chore(SDBI-3897): Address security vulnerabilities associated with Vardict.

* Upgraded htsjdk to 3.0.5; this is not the latest available but the latest
  that does not carry compilation errors.
* Upgraded additional transitive dependencies with vulnerabilities (ant, commons-compress and snappy-java)
* Bumped version to 1.8.3.1
* Deleted pre-builded release zip files.

Author: vruano

Readme.md

@@ -1,7 +1,10 @@
 [![Bioconda](https://img.shields.io/badge/install%20with-bioconda-brightgreen.svg?style=flat)](https://bioconda.github.io/recipes/vardict-java/README.html)
 [![European Galaxy server](https://img.shields.io/badge/usegalaxy-.eu-brightgreen?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAASCAYAAABB7B6eAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAACXBIWXMAAAsTAAALEwEAmpwYAAACC2lUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOlJlc29sdXRpb25Vbml0PjI8L3RpZmY6UmVzb2x1dGlvblVuaXQ+CiAgICAgICAgIDx0aWZmOkNvbXByZXNzaW9uPjE8L3RpZmY6Q29tcHJlc3Npb24+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgICAgIDx0aWZmOlBob3RvbWV0cmljSW50ZXJwcmV0YXRpb24+MjwvdGlmZjpQaG90b21ldHJpY0ludGVycHJldGF0aW9uPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KD0UqkwAAAn9JREFUOBGlVEuLE0EQruqZiftwDz4QYT1IYM8eFkHFw/4HYX+GB3/B4l/YP+CP8OBNTwpCwFMQXAQPKtnsg5nJZpKdni6/6kzHvAYDFtRUT71f3UwAEbkLch9ogQxcBwRKMfAnM1/CBwgrbxkgPAYqlBOy1jfovlaPsEiWPROZmqmZKKzOYCJb/AbdYLso9/9B6GppBRqCrjSYYaquZq20EUKAzVpjo1FzWRDVrNay6C/HDxT92wXrAVCH3ASqq5VqEtv1WZ13Mdwf8LFyyKECNbgHHAObWhScf4Wnj9CbQpPzWYU3UFoX3qkhlG8AY2BTQt5/EA7qaEPQsgGLWied0A8VKrHAsCC1eJ6EFoUd1v6GoPOaRAtDPViUr/wPzkIFV9AaAZGtYB568VyJfijV+ZBzlVZJ3W7XHB2RESGe4opXIGzRTdjcAupOK09RA6kzr1NTrTj7V1ugM4VgPGWEw+e39CxO6JUw5XhhKihmaDacU2GiR0Ohcc4cZ+Kq3AjlEnEeRSazLs6/9b/kh4eTC+hngE3QQD7Yyclxsrf3cpxsPXn+cFdenF9aqlBXMXaDiEyfyfawBz2RqC/O9WF1ysacOpytlUSoqNrtfbS642+4D4CS9V3xb4u8P/ACI4O810efRu6KsC0QnjHJGaq4IOGUjWTo/YDZDB3xSIxcGyNlWcTucb4T3in/3IaueNrZyX0lGOrWndstOr+w21UlVFokILjJLFhPukbVY8OmwNQ3nZgNJNmKDccusSb4UIe+gtkI+9/bSLJDjqn763f5CQ5TLApmICkqwR0QnUPKZFIUnoozWcQuRbC0Km02knj0tPYx63furGs3x/iPnz83zJDVNtdP3QAAAABJRU5ErkJggg==)](https://usegalaxy.eu/root?tool_id=vardict_java)
 
-> This is the Final Version of VarDict. No longer maintained.
+This is a forked Version based on the original VarDict-Java 1.8.3 (the latest release produced).
+The intent of this fork is *not* to add new functionalty but just to do some basic maintenance of otherwise no longer
+supported valuable piece of software. This encompasses fixing security vulnerabilities and perhaps fix some
+"show stopper" bugs as these araise.
 
 # VarDictJava
 

build.gradle

@@ -4,7 +4,7 @@ plugins {
     id 'jacoco'
 }
 
-version = '1.8.3'
+version = '1.8.3.1'
 
 repositories { 
     mavenCentral() 
@@ -25,11 +25,18 @@ dependencies {
     compile 'commons-cli:commons-cli:1.2' 
     compile 'org.apache.commons:commons-math3:3.6.1'
     compile 'com.edropple.jregex:jregex:1.2_01'
-    compile('com.github.samtools:htsjdk:2.21.1') {
+    compile('com.github.samtools:htsjdk:3.0.5') {
         transitive = false
     }
+    // explicit commons-compress and snappy-java depenencies to force the use ot vulnerability free
+    // version of this packages.
+    compile 'org.apache.commons:commons-compress:1.26.1'
+    compile 'org.xerial.snappy:snappy-java:1.1.10.7'
+
     testCompile 'org.mockito:mockito-core:2.23.0'
     testCompile 'org.testng:testng:6.9.13.6'
+    // explicit ant dependency added to force upgrade to safe version for this testng dependency.
+    testCompile 'org.apache.ant:ant:1.10.15'
 }
 
 mainClassName = "com.astrazeneca.vardict.Main"

changelog.txt

@@ -1,3 +1,11 @@
+Version 1.8.3.1
+    - Updated htsjdk dependency to 3.0.5
+    - Upgrade transitive dependencies with vulneravilities to safe later versions: 
+      - org.apache.commons:commons-compress (-> 1.26.1)
+      - org.xerial.snappy:snappy-java (-> 1.1.10.7)
+      - org.apache.ant:ant (-> 1.10.15)
+    - Deleted previous release binaries from source tree.
+
 Version 1.8.3
     - Updated submodule and version.
     - Fixed check for introns for the case when deletion is next to insertion.