Remove vulnerable dependencies

[sdc.git] / common-app-api / pom.xml

diff --git a/common-app-api/pom.xml b/common-app-api/pom.xml
index d8eea99..3d42d47 100644 (file)
--- a/common-app-api/pom.xml
+++ b/common-app-api/pom.xml
@@ -9,10 +9,25 @@
   <parent>
     <groupId>org.openecomp.sdc</groupId>
     <artifactId>sdc-main</artifactId>
-    <version>1.9.2-SNAPSHOT</version>
+    <version>1.11.8-SNAPSHOT</version>
   </parent>
 
   <dependencies>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter</artifactId>
+      <version>${spring.boot.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>org.yaml</groupId>
+          <artifactId>snakeyaml</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.springframework</groupId>
+          <artifactId>spring-core</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
     <dependency>
       <groupId>org.onap.sdc.sdc-be-common</groupId>
       <artifactId>security-util-lib</artifactId>
@@ -22,6 +37,10 @@
           <groupId>org.springframework.boot</groupId>
           <artifactId>spring-boot-starter-logging</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.springframework.boot</groupId>
+          <artifactId>spring-boot-starter</artifactId>
+        </exclusion>
         <exclusion>
           <groupId>org.springframework</groupId>
           <artifactId>spring-context</artifactId>
@@ -42,8 +61,22 @@
           <groupId>org.springframework</groupId>
           <artifactId>spring-core</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.onap.portal.sdk</groupId>
+          <artifactId>epsdk-fw</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.glassfish</groupId>
+          <artifactId>jakarta.el</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
+    <dependency>
+      <groupId>org.glassfish</groupId>
+      <artifactId>jakarta.el</artifactId>
+      <version>${jakarta.el.version}</version>
+    </dependency>
+
     <dependency>
       <groupId>commons-io</groupId>
       <artifactId>commons-io</artifactId>
@@ -122,6 +155,12 @@
       <artifactId>httpclient</artifactId>
       <version>${httpclient.version}</version>
       <scope>provided</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>org.apache.httpcomponents</groupId>
+          <artifactId>httpcore</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>
@@ -273,7 +312,7 @@
     <dependency>
       <groupId>org.jsoup</groupId>
       <artifactId>jsoup</artifactId>
-      <version>1.8.3</version>
+      <version>1.14.3</version>
     </dependency>
 
     <dependency>
@@ -289,9 +328,9 @@
     </dependency>
 
     <dependency>
-      <artifactId>commons-collections</artifactId>
-      <groupId>commons-collections</groupId>
-      <version>3.2.2</version>
+      <groupId>org.apache.commons</groupId>
+      <artifactId>commons-collections4</artifactId>
+      <version>${commons.collections.version}</version>
     </dependency>
 
     <dependency>
@@ -317,6 +356,12 @@
       <artifactId>cassandra-driver-mapping</artifactId>
       <version>${cassandra.driver.version}</version>
       <scope>compile</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>com.github.jnr</groupId>
+          <artifactId>jnr-posix</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.apache.commons</groupId>