com.fasterxml.jackson.core

false positive - we don't use this part of the library

Jira Legacy

server	System Jira
serverId	4733707d-2057-3a0f-ae5e-4fd8aff50176
key	LOG-826

will fix in dublin - as no version of jackson is safe

Jira Legacy

server	System Jira
serverId	4733707d-2057-3a0f-ae5e-4fd8aff50176
key	LOG-826

logging-analytics

com.fasterxml.jackson.core

false positive - we don't use this part of the library

Jira Legacy

server	System Jira
serverId	4733707d-2057-3a0f-ae5e-4fd8aff50176
key	LOG-833

will fix in dublin - as no version of jackson is safe

Also implementing library is a non-deployed demo library - with no use in any deployed docker image right now

Jira Legacy

server	System Jira
serverId	4733707d-2057-3a0f-ae5e-4fd8aff50176
key	LOG-833

pomba-audit-common

com.fasterxml.jackson.core

false positive - we don't use this part of the library

will fix in dublin - as no version of jackson is safe

logging-analytics

org.glassfish.hk2.external

false positive - we don't use this part of the library

will fix in dublin

Also implementing library is a non-deployed demo library - with no use in any deployed docker image right now

logging-analytics

com.fasterxml.jackson.module

will move to 2.8.7 by upgrading to spring-boot 2.1 - likely before Dublin - but a lot of testing is required

Also implementing library is a non-deployed demo library - with no use in any deployed docker image right now

logging-analytics

pomba-aai-context-builder

pomba-context-aggregator

pomba-network-discovery-context-builder

pomba-sdc-context-builder

org.springframework.boot :

Like all the other onap projects - we need to move to spring-boot 2.1 - likely before Dublin - but a lot of testing

Jira Legacy

server	System Jira
serverId	4733707d-2057-3a0f-ae5e-4fd8aff50176
key	LOG-829

Jira Legacy

server	System Jira
serverId	4733707d-2057-3a0f-ae5e-4fd8aff50176
key	LOG-829

Jira Legacy

server	System Jira
serverId	4733707d-2057-3a0f-ae5e-4fd8aff50176
key	LOG-830

Jira Legacy

server	System Jira
serverId	4733707d-2057-3a0f-ae5e-4fd8aff50176
key	LOG-874

pomba-sdc-context-builder

logging-analytics

org.json

Like all the other onap projects - we need to move to spring-boot 2.1 - likely before Dublin - but a lot of testing

Dependency org.json:json:jar:20140107 located at Module org.onap.logging-analytics:logging-slf4j-demo:war:1.4.0-SNAPSHOT

json-20140107.jar located at reference/logging-slf4j-demo/target/logging-slf4j-demo-1.4.0-SNAPSHOT.war/WEB-INF/lib

json-20140107.jar located at reference/logging-slf4j-demo/target/logging-slf4j-demo-1.4.0-SNAPSHOT/WEB-INF/lib

Jira Legacy

server	System Jira
serverId	4733707d-2057-3a0f-ae5e-4fd8aff50176
key	LOG-830

Jira Legacy

server	System Jira
serverId	4733707d-2057-3a0f-ae5e-4fd8aff50176
key	LOG-874

pomba-sdc-context-builder

net.sf.flexjson

Like all the other onap projects - we need to move to spring-boot 2.1 - likely before Dublin - but a lot of testing

Dependency net.sf.flexjson:flexjson:jar:3.3 located at Module org.onap.logging-analytics.pomba:pomba-sdc-context-builder:jar:1.4.0-SNAPSHOT

flexjson-3.3.jar located at target/pomba-sdc-context-builder.jar/BOOT-INF/lib

We will defer this like SDC does

pomba-sdnc-context-builder

handelbars

Need to upgrade to or above 4.0.0

Jira Legacy

server	System Jira
serverId	4733707d-2057-3a0f-ae5e-4fd8aff50176
key	LOG-827

For SDNC-CB this is pushed to dublin

Jira Legacy

server	System Jira
serverId	4733707d-2057-3a0f-ae5e-4fd8aff50176
key	LOG-827

pomba-network-discovery-context-builder

pomba-sdnc-context-builder

stipsan/uikit (swagger)

No versions are good - need a replacement for this swagger component

Jira Legacy

server	System Jira
serverId	4733707d-2057-3a0f-ae5e-4fd8aff50176
key	LOG-828

For SDNC-CB this is pushed to dublin

Jira Legacy

server	System Jira
serverId	4733707d-2057-3a0f-ae5e-4fd8aff50176
key	LOG-828

pomba-sdnc-context-builder

logback-classic

DMaaP usage related

Code Block

theme	Midnight

Fixing in Dublin - the sdnc-cb repo/service was not part of casablanca

Note: SDNC-ContextBuilder is not deployed as part of Casablanca - OOM has not branched as of 20181128 - so we can see there is no pod for SDNC-CB - it will appear in the dublin branch via master - therefore the SV reports can be ignored for now as they are in dublin scope (there is an issue where CLM jobs are run against master instead of branches)

