Updating vulnerable dependencies

Issue-ID: CCSDK-4135
Change-Id: I2ccb18828c5255ce55557d72a017c30b52dabc38
Signed-off-by: saul.gill <saul.gill@est.tech>

diff --git a/a1-policy-management/Dockerfile b/a1-policy-management/Dockerfile
index 34add99..07c40e2 100644 (file)
--- a/a1-policy-management/Dockerfile
+++ b/a1-policy-management/Dockerfile
@@ -20,7 +20,7 @@
 # SPDX-License-Identifier: Apache-2.0
 # ============LICENSE_END=========================================================
 #
-FROM nexus3.onap.org:10001/library/amazoncorretto:17-alpine
+FROM nexus3.onap.org:10001/library/amazoncorretto:21-alpine3.22-jdk
 
 #install vim editor
 RUN apk update

diff --git a/a1-policy-management/pom.xml b/a1-policy-management/pom.xml
index 9bf44ec..67d7482 100644 (file)
--- a/a1-policy-management/pom.xml
+++ b/a1-policy-management/pom.xml
@@ -63,7 +63,8 @@
         <opentelemetry-bom.version>1.49.0</opentelemetry-bom.version>
         <opentelemetry-instrumentation-bom-alpha.version>2.7.0-alpha</opentelemetry-instrumentation-bom-alpha.version>
         <allowskiptests>false</allowskiptests>
-        <version.logback>8.1</version.logback>
+        <version.logstash>8.1</version.logstash>
+        <version.logback>1.5.19</version.logback>
         <version.kotlin>2.1.21</version.kotlin>
         <version.java.protobuf>4.31.1</version.java.protobuf>
     </properties>
@@ -304,6 +305,11 @@
         <dependency>
             <groupId>net.logstash.logback</groupId>
             <artifactId>logstash-logback-encoder</artifactId>
+            <version>${version.logstash}</version>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-core</artifactId>
             <version>${version.logback}</version>
         </dependency>
         <dependency>