From 2ba7c234b592c8a6aedc1b63373123b80e1d14d1 Mon Sep 17 00:00:00 2001
From: Tim Berthold <tim.berthold@sovity.de>
Date: Mon, 24 Jul 2023 17:10:22 +0200
Subject: [PATCH] chore: update transitive dependencies of ms8-patch1

---
 connector/build.gradle.kts                   | 17 ++++++++++++++++-
 extensions/edc-ui-config/build.gradle.kts    | 18 +++++++++++++++++-
 extensions/last-commit-info/build.gradle.kts | 18 +++++++++++++++++-
 extensions/wrapper/client/build.gradle.kts   | 18 +++++++++++++++++-
 extensions/wrapper/wrapper/build.gradle.kts  | 18 +++++++++++++++++-
 gradle.properties                            |  2 +-
 6 files changed, 85 insertions(+), 6 deletions(-)

diff --git a/connector/build.gradle.kts b/connector/build.gradle.kts
index 8465b7ca2..a1200c18b 100644
--- a/connector/build.gradle.kts
+++ b/connector/build.gradle.kts
@@ -14,9 +14,24 @@ dependencies {
     implementation("${edcGroup}:api-observability:${edcVersion}")
     implementation("${edcGroup}:configuration-filesystem:${edcVersion}")
     implementation("${edcGroup}:control-plane-aggregate-services:${edcVersion}")
-    implementation("${edcGroup}:http:${edcVersion}")
+    implementation("${edcGroup}:http:${edcVersion}") {
+        exclude(group = "org.eclipse.jetty", module = "jetty-client")
+        exclude(group = "org.eclipse.jetty", module = "jetty-http")
+        exclude(group = "org.eclipse.jetty", module = "jetty-io")
+        exclude(group = "org.eclipse.jetty", module = "jetty-server")
+        exclude(group = "org.eclipse.jetty", module = "jetty-util")
+        exclude(group = "org.eclipse.jetty", module = "jetty-webapp")
+    }
     implementation("${edcGroup}:ids:${edcVersion}")
 
+    // Updated jetty versions for e.g. CVE-2023-26048
+    implementation("org.eclipse.jetty:jetty-client:11.0.15")
+    implementation("org.eclipse.jetty:jetty-http:11.0.15")
+    implementation("org.eclipse.jetty:jetty-io:11.0.15")
+    implementation("org.eclipse.jetty:jetty-server:11.0.15")
+    implementation("org.eclipse.jetty:jetty-util:11.0.15")
+    implementation("org.eclipse.jetty:jetty-webapp:11.0.15")
+
     // Control-plane to Data-plane
     implementation("${edcGroup}:transfer-data-plane:${edcVersion}")
     implementation("${edcGroup}:data-plane-selector-core:${edcVersion}")
diff --git a/extensions/edc-ui-config/build.gradle.kts b/extensions/edc-ui-config/build.gradle.kts
index 42430ad93..d70bd1edd 100644
--- a/extensions/edc-ui-config/build.gradle.kts
+++ b/extensions/edc-ui-config/build.gradle.kts
@@ -18,7 +18,23 @@ dependencies {
 
     testImplementation("${edcGroup}:control-plane-core:${edcVersion}")
     testImplementation("${edcGroup}:junit:${edcVersion}")
-    testImplementation("${edcGroup}:http:${edcVersion}")
+    testImplementation("${edcGroup}:http:${edcVersion}") {
+        exclude(group = "org.eclipse.jetty", module = "jetty-client")
+        exclude(group = "org.eclipse.jetty", module = "jetty-http")
+        exclude(group = "org.eclipse.jetty", module = "jetty-io")
+        exclude(group = "org.eclipse.jetty", module = "jetty-server")
+        exclude(group = "org.eclipse.jetty", module = "jetty-util")
+        exclude(group = "org.eclipse.jetty", module = "jetty-webapp")
+    }
+
+    // Updated jetty versions for e.g. CVE-2023-26048
+    testImplementation("org.eclipse.jetty:jetty-client:11.0.15")
+    testImplementation("org.eclipse.jetty:jetty-http:11.0.15")
+    testImplementation("org.eclipse.jetty:jetty-io:11.0.15")
+    testImplementation("org.eclipse.jetty:jetty-server:11.0.15")
+    testImplementation("org.eclipse.jetty:jetty-util:11.0.15")
+    testImplementation("org.eclipse.jetty:jetty-webapp:11.0.15")
+
     testImplementation("io.rest-assured:rest-assured:${restAssured}")
     testImplementation("org.junit.jupiter:junit-jupiter-api:5.10.0")
     testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine:5.10.0")
diff --git a/extensions/last-commit-info/build.gradle.kts b/extensions/last-commit-info/build.gradle.kts
index c0e3f9671..dda911d83 100644
--- a/extensions/last-commit-info/build.gradle.kts
+++ b/extensions/last-commit-info/build.gradle.kts
@@ -24,7 +24,23 @@ dependencies {
 
