search

wso2 / testgrid

TestGrid provides the enterprise customers confidence on the products and updates WSO2 ship.
Apache License 2.0
55 stars 65 forks source link

Dependency org.apache.httpcomponents:httpclient, leading to CVE problem #1448

Open CVEDetect opened 1 year ago

CVEDetect commented 1 year ago

Hi, In /infrastructure,there is a dependency org.apache.httpcomponents:httpclient:4.5.3 that calls the risk method.

CVE-2020-13956

The scope of this CVE affected version is [,4.5.13)

After further analysis, in this project, the main Api called is org.apache.http.client.utils.URIUtils: extractHost(java.net.URI)Lorg.apache.http.HttpHost;

Risk method repair link : GitHub

CVE Bug Invocation Path--

Path Length : 9

org.wso2.testgrid.infrastructure.providers.AWSProvider: provision(org.wso2.testgrid.common.TestPlan,org.wso2.testgrid.common.config.Script)Lorg.wso2.testgrid.common.InfrastructureProvisionResult; /download/apache-maven-3.6.3/repository_mount/org/glassfish/hk2/hk2-utils/2.4.0-b34/hk2-utils-2.4.0-b34.jar
org.wso2.testgrid.infrastructure.providers.AWSProvider: doProvision(org.wso2.testgrid.common.config.Script,java.util.Properties,org.wso2.testgrid.common.TestPlan)Lorg.wso2.testgrid.common.InfrastructureProvisionResult; /download/apache-maven-3.6.3/repository_mount/org/glassfish/hk2/hk2-utils/2.4.0-b34/hk2-utils-2.4.0-b34.jar
org.wso2.testgrid.infrastructure.providers.AWSProvider: deriveLogDashboardUrl(org.wso2.testgrid.common.TestPlan,java.lang.String,java.lang.String)V /download/apache-maven-3.6.3/repository_mount/org/glassfish/hk2/hk2-utils/2.4.0-b34/hk2-utils-2.4.0-b34.jar
org.wso2.testgrid.common.logging.KibanaDashboardBuilder: buildDashBoard(java.util.Map,java.lang.String,boolean)Ljava.util.Optional; /download/apache-maven-3.6.3/repository_mount/org/glassfish/hk2/hk2-utils/2.4.0-b34/hk2-utils-2.4.0-b34.jar
org.wso2.testgrid.common.logging.KibanaDashboardBuilder: shortenKibanaURL(java.lang.String)Ljava.util.Optional; /download/apache-maven-3.6.3/repository_mount/org/glassfish/hk2/hk2-utils/2.4.0-b34/hk2-utils-2.4.0-b34.jar
org.apache.http.impl.client.CloseableHttpClient: execute(org.apache.http.client.methods.HttpUriRequest)Lorg.apache.http.client.methods.CloseableHttpResponse; /download/apache-maven-3.6.3/repository_mount/org/glassfish/hk2/hk2-utils/2.4.0-b34/hk2-utils-2.4.0-b34.jar
org.apache.http.impl.client.CloseableHttpClient: execute(org.apache.http.client.methods.HttpUriRequest,org.apache.http.protocol.HttpContext)Lorg.apache.http.client.methods.CloseableHttpResponse; /download/apache-maven-3.6.3/repository_mount/org/glassfish/hk2/hk2-utils/2.4.0-b34/hk2-utils-2.4.0-b34.jar
org.apache.http.impl.client.CloseableHttpClient: determineTarget(org.apache.http.client.methods.HttpUriRequest)Lorg.apache.http.HttpHost; /download/apache-maven-3.6.3/repository_mount/org/glassfish/hk2/hk2-utils/2.4.0-b34/hk2-utils-2.4.0-b34.jar
org.apache.http.client.utils.URIUtils: extractHost(java.net.URI)Lorg.apache.http.HttpHost;

