Upgrade dependencies in drools-pdp for IQ issues

IQ reports identified a couple of vulnerabilities in various
dependencies.  Upgraded to the latest version of them per SECCOM.

Issue-ID: POLICY-3005
Change-Id: I52f1137bfaeee0d715ee438b69e98f2d06849d38
Signed-off-by: Jim Hahn <jrh3@att.com>

diff --git a/feature-distributed-locking/pom.xml b/feature-distributed-locking/pom.xml
index 93c7af8..78866df 100644 (file)
--- a/feature-distributed-locking/pom.xml
+++ b/feature-distributed-locking/pom.xml
@@ -2,7 +2,7 @@
   ============LICENSE_START=======================================================
   ONAP Policy Engine - Drools PDP
   ================================================================================
-  Copyright (C) 2018-2020 AT&T Intellectual Property. All rights reserved.
+  Copyright (C) 2018-2021 AT&T Intellectual Property. All rights reserved.
   Modifications Copyright (C) 2020 Nordix Foundation.
   ================================================================================
   Licensed under the Apache License, Version 2.0 (the "License");
@@ -100,7 +100,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-dbcp2</artifactId>
-            <version>2.7.0</version>
+            <version>2.8.0</version>
         </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>

diff --git a/feature-session-persistence/pom.xml b/feature-session-persistence/pom.xml
index a193145..098082b 100644 (file)
--- a/feature-session-persistence/pom.xml
+++ b/feature-session-persistence/pom.xml
@@ -150,7 +150,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-dbcp2</artifactId>
-            <version>2.7.0</version>
+            <version>2.8.0</version>
         </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>

diff --git a/policy-core/pom.xml b/policy-core/pom.xml
index 6058f8b..f22da24 100644 (file)
--- a/policy-core/pom.xml
+++ b/policy-core/pom.xml
@@ -46,7 +46,7 @@
         <dependency>
             <groupId>org.apache.ant</groupId>
             <artifactId>ant</artifactId>
-            <version>1.10.8</version>
+            <version>1.10.9</version>
         </dependency>
 
         <dependency>

diff --git a/pom.xml b/pom.xml
index 0d35039..90da2c9 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
   ============LICENSE_START=======================================================
   ONAP Policy Engine - Drools PDP
   ================================================================================
-  Copyright (C) 2017-2020 AT&T Intellectual Property. All rights reserved.
+  Copyright (C) 2017-2021 AT&T Intellectual Property. All rights reserved.
   Modifications Copyright (C) 2020 Nordix Foundation.
   ================================================================================
   Licensed under the Apache License, Version 2.0 (the "License");
@@ -48,7 +48,7 @@
 
         <!-- Project common dependency versions -->
         <json.path.version>2.4.0</json.path.version>
-        <hibernate.core.version>5.4.18.Final</hibernate.core.version>
+        <hibernate.core.version>5.4.28.Final</hibernate.core.version>
         <hibernate.commons.annotations.version>5.0.1.Final</hibernate.commons.annotations.version>
         <xml.apis.version>1.4.01</xml.apis.version>
         <policy.common.version>1.8.0-SNAPSHOT</policy.common.version>