Merge "upgrade spring.framework to latest 5.2.3 to avoid CVE-2020-5398/7"

[vid.git] / epsdk-app-onap / pom.xml

diff --git a/epsdk-app-onap/pom.xml b/epsdk-app-onap/pom.xml
index e6f8b37..a7ce6b4 100755 (executable)
--- a/epsdk-app-onap/pom.xml
+++ b/epsdk-app-onap/pom.xml
@@ -8,7 +8,7 @@
         the Portal team. -->
     <groupId>org.onap.vid</groupId>
     <artifactId>epsdk-app-onap</artifactId>
-    <version>5.0.0-SNAPSHOT</version>
+    <version>6.0.3-SNAPSHOT</version>
     <packaging>war</packaging>
     <name>ECOMP SDK Webapp for OpenSource</name>
     <description>ECOMP SDK Web Application for public release</description>
@@ -16,7 +16,7 @@
     <parent>
         <groupId>org.onap.oparent</groupId>
         <artifactId>oparent</artifactId>
-        <version>2.0.0</version>
+        <version>2.1.0</version>
         <relativePath/>
     </parent>
 
@@ -24,9 +24,11 @@
         <encoding>UTF-8</encoding>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-        <epsdk.version>2.5.0</epsdk.version>
-        <jackson.version>2.9.8</jackson.version>
-        <springframework.version>5.1.6.RELEASE</springframework.version>
+        <epsdk.version>2.6.0</epsdk.version>
+        <epsdk.overlay.version>2.5.0</epsdk.overlay.version>
+        <jackson.version>2.10.1</jackson.version>
+        <jackson.databind.version>2.10.1</jackson.databind.version>
+        <springframework.version>5.2.3.RELEASE</springframework.version>
         <!-- epsdk-core is importing this class, which is only on spring-orm 4 but not in orm 5:
          org.springframework.orm.hibernate4.HibernateTransactionManager
          so following orm.version lets epsdk-core find it -->
@@ -268,7 +270,7 @@
         <dependency>
             <groupId>org.onap.portal.sdk</groupId>
             <artifactId>epsdk-app-overlay</artifactId>
-            <version>${epsdk.version}</version>
+            <version>${epsdk.overlay.version}</version>
             <type>war</type>
         </dependency>
         <dependency>
@@ -337,7 +339,7 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>${jackson.version}</version>
+            <version>${jackson.databind.version}</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.module</groupId>
@@ -370,7 +372,7 @@
         <dependency>
             <groupId>io.searchbox</groupId>
             <artifactId>jest</artifactId>
-            <version>2.0.0</version>
+            <version>6.3.1</version>
             <exclusions>
                 <exclusion>
                     <groupId>commons-logging</groupId>
@@ -381,7 +383,7 @@
         <dependency>
             <groupId>javax.servlet</groupId>
             <artifactId>javax.servlet-api</artifactId>
-            <version>3.1.0</version>
+            <version>4.0.1</version>
         </dependency>
         <dependency>
             <groupId>junit</groupId>
@@ -391,17 +393,17 @@
         <dependency>
             <groupId>org.json</groupId>
             <artifactId>json</artifactId>
-            <version>20160212</version>
+            <version>20190722</version>
         </dependency>
         <dependency>
             <groupId>org.liquibase</groupId>
             <artifactId>liquibase-core</artifactId>
-            <version>3.5.5</version>
+            <version>3.7.0</version>
         </dependency>
         <dependency>
             <groupId>org.quartz-scheduler</groupId>
             <artifactId>quartz</artifactId>
-            <version>2.2.1</version>
+            <version>2.3.1</version>
             <exclusions>
                 <!-- exclude 0.9.1.1 to avoid dupe of com.mchange:c3p0:0.9.2.1 -->
                 <exclusion>
@@ -414,7 +416,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>jcl-over-slf4j</artifactId>
-            <version>1.7.12</version>
+            <version>1.7.27</version>
         </dependency>
 
         <!-- springframework to override epsdk-app-common's and epsdk-core's versions -->
@@ -468,7 +470,7 @@
         <dependency>
             <groupId>javax.xml.bind</groupId>
             <artifactId>jaxb-api</artifactId>
-            <version>2.2.3</version>
+            <version>2.3.1</version>
         </dependency>
 
     </dependencies>