Dependency tree--

[INFO] org.wso2.testgrid:org.wso2.testgrid.infrastructure:jar:1.0.8-SNAPSHOT
[INFO] +- org.wso2.testgrid:org.wso2.testgrid.common:jar:1.0.8-SNAPSHOT:compile
[INFO] |  +- org.eclipse.persistence:javax.persistence:jar:2.2.0:compile
[INFO] |  +- org.yaml:snakeyaml:jar:1.24:compile
[INFO] |  +- com.fasterxml.jackson.core:jackson-core:jar:2.8.0:compile
[INFO] |  +- org.apache.commons:commons-collections4:jar:4.1:compile
[INFO] |  +- commons-io:commons-io:jar:2.6:compile
[INFO] |  +- org.apache.commons:commons-lang3:jar:3.4:compile
[INFO] |  +- org.influxdb:influxdb-java:jar:2.11:compile
[INFO] |  |  +- com.squareup.retrofit2:retrofit:jar:2.4.0:compile
[INFO] |  |  +- com.squareup.retrofit2:converter-moshi:jar:2.4.0:compile
[INFO] |  |  |  \- com.squareup.moshi:moshi:jar:1.5.0:compile
[INFO] |  |  +- com.squareup.okhttp3:okhttp:jar:3.10.0:compile
[INFO] |  |  |  \- com.squareup.okio:okio:jar:1.14.0:compile
[INFO] |  |  \- com.squareup.okhttp3:logging-interceptor:jar:3.10.0:compile
[INFO] |  +- org.apache.httpcomponents.client5:httpclient5-fluent:jar:5.0-alpha3:compile
[INFO] |  |  \- org.apache.httpcomponents.client5:httpclient5:jar:5.0-alpha3:compile
[INFO] |  |     +- org.apache.httpcomponents.core5:httpcore5:jar:5.0-beta1:compile
[INFO] |  |     \- org.apache.httpcomponents.core5:httpcore5-h2:jar:5.0-beta1:compile
[INFO] |  +- org.json:json:jar:20180130:compile
[INFO] |  +- commons-dbutils:commons-dbutils:jar:1.6:compile
[INFO] |  +- org.glassfish.jersey.core:jersey-server:jar:2.22.2:compile
[INFO] |  |  +- org.glassfish.jersey.core:jersey-common:jar:2.22.2:compile
[INFO] |  |  |  +- org.glassfish.jersey.bundles.repackaged:jersey-guava:jar:2.22.2:compile
[INFO] |  |  |  \- org.glassfish.hk2:osgi-resource-locator:jar:1.0.1:compile
[INFO] |  |  +- org.glassfish.jersey.core:jersey-client:jar:2.22.2:compile
[INFO] |  |  +- javax.ws.rs:javax.ws.rs-api:jar:2.0.1:compile
[INFO] |  |  +- org.glassfish.jersey.media:jersey-media-jaxb:jar:2.22.2:compile
[INFO] |  |  +- javax.annotation:javax.annotation-api:jar:1.2:compile
[INFO] |  |  +- org.glassfish.hk2:hk2-api:jar:2.4.0-b34:compile
[INFO] |  |  |  +- org.glassfish.hk2:hk2-utils:jar:2.4.0-b34:compile
[INFO] |  |  |  \- org.glassfish.hk2.external:aopalliance-repackaged:jar:2.4.0-b34:compile
[INFO] |  |  +- org.glassfish.hk2.external:javax.inject:jar:2.4.0-b34:compile
[INFO] |  |  +- org.glassfish.hk2:hk2-locator:jar:2.4.0-b34:compile
[INFO] |  |  \- javax.validation:validation-api:jar:1.1.0.Final:compile
[INFO] |  +- org.glassfish.jersey.media:jersey-media-json-jackson:jar:2.22.2:compile
[INFO] |  |  +- org.glassfish.jersey.ext:jersey-entity-filtering:jar:2.22.2:compile
[INFO] |  |  +- com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:jar:2.5.4:compile
[INFO] |  |  \- com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:jar:2.5.4:compile
[INFO] |  |     \- com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.5.4:compile
[INFO] |  +- org.elasticsearch:elasticsearch:jar:6.4.1:compile
[INFO] |  |  +- org.elasticsearch:elasticsearch-core:jar:6.4.1:compile
[INFO] |  |  +- org.elasticsearch:elasticsearch-secure-sm:jar:6.4.1:compile
[INFO] |  |  +- org.elasticsearch:elasticsearch-x-content:jar:6.4.1:compile
[INFO] |  |  |  +- com.fasterxml.jackson.dataformat:jackson-dataformat-smile:jar:2.8.10:compile
[INFO] |  |  |  \- com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:jar:2.8.10:compile
[INFO] |  |  +- org.apache.lucene:lucene-core:jar:7.4.0:compile
[INFO] |  |  +- org.apache.lucene:lucene-analyzers-common:jar:7.4.0:compile
[INFO] |  |  +- org.apache.lucene:lucene-backward-codecs:jar:7.4.0:compile
[INFO] |  |  +- org.apache.lucene:lucene-grouping:jar:7.4.0:compile
[INFO] |  |  +- org.apache.lucene:lucene-highlighter:jar:7.4.0:compile
[INFO] |  |  +- org.apache.lucene:lucene-join:jar:7.4.0:compile
[INFO] |  |  +- org.apache.lucene:lucene-memory:jar:7.4.0:compile
[INFO] |  |  +- org.apache.lucene:lucene-misc:jar:7.4.0:compile
[INFO] |  |  +- org.apache.lucene:lucene-queries:jar:7.4.0:compile
[INFO] |  |  +- org.apache.lucene:lucene-queryparser:jar:7.4.0:compile
[INFO] |  |  +- org.apache.lucene:lucene-sandbox:jar:7.4.0:compile
[INFO] |  |  +- org.apache.lucene:lucene-spatial:jar:7.4.0:compile
[INFO] |  |  +- org.apache.lucene:lucene-spatial-extras:jar:7.4.0:compile
[INFO] |  |  +- org.apache.lucene:lucene-spatial3d:jar:7.4.0:compile
[INFO] |  |  +- org.apache.lucene:lucene-suggest:jar:7.4.0:compile
[INFO] |  |  +- org.elasticsearch:elasticsearch-cli:jar:6.4.1:compile
[INFO] |  |  |  \- net.sf.jopt-simple:jopt-simple:jar:5.0.2:compile
[INFO] |  |  +- com.carrotsearch:hppc:jar:0.7.1:compile
[INFO] |  |  +- joda-time:joda-time:jar:2.10:compile
[INFO] |  |  +- com.tdunning:t-digest:jar:3.2:compile
[INFO] |  |  +- org.hdrhistogram:HdrHistogram:jar:2.1.9:compile
[INFO] |  |  \- org.elasticsearch:jna:jar:4.5.1:compile
[INFO] |  \- org.elasticsearch.client:elasticsearch-rest-high-level-client:jar:6.4.2:compile
