Remove security vulnerabilities

Issue-ID: DCAEGEN2-2278
Signed-off-by: Niranjana <niranjana.y60@wipro.com>
Change-Id: Ifaf6f71e88f71f79a6818284947b7175ede4946c

diff --git a/pom.xml b/pom.xml
index fd9b1c6..999e62a 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -27,7 +27,7 @@
        <groupId>org.onap.dcaegen2.services.son-handler</groupId>
        <artifactId>son-handler</artifactId>
        <name>dcaegen2-services-son-handler</name>
-       <version>2.1.0-SNAPSHOT</version>
+       <version>2.1.1-SNAPSHOT</version>
 
        <!--parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId>
                <version>2.0.4.RELEASE</version> </parent -->
@@ -58,6 +58,53 @@
        </properties>
 
        <dependencies>
+                <!-- https://mvnrepository.com/artifact/org.apache.tomcat/tomcat-util -->
+                <dependency>
+                        <groupId>org.apache.tomcat</groupId>
+                        <artifactId>tomcat-util</artifactId>
+                        <version>9.0.37</version>
+                </dependency>
+                <!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-autoconfigure -->
+                <dependency>
+                        <groupId>org.springframework.boot</groupId>
+                        <artifactId>spring-boot-autoconfigure</artifactId>
+                        <version>2.3.1.RELEASE</version>
+                </dependency>
+                <dependency>
+                       <groupId>org.springframework</groupId>
+                       <artifactId>spring-webmvc</artifactId>
+                       <version>5.2.7.RELEASE</version>
+               </dependency>
+                <dependency>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-core</artifactId>
+                        <version>5.2.7.RELEASE</version>
+               </dependency>
+               <dependency>
+                       <groupId>org.springframework</groupId>
+                       <artifactId>spring-beans</artifactId>
+                       <version>5.2.7.RELEASE</version>
+               </dependency>
+               <dependency>
+                       <groupId>org.springframework</groupId>
+                       <artifactId>spring-expression</artifactId>
+                       <version>5.2.7.RELEASE</version>
+                </dependency>
+               <dependency>
+                       <groupId>org.springframework</groupId>
+                       <artifactId>spring-web</artifactId>
+                       <version>5.2.7.RELEASE</version>
+               </dependency>
+                <dependency>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-tx</artifactId>
+                        <version>5.2.7.RELEASE</version>
+                </dependency>
+                <dependency>
+                        <groupId>org.springframework.data</groupId>
+                        <artifactId>spring-data-commons</artifactId>
+                        <version>2.2.0.RELEASE</version>
+                </dependency>
                <!-- cbs client -->
                <dependency>
                        <groupId>org.onap.dcaegen2.services.sdk.rest.services</groupId>
@@ -74,7 +121,7 @@
                        <!-- Import dependency management from Spring Boot -->
                        <groupId>org.springframework.boot</groupId>
                        <artifactId>spring-boot-dependencies</artifactId>
-                       <version>2.0.4.RELEASE</version>
+                       <version>2.1.3.RELEASE</version>
                        <type>pom</type>
                        <scope>import</scope>
                </dependency>
@@ -91,12 +138,12 @@
                <dependency>
                        <groupId>com.fasterxml.jackson.core</groupId>
                        <artifactId>jackson-core</artifactId>
-                       <version>2.9.9</version>
+                       <version>2.11.0</version>
                </dependency>
                <dependency>
                        <groupId>com.fasterxml.jackson.core</groupId>
                        <artifactId>jackson-databind</artifactId>
-                       <version>2.9.9</version>
+                       <version>2.11.0</version>
                </dependency>
                <!-- https://mvnrepository.com/artifact/javax.json/javax.json-api -->
                <dependency>
@@ -107,7 +154,13 @@
                <dependency>
                        <groupId>org.springframework.boot</groupId>
                        <artifactId>spring-boot-starter-web</artifactId>
-                       <version>2.0.4.RELEASE</version>
+                       <version>2.1.3.RELEASE</version>
+                       <exclusions>
+                               <exclusion>
+                                       <groupId>org.springframework.boot</groupId>
+                                       <artifactId>spring-boot-starter-tomcat</artifactId>
+                               </exclusion>
+                       </exclusions>
                </dependency>
