Update guava in aai-common

- update guava (31.1-jre -> 33.3.1-jre)
- exclude vulnerable rabbitmq dependency of janusgraph-core

Issue-ID: AAI-4036
Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
Change-Id: Ie0fd056396dc0ee4acbc5b4d2b44f2a4f0a6802b

diff --git a/aai-parent/pom.xml b/aai-parent/pom.xml
index 1479b3a..add636e 100644 (file)
--- a/aai-parent/pom.xml
+++ b/aai-parent/pom.xml
@@ -60,7 +60,7 @@ limitations under the License.
     <eclipse.persistence.version>2.7.15</eclipse.persistence.version>
     <eelf.core.version>2.0.0-oss</eelf.core.version>
     <freemarker.version>2.3.31</freemarker.version>
-    <google.guava.version>31.1-jre</google.guava.version>
+    <google.guava.version>33.3.1-jre</google.guava.version>
     <gremlin.version>3.7.1</gremlin.version>
     <janusgraph.version>1.0.0</janusgraph.version>
     <gson.version>2.9.1</gson.version>
@@ -279,6 +279,13 @@ limitations under the License.
         <groupId>org.janusgraph</groupId>
         <artifactId>janusgraph-core</artifactId>
         <version>${janusgraph.version}</version>
+        <exclusions>
+          <exclusion>
+            <!-- vulnerable dependency -->
+            <groupId>com.rabbitmq</groupId>
+            <artifactId>amqp-client</artifactId>
+          </exclusion>
+        </exclusions>
       </dependency>
 
       <dependency>