[INFO] |     +- org.elasticsearch.client:elasticsearch-rest-client:jar:6.4.2:compile
[INFO] |     |  +- org.apache.httpcomponents:httpasyncclient:jar:4.1.2:compile
[INFO] |     |  \- org.apache.httpcomponents:httpcore-nio:jar:4.4.5:compile
[INFO] |     +- org.elasticsearch.plugin:parent-join-client:jar:6.4.2:compile
[INFO] |     +- org.elasticsearch.plugin:aggs-matrix-stats-client:jar:6.4.2:compile
[INFO] |     +- org.elasticsearch.plugin:rank-eval-client:jar:6.4.2:compile
[INFO] |     \- org.elasticsearch.plugin:lang-mustache-client:jar:6.4.2:compile
[INFO] |        \- com.github.spullara.mustache.java:compiler:jar:0.9.5:compile
[INFO] +- org.wso2.testgrid:org.wso2.testgrid.logging:jar:1.0.8-SNAPSHOT:test
[INFO] |  +- org.apache.logging.log4j:log4j-core:jar:2.11.0:test
[INFO] |  +- org.apache.logging.log4j:log4j-slf4j-impl:jar:2.11.0:test
[INFO] |  +- org.apache.logging.log4j:log4j-api:jar:2.11.0:compile
[INFO] |  \- org.eclipse.persistence:org.eclipse.persistence.core:jar:2.2.0:compile
[INFO] |     +- org.eclipse.persistence:org.eclipse.persistence.asm:jar:2.2.0:compile
[INFO] |     \- org.eclipse.persistence:org.eclipse.persistence.antlr:jar:2.2.0:compile
[INFO] +- org.wso2.testgrid:org.wso2.testgrid.dao:jar:1.0.8-SNAPSHOT:compile
[INFO] |  +- org.eclipse.persistence:org.eclipse.persistence.jpa:jar:2.2.0:compile
[INFO] |  \- com.google.guava:guava:jar:19.0:compile
[INFO] +- mysql:mysql-connector-java:jar:8.0.12:test
[INFO] |  \- com.google.protobuf:protobuf-java:jar:2.6.0:test
[INFO] +- org.slf4j:slf4j-api:jar:1.7.25:compile
[INFO] +- com.fasterxml.jackson.core:jackson-databind:jar:2.8.0:compile
[INFO] |  \- com.fasterxml.jackson.core:jackson-annotations:jar:2.8.0:compile
[INFO] +- com.amazonaws:aws-java-sdk:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-mobile:jar:1.11.219:compile
[INFO] |  |  \- com.amazonaws:jmespath-java:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-cloudhsmv2:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-glue:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-migrationhub:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-dax:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-greengrass:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-athena:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-marketplaceentitlement:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-codestar:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-lexmodelbuilding:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-resourcegroupstaggingapi:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-pinpoint:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-xray:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-opsworkscm:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-support:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-simpledb:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-servicecatalog:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-servermigration:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-simpleworkflow:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-storagegateway:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-route53:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-s3:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-importexport:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-sts:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-sqs:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-rds:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-redshift:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-elasticbeanstalk:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-glacier:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-iam:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-datapipeline:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-elasticloadbalancing:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-elasticloadbalancingv2:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-emr:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-elasticache:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-elastictranscoder:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-ec2:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-dynamodb:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-sns:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-budgets:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-cloudtrail:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-cloudwatch:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-logs:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-events:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-cognitoidentity:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-cognitosync:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-directconnect:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-cloudformation:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-cloudfront:