Updated dependencies to address major CVEs

- updated LICENSE and NOTICE files accordingly
- updated sub-module links

build.gradle

@@ -30,15 +30,14 @@ buildscript {
     classpath 'de.undercouch:gradle-download-task:3.4.3'
     classpath 'net.rdrei.android.buildtimetracker:gradle-plugin:0.11.+'
     classpath 'com.netflix.nebula:gradle-ospackage-plugin:5.2.+'
-    // classpath 'org.owasp:dependency-check-gradle:6.5.3'
+    classpath 'org.owasp:dependency-check-gradle:7.1.0.1'
   }
 }
 
 apply plugin: 'wrapper'
 apply plugin: 'distribution'
 apply plugin: 'nebula.ospackage-base'
 apply plugin: "nebula.ospackage"
-// apply plugin: 'org.owasp.dependencycheck'
 
 // def isEnterpriseProduct = rootProject.hasProperty('snappydata.enterprise')
 
@@ -70,6 +69,7 @@ allprojects {
   apply plugin: 'com.github.johnrengelman.shadow'
   apply plugin: 'idea'
   apply plugin: "build-time-tracker"
+  apply plugin: 'org.owasp.dependencycheck'
 
   group = 'io.snappydata'
   version = '1.3.1'
@@ -112,7 +112,7 @@ allprojects {
     snappySparkMetricsLibVersion = '2.0.0.1'
     log4j2Version = '2.17.2'
     slf4jVersion = '1.7.32'
-    junitVersion = '4.12'
+    junitVersion = '4.13.2'
     mockitoVersion = '1.10.19'
     hadoopVersion = '3.2.0'
     awsSdkVersion = '1.11.375'
@@ -126,8 +126,8 @@ allprojects {
     fastutilVersion = '8.5.6'
     kryoVersion = '4.0.1'
     thriftVersion = '0.9.3'
-    jacksonVersion = '2.13.1'
-    jacksonDatabindVersion = '2.13.1'
+    jacksonVersion = '2.13.3'
+    jacksonDatabindVersion = '2.13.3'
     hiveVersion = '1.21.2.7.0.3.2-3'
     metricsVersion = '4.0.3'
     metrics2Version = '2.2.0'
@@ -140,6 +140,7 @@ allprojects {
     objenesisVersion = '3.0.1'
     rabbitMqVersion = '4.9.1'
     akkaVersion = '2.3.16'
+    nettyAkkaVersion = '3.10.6.Final'
     sprayVersion = '1.3.4'
     sprayJsonVersion = '1.3.5'
     sprayShapelessVersion = '1.3.3'
@@ -148,7 +149,7 @@ allprojects {
     jodaTimeVersion = '2.10.1'
     slickVersion = '2.1.0'
     h2Version = '1.3.176'
-    commonsIoVersion = '2.6'
+    commonsIoVersion = '2.11.0'
     commonsPoolVersion = '1.6'
     dbcpVersion = '1.4'
     shiroVersion = '1.2.6'
@@ -990,7 +991,7 @@ gradle.taskGraph.whenReady { graph ->
 Set<String> skipPublishFor = [
   'snappydata_' + scalaBinaryVersion, 'snappy-spark', 'snappy-store',
   'snappy-dtests_' + scalaBinaryVersion, 'snappy-compatibility-tests_' + scalaBinaryVersion,
-  'snappydata-native', 'snappydata-store-prebuild',
+  'gemfire-junit', 'snappydata-native', 'snappydata-store-prebuild',
   'snappy-spark-assembly_' + scalaBinaryVersion
 ]
 

cluster/build.gradle

@@ -171,7 +171,11 @@ dependencies {
     //exclude(group: 'org.scala-lang', module: 'scala-library')
     //exclude(group: 'org.apache.avro', module: 'avro')
   }
-  compile(group:'com.google.cloud.bigdataoss', name:'gcs-connector', version: gcsHadoop3ConnectorVersion, classifier: 'shaded')
+  compile(group:'com.google.cloud.bigdataoss', name:'gcs-connector', version: gcsHadoop3ConnectorVersion, classifier: 'shaded') {
+    // shaded jar includes all dependencies but the pom still lists all dependencies as per
+    // the non-shaded jar, so skip all dependencies explicitly
+    transitive = false
+  }
 
   testCompile project(':dunit')
   testCompile "org.eclipse.collections:eclipse-collections:${eclipseCollectionsVersion}"

core/src/dunit/scala/io/snappydata/cluster/SnappyJobTestSupport.scala

@@ -53,7 +53,7 @@ trait SnappyJobTestSupport extends Logging {
    *                       exceeds specified time, the method will throw exception.
    */
   def submitAndWaitForCompletion(classFullName: String, jobCmdAffix: String = "",
-      waitTimeMillis: Int = 60000): Unit = {
+      waitTimeMillis: Int = 120000): Unit = {
     val consoleLog: String = submitJob(classFullName, jobCmdAffix)
     logInfo("Job submission response:" + consoleLog)
     val jobId = getJobId(consoleLog)