Code Block

theme	Midnight

onap          onap-pomba-pomba-aaictxbuilder-67ccd944f-zc2k2                 2/2       Running            0          4h
onap          onap-pomba-pomba-contextaggregator-678d4587cd-gwkgh            1/1       Running            0          4h
onap          onap-pomba-pomba-data-router-6c8cf96c8d-hfq4x                  1/1       Running            0          4h
onap          onap-pomba-pomba-elasticsearch-7b8bc5f864-z682m                1/1       Running            0          4h
onap          onap-pomba-pomba-kibana-64f8788bbd-9vtr9                       1/1       Running            0          4h
onap          onap-pomba-pomba-networkdiscovery-5bd8f8b96d-wqk8j             2/2       Running            0          4h
onap          onap-pomba-pomba-networkdiscoveryctxbuilder-5bf84c9f6d-dpzsw   2/2       Running            0          4h
onap          onap-pomba-pomba-sdcctxbuilder-5b688d6fd5-f4gbt                1/1       Running            0          4h
onap          onap-pomba-pomba-search-data-5b4d8f7dc6-f9v69                  2/2       Running            0          4h
onap          onap-pomba-pomba-servicedecomposition-9885f8f88-ps8kd          2/2       Running            0          4h
onap          onap-pomba-pomba-validation-service-54598588fc-wf8lx           1/1       Running            0          4h

move to or above 1.2 - should be at 1.2.2+

Jira Legacy

server	System Jira
serverId	4733707d-2057-3a0f-ae5e-4fd8aff50176
key	LOG-846

Jira Legacy

server	System Jira
serverId	4733707d-2057-3a0f-ae5e-4fd8aff50176
key	LOG-846

pomba-sdnc-context-builder

struts-core

DMaaP usage related

Code Block

theme	Midnight

Fixing in Dublin - the sdnc-cb repo/service was not part of casablanca

pomba-sdnc-context-builder

struts-taglib

DMaaP usage related

Code Block

theme	Midnight

Fixing in Dublin - the sdnc-cb repo/service was not part of casablanca

Dependency org.apache.struts:struts-taglib:jar:1.3.8 located at Module org.onap.logging-analytics.pomba:pomba-sdnc-context-builder:jar:1.4.0-SNAPSHOT

struts-taglib-1.3.8.jar located at target/pomba-sdnc-context-builder.jar/BOOT-INF/lib

pomba-sdnc-context-builder

org.codehaus.plexus

DMaaP usage related

Code Block

theme	Midnight

Fixing in Dublin - the sdnc-cb repo/service was not part of casablanca

Dependency org.codehaus.plexus:plexus-utils:jar:3.0.22 located at Module org.onap.logging-analytics.pomba:pomba-sdnc-context-builder:jar:1.4.0-SNAPSHOT

pomba-sdnc-context-builder

dom4j

DMaaP usage related

Code Block

theme	Midnight

Fixing in Dublin - the sdnc-cb repo/service was not part of casablanca

Dependency dom4j:dom4j:jar:1.6.1 located at Module org.onap.logging-analytics.pomba:pomba-sdnc-context-builder:jar:1.4.0-SNAPSHOT

dom4j-1.6.1.jar located at target/pomba-sdnc-context-builder.jar/BOOT-INF/lib

pomba-sdnc-context-builder

commons-beanutils

DMaaP usage related

Code Block

theme	Midnight

Fixing in Dublin - the sdnc-cb repo/service was not part of casablanca

Dependency commons-beanutils:commons-beanutils:jar:1.9.3 located at Module org.onap.logging-analytics.pomba:pomba-sdnc-context-builder:jar:1.4.0-SNAPSHOT

commons-beanutils-1.9.3.jar located at target/pomba-sdnc-context-builder.jar/BOOT-INF/lib

pomba-sdnc-context-builder

org.apache.ant

DMaaP usage related

Code Block

theme	Midnight

Fixing in Dublin - the sdnc-cb repo/service was not part of casablanca

Dependency org.apache.ant:ant:jar:1.8.4 located at Module org.onap.logging-analytics.pomba:pomba-sdnc-context-builder:jar:1.4.0-SNAPSHOT

ant-1.8.4.jar located at target/pomba-sdnc-context-builder.jar/BOOT-INF/lib

pomba-sdnc-context-builder

org.jsoup

DMaaP usage related

Code Block

theme	Midnight

Fixing in Dublin - the sdnc-cb repo/service was not part of casablanca

Dependency org.jsoup:jsoup:jar:1.7.2 located at Module org.onap.logging-analytics.pomba:pomba-sdnc-context-builder:jar:1.4.0-SNAPSHOT

jsoup-1.7.2.jar located at target/pomba-sdnc-context-builder.jar/BOOT-INF/lib

Versions Compared

Old Version 1

New Version Current

Key