                <dependency>
                        <groupId>org.postgresql</groupId>
@@ -117,44 +170,29 @@
                <dependency>
                        <groupId>org.springframework.boot</groupId>
                        <artifactId>spring-boot-starter-data-jpa</artifactId>
-                       <version>2.0.9.RELEASE</version>
+                       <version>2.1.3.RELEASE</version>
                </dependency>
-               <dependency>
-                       <groupId>org.springframework.data</groupId>
-                       <artifactId>spring-data-commons-core</artifactId>
-                       <version>1.4.0.RELEASE</version>
-               </dependency>
-
                <dependency>
                        <groupId>org.hibernate.javax.persistence</groupId>
                        <artifactId>hibernate-jpa-2.0-api</artifactId>
                        <version>1.0.1.Final</version>
                </dependency>
                <!-- https://mvnrepository.com/artifact/org.springframework/spring-beans -->
-               <dependency>
-                       <groupId>org.springframework</groupId>
-                       <artifactId>spring-beans</artifactId>
-                       <version>5.0.10.RELEASE</version>
-               </dependency>
-
                <dependency>
                        <groupId>org.springframework.boot</groupId>
                        <artifactId>spring-boot-starter-test</artifactId>
-                       <version>2.0.4.RELEASE</version>
+                       <version>2.1.3.RELEASE</version>
                        <scope>test</scope>
                        <!-- exclusions> <exclusion> <groupId>org.mockito</groupId> <artifactId>mockito-core</artifactId>
                                </exclusion> </exclusions -->
                </dependency>
                <!-- https://mvnrepository.com/artifact/org.mockito/mockito-core -->
-
                <dependency>
                        <groupId>org.mockito</groupId>
                        <artifactId>mockito-core</artifactId>
                        <version>2.21.0</version>
                        <scope>test</scope>
                </dependency>
-
-
                <dependency>
                        <groupId>junit</groupId>
                        <artifactId>junit</artifactId>
@@ -186,31 +224,7 @@
                    <artifactId>functionaljava</artifactId>
                    <version>3.0</version>
             </dependency>
-           <dependency>
-                   <groupId>org.springframework</groupId>
-                   <artifactId>spring-core</artifactId>
-                   <version>5.0.9.RELEASE</version>
-           </dependency>
-           <dependency>
-                   <groupId>org.springframework</groupId>
-                   <artifactId>spring-expression</artifactId>
-                   <version>5.0.9.RELEASE</version>
-           </dependency>
-           <dependency>
-                   <groupId>org.springframework</groupId>
-                   <artifactId>spring-web</artifactId>
-                   <version>5.0.10.RELEASE</version>
-           </dependency>
-           <dependency>
-                   <groupId>org.springframework</groupId>
-                   <artifactId>spring-webmvc</artifactId>
-                   <version>5.0.9.RELEASE</version>
-           </dependency>
-           <dependency>
-                   <groupId>org.apache.tomcat.embed</groupId>
-                   <artifactId>tomcat-embed-core</artifactId>
-                   <version>9.0.16</version>
-           </dependency>
+
            <dependency>
                    <groupId>org.apache.httpcomponents</groupId>
                    <artifactId>httpclient</artifactId>
@@ -247,6 +261,11 @@
                    <artifactId>javassist</artifactId>
                    <version>3.24.1-GA</version>
             </dependency>
+           <dependency>
+                   <groupId>org.apache.tomcat.embed</groupId>
+                   <artifactId>tomcat-embed-core</artifactId>
+                  <version>9.0.36</version>
+           </dependency>
        </dependencies>
 
        <build>
@@ -261,7 +280,7 @@
                        <plugin>
                                <groupId>org.springframework.boot</groupId>
                                <artifactId>spring-boot-maven-plugin</artifactId>
-                               <version>2.0.4.RELEASE</version>
+                               <version>2.3.1.RELEASE</version>
                                <executions>
                                        <execution>
                                                <goals>

diff --git a/version.properties b/version.properties
index d6b290a..7b4ae8c 100644 (file)
--- a/version.properties
+++ b/version.properties
@@ -20,7 +20,7 @@
 ###############################################################################
 major=2
 minor=1
-patch=0
+patch=1
 base_version=${major}.${minor}.${patch}
 release_version=${base_version}
 snapshot_version=${base_version}-SNAPSHOT