Update vulnerable dependencies

Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: I167b69de1736c81187ab3596169c6043108546b2
Issue-ID: SDC-4017

diff --git a/catalog-be/pom.xml b/catalog-be/pom.xml
index a7bcd7a..b28a9e1 100644 (file)
--- a/catalog-be/pom.xml
+++ b/catalog-be/pom.xml
@@ -584,8 +584,7 @@
         <dependency>
             <groupId>org.json</groupId>
             <artifactId>json</artifactId>
-            <version>20131018</version>
-            <scope>compile</scope>
+            <version>${org.json.version}</version>
         </dependency>
 
         <!-- CASSANDRA -->
@@ -951,6 +950,11 @@
             <artifactId>commons-collections4</artifactId>
             <version>${commons.collections.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter</artifactId>
+            <version>${spring.boot.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.onap.sdc.sdc-be-common</groupId>
             <artifactId>security-util-lib</artifactId>
@@ -960,6 +964,10 @@
                     <groupId>org.springframework.boot</groupId>
                     <artifactId>spring-boot-starter-logging</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.springframework.boot</groupId>
+                    <artifactId>spring-boot-starter</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>

diff --git a/catalog-dao/pom.xml b/catalog-dao/pom.xml
index ce357ac..4bac720 100644 (file)
--- a/catalog-dao/pom.xml
+++ b/catalog-dao/pom.xml
@@ -388,6 +388,11 @@ Modifications copyright (c) 2018 Nokia
       <version>${cassandra.driver.version}</version>
       <scope>provided</scope>
     </dependency>
+    <dependency>
+      <groupId>io.netty</groupId>
+      <artifactId>netty-common</artifactId>
+      <version>${netty.version}</version>
+    </dependency>
     <dependency>
       <groupId>com.datastax.oss</groupId>
       <artifactId>java-driver-core</artifactId>
@@ -397,6 +402,10 @@ Modifications copyright (c) 2018 Nokia
           <groupId>org.apache.tinkerpop</groupId>
           <artifactId>gremlin-driver</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>io.netty</groupId>
+          <artifactId>netty-common</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>

diff --git a/common-app-api/pom.xml b/common-app-api/pom.xml
index 4a829bf..c7989b9 100644 (file)
--- a/common-app-api/pom.xml
+++ b/common-app-api/pom.xml
@@ -13,6 +13,11 @@
   </parent>
 
   <dependencies>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter</artifactId>
+      <version>${spring.boot.version}</version>
+    </dependency>
     <dependency>
       <groupId>org.onap.sdc.sdc-be-common</groupId>
       <artifactId>security-util-lib</artifactId>
@@ -22,6 +27,10 @@
           <groupId>org.springframework.boot</groupId>
           <artifactId>spring-boot-starter-logging</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.springframework.boot</groupId>
+          <artifactId>spring-boot-starter</artifactId>
+        </exclusion>
         <exclusion>
           <groupId>org.springframework</groupId>
           <artifactId>spring-context</artifactId>

diff --git a/openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/pom.xml b/openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/pom.xml
index 2f48121..959597a 100644 (file)
--- a/openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/pom.xml
+++ b/openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/pom.xml
@@ -83,10 +83,21 @@
       <artifactId>jackson-databind</artifactId>
       <version>${jackson.version}</version>
     </dependency>
+    <dependency>
+      <groupId>org.json</groupId>
+      <artifactId>json</artifactId>
+      <version>${org.json.version}</version>
+    </dependency>
     <dependency>
       <groupId>org.everit.json</groupId>
       <artifactId>org.everit.json.schema</artifactId>
       <version>${org.everit.json.schema.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>org.json</groupId>
+          <artifactId>json</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.openecomp.sdc</groupId>

diff --git a/pom.xml b/pom.xml
index 2fb1276..a17a0e1 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -47,15 +47,16 @@ Modifications copyright (c) 2018-2019 Nokia
         <lang3.version>3.10</lang3.version>
         <guava.version>30.1-jre</guava.version>
         <janusgraph.version>0.3.3</janusgraph.version>
-        <spring.version>5.3.13</spring.version>
+        <spring.version>5.3.18</spring.version>
+        <spring.boot.version>2.2.13.RELEASE</spring.boot.version>
         <jersey-bom.version>2.34</jersey-bom.version>
-        <netty.version>4.1.68.Final</netty.version>
+        <netty.version>4.1.77.Final</netty.version>
         <servlet-api.version>4.0.1</servlet-api.version>
         <wire-mock.version>2.26.3</wire-mock.version>
         <ecomp.version>3.4.0</ecomp.version>
         <cassandra.unit.version>4.3.1.0</cassandra.unit.version>
         <cadi.version>2.1.8</cadi.version>
-        <lombok.version>1.18.20</lombok.version>
+        <lombok.version>1.18.24</lombok.version>
         <commons-beanutils>1.9.4</commons-beanutils>
         <commons.io.version>2.8.0</commons.io.version>
         <commons-configuration>2.7</commons-configuration>
@@ -68,6 +69,7 @@ Modifications copyright (c) 2018-2019 Nokia
         <swagger-core-mvn-plugin.version>2.1.7</swagger-core-mvn-plugin.version>
         <maven-antrun-plugin.version>3.0.0</maven-antrun-plugin.version>
         <hibernate.validator.version>6.1.6.Final</hibernate.validator.version>
+        <org.json.version>20220320</org.json.version>
 
         <commons.collections.version>4.1</commons.collections.version>
         <ws.rs.version>2.1.1</ws.rs.version>
@@ -82,7 +84,7 @@ Modifications copyright (c) 2018-2019 Nokia
         <org.dom4j.version>2.1.3</org.dom4j.version>
 
         <!-- JSON and YAML Parsing -->
-        <jackson.version>2.12.4</jackson.version>
+        <jackson.version>2.12.7</jackson.version>
         <jackson-annotations.version>${jackson.version}</jackson-annotations.version>
 
         <clearspring.version>2.1.1</clearspring.version>
@@ -175,7 +177,7 @@ Modifications copyright (c) 2018-2019 Nokia
         <!--jacoco-->
         <jacoco.version>0.8.7</jacoco.version>
 
-        <java.driver.core.version>4.5.1</java.driver.core.version>
+        <java.driver.core.version>4.14.1</java.driver.core.version>
 
         <!-- Surefire parameters  -->
         <surefire.forkCount>1C</surefire.forkCount>