[DCAEGEN2] Remove security vulnerabilities

Issue-ID: DCAEGEN2-3054
Signed-off-by: Niranjana <niranjana.y60@wipro.com>
Change-Id: I336ca6b218db01f892b9b4e8a68c9a2c395f779d

diff --git a/components/slice-analysis-ms/ChangeLog.md b/components/slice-analysis-ms/ChangeLog.md
index 8d8a60d..fa59c34 100644 (file)
--- a/components/slice-analysis-ms/ChangeLog.md
+++ b/components/slice-analysis-ms/ChangeLog.md
@@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
          - [DCAEGEN2-3025](https://jira.onap.org/browse/DCAEGEN2-3025) - Fix null pointer exception while fetching slice-config
 
+         - [DCAEGEN2-3054](https://jira.onap.org/browse/DCAEGEN2-3054) - Remove security vulnerabilities
+
 ## [1.0.6] - 2021/08/28
          - [DCAEGEN2-2885](https://jira.onap.org/browse/DCAEGEN2-2885) - DCAE SliceAnalysis MS - CPS Integration
 

diff --git a/components/slice-analysis-ms/pom.xml b/components/slice-analysis-ms/pom.xml
index faf6032..f4fde50 100644 (file)
--- a/components/slice-analysis-ms/pom.xml
+++ b/components/slice-analysis-ms/pom.xml
@@ -4,7 +4,7 @@
  *  ============LICENSE_START=======================================================
  *  slice-analysis-ms
  *  ================================================================================
- *  Copyright (C) 2020-2021 Wipro Limited.
+ *  Copyright (C) 2020-2022 Wipro Limited.
  *  ================================================================================
  *     Licensed under the Apache License, Version 2.0 (the "License");
  *     you may not use this file except in compliance with the License.
@@ -40,6 +40,7 @@
         <properties>
                 <java.version>11</java.version>
                 <sdk.version>1.8.7</sdk.version>
+                <spring.version>5.3.14</spring.version>
                 <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
                 <maven.compiler.source>11</maven.compiler.source>
                 <maven.compiler.target>11</maven.compiler.target>
@@ -70,32 +71,32 @@
                 <dependency>
                         <groupId>org.springframework</groupId>
                         <artifactId>spring-webmvc</artifactId>
-                        <version>5.3.7</version>
+                        <version>${spring.version}</version>
                 </dependency>
                 <dependency>
                         <groupId>org.springframework</groupId>
                         <artifactId>spring-core</artifactId>
-                        <version>5.3.7</version>
+                        <version>${spring.version}</version>
                 </dependency>
                 <dependency>
                         <groupId>org.springframework</groupId>
                         <artifactId>spring-beans</artifactId>
-                        <version>5.3.7</version>
+                        <version>${spring.version}</version>
                 </dependency>
                 <dependency>
                         <groupId>org.springframework</groupId>
                         <artifactId>spring-expression</artifactId>
-                        <version>5.3.7</version>
+                        <version>${spring.version}</version>
                 </dependency>
                 <dependency>
                         <groupId>org.springframework</groupId>
                         <artifactId>spring-web</artifactId>
-                        <version>5.3.7</version>
+                        <version>${spring.version}</version>
                 </dependency>
                 <dependency>
                         <groupId>org.springframework</groupId>
                         <artifactId>spring-tx</artifactId>
-                        <version>5.3.7</version>
+                        <version>${spring.version}</version>
                 </dependency>
                 <dependency>
                         <groupId>org.springframework.data</groupId>
@@ -134,7 +135,7 @@
                 <dependency>
                         <groupId>com.fasterxml.jackson.core</groupId>
                         <artifactId>jackson-core</artifactId>
-                        <version>2.11.0</version>
+                        <version>2.12.6</version>
                 </dependency>
                 <dependency>
                         <groupId>net.javacrumbs.json-unit</groupId>
@@ -145,7 +146,7 @@
                 <dependency>
                         <groupId>com.fasterxml.jackson.core</groupId>
                         <artifactId>jackson-databind</artifactId>
-                        <version>2.11.0</version>
+                        <version>2.12.6</version>
                 </dependency>
                 <!-- https://mvnrepository.com/artifact/javax.json/javax.json-api -->
                 <dependency>
@@ -268,7 +269,7 @@
                 <dependency>
                         <groupId>org.apache.tomcat.embed</groupId>
                         <artifactId>tomcat-embed-core</artifactId>
-                        <version>9.0.46</version>
+                        <version>9.0.50</version>
                 </dependency>
                 <!-- https://mvnrepository.com/artifact/nl.jqno.equalsverifier/equalsverifier -->
                 <dependency>
@@ -277,6 +278,11 @@
                         <version>3.5.5</version>
                         <scope>test</scope>
                 </dependency>
+                <dependency>
+                        <groupId>ch.qos.logback</groupId>
+                        <artifactId>logback-core</artifactId>
+                        <version>1.2.10</version>
+                </dependency>
         </dependencies>
         <build>
                 <plugins>