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-clouddirectory:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-kinesis:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-opsworks:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-ses:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-autoscaling:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-cloudsearch:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-cloudwatchmetrics:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-codedeploy:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-codepipeline:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-kms:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-config:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-lambda:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-ecs:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-ecr:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-cloudhsm:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-ssm:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-workspaces:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-machinelearning:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-directory:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-efs:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-codecommit:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-devicefarm:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-elasticsearch:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-waf:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-marketplacecommerceanalytics:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-inspector:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-iot:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-api-gateway:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-acm:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-gamelift:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-dms:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-marketplacemeteringservice:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-cognitoidp:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-discovery:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-applicationautoscaling:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-snowball:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-rekognition:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-polly:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-lightsail:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-stepfunctions:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-health:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-costandusagereport:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-codebuild:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-appstream:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-shield:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-batch:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-lex:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-mechanicalturkrequester:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-organizations:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-workdocs:jar:1.11.219:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-core:jar:1.11.219:compile
[INFO] |  |  +- software.amazon.ion:ion-java:jar:1.0.2:compile
[INFO] |  |  \- com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:jar:2.6.7:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-models:jar:1.11.219:compile
[INFO] |  \- com.amazonaws:aws-java-sdk-swf-libraries:jar:1.11.22:compile
[INFO] +- org.apache.httpcomponents:httpclient:jar:4.5.3:compile
[INFO] |  +- org.apache.httpcomponents:httpcore:jar:4.4.6:compile
[INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
[INFO] |  \- commons-codec:commons-codec:jar:1.9:compile
[INFO] +- org.testng:testng:jar:6.11:test
[INFO] |  \- com.beust:jcommander:jar:1.64:test
[INFO] +- org.mockito:mockito-all:jar:1.10.19:test
[INFO] +- org.powermock:powermock-module-testng:jar:1.7.4:test
[INFO] |  +- org.powermock:powermock-core:jar:1.7.4:test
[INFO] |  |  +- org.powermock:powermock-reflect:jar:1.7.4:test
[INFO] |  |  \- org.javassist:javassist:jar:3.21.0-GA:compile
[INFO] |  \- org.powermock:powermock-module-testng-common:jar:1.7.4:test
[INFO] +- org.powermock:powermock-api-mockito:jar:1.7.4:test
[INFO] |  +- org.powermock:powermock-api-mockito-common:jar:1.7.4:test
[INFO] |  |  \- org.powermock:powermock-api-support:jar:1.7.4:test
[INFO] |  \- org.mockito:mockito-core:jar:1.10.19:test
[INFO] +- org.jacoco:org.jacoco.agent:jar:runtime:0.7.9:compile
[INFO] +- org.awaitility:awaitility:jar:3.0.0:compile
[INFO] |  +- org.hamcrest:hamcrest-library:jar:1.3:compile
[INFO] |  +- org.hamcrest:hamcrest-core:jar:1.3:compile
[INFO] |  \- org.objenesis:objenesis:jar:2.5.1:compile
[INFO] \- com.google.code.gson:gson:jar:2.2.4:compile

Suggested solutions:

Update dependency version

Thank you very much.