[NO_ISSUE] Upgrade owm-japis to fix CVE-2018-1000850

[gitgabrio]

Bringed in by owm-japis.

GroupId: net.aksingh
ArtifactId: owm-japis
Version: 2.5.5.2

Description: Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. This attack appear to be exploitable via An attacker should have access to an encoded path parameter on POST, PUT or DELETE request.. This vulnerability appears to have been fixed in 2.5.0 and later.

Top fix: The owm-japis library transitively brings in a vulnerable library retrofit and vulnerable kotlin libraries. Update to version of owm-japis library containing fixed retrofit library based on the following recommendation: Upgrade to version parent-2.5.0
Also it needs to contain kotlin-stdlib libraries in version 1.6.0.

How to replicate CI configuration locally?

Build Chain tool does "simple" maven build(s), the builds are just Maven commands, but because the repositories relates and depends on each other and any change in API or class method could affect several of those repositories there is a need to use build-chain tool to handle cross repository builds and be sure that we always use latest version of the code for each repository.

build-chain tool is a build tool which can be used on command line locally or in Github Actions workflow(s), in case you need to change multiple repositories and send multiple dependent pull requests related with a change you can easily reproduce the same build by executing it on Github hosted environment or locally in your development environment. See local execution details to get more information about it.

How to retest this PR or trigger a specific build:

• a pull request please add comment: Jenkins retest this

• a full downstream build please add comment: Jenkins run fdb

• a compile downstream build please add comment: Jenkins run cdb

• a full production downstream build please add comment: Jenkins execute product fdb

• an upstream build please add comment: Jenkins run upstream

How to backport a pull request to a different branch?

In order to automatically create a backporting pull request please add one or more labels having the following format backport-<branch-name>, where <branch-name> is the name of the branch where the pull request must be backported to (e.g., backport-7.67.x to backport the original PR to the 7.67.x branch).

NOTE: backporting is an action aiming to move a change (usually a commit) from a branch (usually the main one) to another one, which is generally referring to a still maintained release branch. Keeping it simple: it is about to move a specific change or a set of them from one branch to another.

Once the original pull request is successfully merged, the automated action will create one backporting pull request per each label (with the previous format) that has been added.

If something goes wrong, the author will be notified and at this point a manual backporting is needed.

NOTE: this automated backporting is triggered whenever a pull request on main branch is labeled or closed, but both conditions must be satisfied to get the new PR created.

[baldimir]

Please ignore, if there are test failures about Kafka version.

[baldimir]

jenkins run cdb

[baldimir]

jenkins run fdb

[baldimir]

jenkins retest this