From 21e991215d50ae83bae54d2de404ed1f15ca1be2 Mon Sep 17 00:00:00 2001
From: Niranjana <niranjana.y60@wipro.com>
Date: Thu, 10 Feb 2022 05:44:51 +0000
Subject: [PATCH] Remove security vulnerabilities

Issue-ID: DCAEGEN2-3053
Signed-off-by: Niranjana <niranjana.y60@wipro.com>
Change-Id: I5ba3b4720849c426ba6575268eb4a9e5904cfa6c
---
 Changelog.md |  1 +
 pom.xml      | 13 +++++++++----
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/Changelog.md b/Changelog.md
index caaf6b4..6a3731b 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [2.1.6] - 2022/02/07
          - [DCAEGEN2-3057](https://jira.onap.org/browse/DCAEGEN2-3057) - Fix bug in triggering control loop for PCI collision/confusion - by replacing Config DB with CPS
+         - [DCAEGEN2-3053](https://jira.onap.org/browse/DCAEGEN2-3053) - Remove security vulnerabilities
 
 ## [2.1.5] - 2021/10/14
 	 - [DCAEGEN2-2943](https://jira.onap.org/browse/DCAEGEN2-2943) - Fix bug in filtering new FM notification
diff --git a/pom.xml b/pom.xml
index 625e693..205692c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -42,7 +42,7 @@
 
         <properties>
                 <sdk.version>1.8.6</sdk.version>
-                <spring.version>5.3.7</spring.version>
+                <spring.version>5.3.14</spring.version>
                 <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
                 <maven.compiler.source>11</maven.compiler.source>
                 <maven.compiler.target>11</maven.compiler.target>
@@ -144,12 +144,12 @@
                 <dependency>
                         <groupId>com.fasterxml.jackson.core</groupId>
                         <artifactId>jackson-core</artifactId>
-                        <version>2.11.0</version>
+                        <version>2.12.6</version>
                 </dependency>
                 <dependency>
                         <groupId>com.fasterxml.jackson.core</groupId>
                         <artifactId>jackson-databind</artifactId>
-                        <version>2.11.0</version>
+                        <version>2.12.6</version>
                 </dependency>
                 <!-- https://mvnrepository.com/artifact/javax.json/javax.json-api -->
                 <dependency>
@@ -270,7 +270,12 @@
             <dependency>
                     <groupId>org.apache.tomcat.embed</groupId>
                     <artifactId>tomcat-embed-core</artifactId>
-                   <version>9.0.46</version>
+                    <version>9.0.50</version>
+            </dependency>
+            <dependency>
+                   <groupId>ch.qos.logback</groupId>
+                   <artifactId>logback-core</artifactId>
+                   <version>1.2.10</version>
             </dependency>
         </dependencies>
 
-- 
2.16.6