chore: update swing-kit 2.1.0 (#4351) (#4353)

* chore: update swing-kit 2.1.0 (#4351) * chore: update swing-kit 2.1.0 * Update generateAndCheckSBOM.js * Update pom.xml
vaadin · Jul 24, 2023 · dbb30ae · dbb30ae
1 parent ef4c9d9
commit dbb30ae
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 22 deletions.
diff --git a/scripts/generateAndCheckSBOM.js b/scripts/generateAndCheckSBOM.js
@@ -37,14 +37,20 @@ const licenseWhiteList = [
   VAADIN_LICENSE,
   'https://www.highcharts.com/license',
   'http://www.gnu.org/licenses/lgpl-3.0.html',
-  'CC-BY-3.0'
+  'CC-BY-3.0',
+  'http://oss.sgi.com/projects/FreeB',
+  'Apache-1.1',
+  'http://font.ubuntu.com/ufl/ubuntu-font-licence-1.0.txt',
+  'http://www.spdx.org/licenses/BSD-4-Clause'
 ];
 
 const cveWhiteList = {
   // Check fix in vaadin-testbench/pom.xml, and update when Selenium is fixed
   // 'pkg:maven/com.google.guava/[email protected]': ['CVE-2020-8908', 'CVE-2023-2976']
   // exclude jackson-databind:2.15.2, as https://github.com/jeremylong/DependencyCheck/issues/5779
-  'pkg:maven/com.fasterxml.jackson.core/[email protected]': ['CVE-2023-35116']
+  'pkg:maven/com.fasterxml.jackson.core/[email protected]': ['CVE-2023-35116'],
+  // false report from owasp, the CVEs are regarding flow-server and vaadin-text-field-flow with bad version range
+  'pkg:maven/com.vaadin/[email protected]': ['CVE-2021-31411', 'CVE-2020-36321', 'CVE-2021-31405', 'CVE-2021-31407', 'CVE-2021-31412', 'CVE-2021-31404', 'CVE-2021-33604']
 }
 
 const STYLE = `<style>

diff --git a/vaadin-platform-sbom/pom.xml b/vaadin-platform-sbom/pom.xml
@@ -61,26 +61,20 @@
             <groupId>com.vaadin</groupId>
             <artifactId>observability-kit-starter</artifactId>
         </dependency>
+        <dependency>
+            <groupId>com.vaadin</groupId>
+            <artifactId>vaadin-swing-kit-flow</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.vaadin</groupId>
+            <artifactId>vaadin-swing-kit-client</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.vaadin</groupId>
+            <artifactId>vaadin-swing-kit-client-api</artifactId>
+        </dependency>
     </dependencies>
     <profiles>
-        <profile>
-            <!-- temporary excluding these dependencies since spring and text-field deps are wrong -->
-            <id>swing</id>
-            <dependencies>
-                <dependency>
-                    <groupId>com.vaadin</groupId>
-                    <artifactId>vaadin-swing-kit-flow</artifactId>
-                </dependency>
-                <dependency>
-                    <groupId>com.vaadin</groupId>
-                    <artifactId>vaadin-swing-kit-client</artifactId>
-                </dependency>
-                <dependency>
-                    <groupId>com.vaadin</groupId>
-                    <artifactId>vaadin-swing-kit-client-api</artifactId>
-                </dependency>
-            </dependencies>
-        </profile>
         <profile>
             <id>production</id>
             <build>
@@ -112,4 +106,4 @@
             </dependencies>
         </profile>
     </profiles>
-</project>
+</project>
diff --git a/versions.json b/versions.json
@@ -328,7 +328,7 @@
             "jsVersion": "2.1.0"
         },
         "swing-kit": {
-            "javaVersion": "2.0.0"
+            "javaVersion": "2.1.0"
         },
         "vaadin-collaboration-engine": {
             "javaVersion": "6.0.0"