     testImplementation("${edcGroup}:control-plane-core:${edcVersion}")
     testImplementation("${edcGroup}:junit:${edcVersion}")
-    testImplementation("${edcGroup}:http:${edcVersion}")
+    testImplementation("${edcGroup}:http:${edcVersion}") {
+        exclude(group = "org.eclipse.jetty", module = "jetty-client")
+        exclude(group = "org.eclipse.jetty", module = "jetty-http")
+        exclude(group = "org.eclipse.jetty", module = "jetty-io")
+        exclude(group = "org.eclipse.jetty", module = "jetty-server")
+        exclude(group = "org.eclipse.jetty", module = "jetty-util")
+        exclude(group = "org.eclipse.jetty", module = "jetty-webapp")
+    }
+
+    // Updated jetty versions for e.g. CVE-2023-26048
+    testImplementation("org.eclipse.jetty:jetty-client:11.0.15")
+    testImplementation("org.eclipse.jetty:jetty-http:11.0.15")
+    testImplementation("org.eclipse.jetty:jetty-io:11.0.15")
+    testImplementation("org.eclipse.jetty:jetty-server:11.0.15")
+    testImplementation("org.eclipse.jetty:jetty-util:11.0.15")
+    testImplementation("org.eclipse.jetty:jetty-webapp:11.0.15")
+
     testImplementation("io.rest-assured:rest-assured:${restAssured}")
     testImplementation("org.junit.jupiter:junit-jupiter-api:5.10.0")
     testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine:5.10.0")
diff --git a/extensions/wrapper/client/build.gradle.kts b/extensions/wrapper/client/build.gradle.kts
index 33d4bd688..6d015f3a9 100644
--- a/extensions/wrapper/client/build.gradle.kts
+++ b/extensions/wrapper/client/build.gradle.kts
@@ -40,7 +40,23 @@ dependencies {
 
     testImplementation("${edcGroup}:control-plane-core:${edcVersion}")
     testImplementation("${edcGroup}:junit:${edcVersion}")
-    testImplementation("${edcGroup}:http:${edcVersion}")
+    testImplementation("${edcGroup}:http:${edcVersion}") {
+        exclude(group = "org.eclipse.jetty", module = "jetty-client")
+        exclude(group = "org.eclipse.jetty", module = "jetty-http")
+        exclude(group = "org.eclipse.jetty", module = "jetty-io")
+        exclude(group = "org.eclipse.jetty", module = "jetty-server")
+        exclude(group = "org.eclipse.jetty", module = "jetty-util")
+        exclude(group = "org.eclipse.jetty", module = "jetty-webapp")
+    }
+
+    // Updated jetty versions for e.g. CVE-2023-26048
+    testImplementation("org.eclipse.jetty:jetty-client:11.0.15")
+    testImplementation("org.eclipse.jetty:jetty-http:11.0.15")
+    testImplementation("org.eclipse.jetty:jetty-io:11.0.15")
+    testImplementation("org.eclipse.jetty:jetty-server:11.0.15")
+    testImplementation("org.eclipse.jetty:jetty-util:11.0.15")
+    testImplementation("org.eclipse.jetty:jetty-webapp:11.0.15")
+
     testImplementation(project(":extensions:wrapper:wrapper"))
     testImplementation("io.rest-assured:rest-assured:${restAssured}")
     testImplementation("org.junit.jupiter:junit-jupiter-api:5.10.0")
diff --git a/extensions/wrapper/wrapper/build.gradle.kts b/extensions/wrapper/wrapper/build.gradle.kts
index e5e8e8b09..310666cef 100644
--- a/extensions/wrapper/wrapper/build.gradle.kts
+++ b/extensions/wrapper/wrapper/build.gradle.kts
@@ -37,7 +37,23 @@ dependencies {
 
     testImplementation("${edcGroup}:control-plane-core:${edcVersion}")
     testImplementation("${edcGroup}:junit:${edcVersion}")
-    testImplementation("${edcGroup}:http:${edcVersion}")
+    testImplementation("${edcGroup}:http:${edcVersion}") {
+        exclude(group = "org.eclipse.jetty", module = "jetty-client")
+        exclude(group = "org.eclipse.jetty", module = "jetty-http")
+        exclude(group = "org.eclipse.jetty", module = "jetty-io")
+        exclude(group = "org.eclipse.jetty", module = "jetty-server")
+        exclude(group = "org.eclipse.jetty", module = "jetty-util")
+        exclude(group = "org.eclipse.jetty", module = "jetty-webapp")
+    }
+
+    // Updated jetty versions for e.g. CVE-2023-26048
+    testImplementation("org.eclipse.jetty:jetty-client:11.0.15")
+    testImplementation("org.eclipse.jetty:jetty-http:11.0.15")
+    testImplementation("org.eclipse.jetty:jetty-io:11.0.15")
+    testImplementation("org.eclipse.jetty:jetty-server:11.0.15")
+    testImplementation("org.eclipse.jetty:jetty-util:11.0.15")
+    testImplementation("org.eclipse.jetty:jetty-webapp:11.0.15")
+
     testImplementation(project(":extensions:policy-always-true"))
     testImplementation("io.rest-assured:rest-assured:${restAssured}")
     testImplementation("org.assertj:assertj-core:${assertj}")
diff --git a/gradle.properties b/gradle.properties
index d4c931959..1bc19f3a5 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -9,7 +9,7 @@ assertj=3.23.1
 jupiterVersion=5.8.2
 mockitoVersion=4.8.0
 okHttpVersion=4.10.0
-jsonVersion=20220924
+jsonVersion=20230618
 restAssured=4.5.0
 flywayVersion=9.0.1
 postgresVersion=42.4.0