- Upgraded play-bootstrap to 1.5-P27-B3

Hariharan Ramanathan · Hariharan Ramanathan · commit 941fefd51b04 · 2019-11-22T14:29:20.000+01:00
- Upgraded jackson-databind to 2.9.10.1
- Upgraded akka http spray json to 10.1.6
- Excluded some vulnearable jars transitive jar and added upgraded
  the dependency
diff --git a/build.sbt b/build.sbt
@@ -11,28 +11,28 @@ version := "1.0.0"
 scalaVersion := "2.12.4"
 
 lazy val management = (project in file(".")).enablePlugins(SbtWeb).enablePlugins(PlayScala)
-                                      .enablePlugins(BuildInfoPlugin).
-                                        settings(
-                                          buildInfoKeys := Seq[BuildInfoKey](name, version, scalaVersion, sbtVersion),
-                                          buildInfoPackage := "de.upb.cs.swt.delphi.management",
-                                          (scalastyleSources in Compile) := {
-                                            // all .scala files in "src/main/scala"
-                                            val scalaSourceFiles = ((scalaSource in Compile).value ** "*.scala").get    
-                                            val fSep = java.io.File.separator // "/" or "\"
-                                            val dirNameToExclude = "app" + fSep + "models" // "com/folder_to_exclude"
-                                            scalaSourceFiles.filterNot(_.getAbsolutePath.contains(dirNameToExclude))
-                                          }
-                                        )
+  .enablePlugins(BuildInfoPlugin).
+  settings(
+    buildInfoKeys := Seq[BuildInfoKey](name, version, scalaVersion, sbtVersion),
+    buildInfoPackage := "de.upb.cs.swt.delphi.management",
+    (scalastyleSources in Compile) := {
+      // all .scala files in "src/main/scala"
+      val scalaSourceFiles = ((scalaSource in Compile).value ** "*.scala").get
+      val fSep = java.io.File.separator // "/" or "\"
+      val dirNameToExclude = "app" + fSep + "models" // "com/folder_to_exclude"
+      scalaSourceFiles.filterNot(_.getAbsolutePath.contains(dirNameToExclude))
+    }
+  )
 
 scalastyleConfig := baseDirectory.value / "project" / "scalastyle-config.xml"
 
 val conf = ConfigFactory.parseFile(new File("conf/application.conf")).resolve()
-val appPortManagement    = conf.getString("app.portManagement")
+val appPortManagement = conf.getString("app.portManagement")
 
 PlayKeys.devSettings := Seq(
-    "play.server.http.port" -> appPortManagement
+  "play.server.http.port" -> appPortManagement
 )
-pipelineStages := Seq(digest,gzip)
+pipelineStages := Seq(digest, gzip)
 
 resolvers += Resolver.sonatypeRepo("snapshots")
 resolvers += Resolver.jcenterRepo
@@ -41,13 +41,18 @@ libraryDependencies += guice
 libraryDependencies += "org.scalatestplus.play" %% "scalatestplus-play" % "3.1.2" % Test
 libraryDependencies += "net.codingwell" %% "scala-guice" % "4.1.1"
 libraryDependencies += "com.iheart" %% "ficus" % "1.4.3"
-libraryDependencies += "org.webjars" % "bootstrap" % "4.1.0"
-libraryDependencies += "org.webjars" %% "webjars-play" % "2.7.0"
-libraryDependencies += "com.adrianhurt" %% "play-bootstrap" % "1.4-P26-B4-SNAPSHOT"
+libraryDependencies += "org.webjars" % "bootstrap" % "4.3.1" exclude("org.webjars", "jquery")
+//Snyk vulnerability
+libraryDependencies += "org.webjars" % "jquery" % "3.4.0"
+libraryDependencies += "org.webjars" %% "webjars-play" % "2.7.3" exclude("com.fasterxml.jackson.core", "jackson-databind")
+//Snyk vulnerability high severity
+libraryDependencies += "com.fasterxml.jackson.core" % "jackson-databind" % "2.9.10.1"
+libraryDependencies += "com.adrianhurt" %% "play-bootstrap" % "1.5-P27-B3" exclude ("com.fasterxml.jackson.datatype","jackson-datatype-jsr310")
+libraryDependencies += "com.fasterxml.jackson.datatype" % "jackson-datatype-jsr310" % "2.9.8"
 libraryDependencies += "eu.bitwalker" % "UserAgentUtils" % "1.20"
-libraryDependencies += "com.typesafe.akka" %% "akka-http" % "10.1.5"
-libraryDependencies += "com.typesafe.akka" %% "akka-stream" % "2.5.14"
-libraryDependencies += "com.typesafe.akka" %% "akka-http-spray-json" % "10.1.5"
+libraryDependencies += "com.typesafe.akka" %% "akka-http" % "10.1.10"
+libraryDependencies += "com.typesafe.akka" %% "akka-stream" % "2.5.16"
+libraryDependencies += "com.typesafe.akka" %% "akka-http-spray-json" % "10.1.6"
 libraryDependencies += ws
 
 routesGenerator := InjectedRoutesGenerator
@@ -58,7 +63,7 @@ libraryDependencies ++= Seq(
   "com.nimbusds" % "nimbus-jose-jwt" % "5.14",
   "org.bouncycastle" % "bcprov-jdk15on" % "1.60",
   "com.google.guava" % "guava" % "25.1-jre",
-  "org.apache.commons" % "commons-compress" % "1.18"
+  "org.apache.commons" % "commons-compress" % "1.19"
 )
 
 libraryDependencies += "com.pauldijou" %% "jwt-core" % "1.0.0"
