From 546f26a208ba8632267ad8308b66ed78e5747986 Mon Sep 17 00:00:00 2001
From: Niranjana <niranjana.y60@wipro.com>
Date: Fri, 20 Aug 2021 07:10:46 +0000
Subject: [PATCH] Remove security vulnerabilities

Issue-ID: CPS-581
Signed-off-by: Niranjana <niranjana.y60@wipro.com>
Change-Id: I527519ac7b9f41940e9173f6bf7efd4a418b8afd
---
 cps-tbdmt-application/pom.xml |  6 ++++++
 cps-tbdmt-rest/pom.xml        | 34 ++++++++++++++++++++++++++++++++++
 cps-tbdmt-service/pom.xml     | 32 ++++++++++++++++++++++++++++++++
 3 files changed, 72 insertions(+)

diff --git a/cps-tbdmt-application/pom.xml b/cps-tbdmt-application/pom.xml
index 5ead62f..bf91f31 100644
--- a/cps-tbdmt-application/pom.xml
+++ b/cps-tbdmt-application/pom.xml
@@ -56,6 +56,12 @@
         <dependency>
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-starter-sleuth</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.bouncycastle</groupId>
+                    <artifactId>bcprov-jdk15on</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>${project.groupId}</groupId>
diff --git a/cps-tbdmt-rest/pom.xml b/cps-tbdmt-rest/pom.xml
index c155196..57fa0f3 100644
--- a/cps-tbdmt-rest/pom.xml
+++ b/cps-tbdmt-rest/pom.xml
@@ -46,6 +46,40 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-jetty</artifactId>
+            <version>2.5.2</version>
+             <exclusions>
+                <exclusion>
+                    <groupId>org.eclipse.jetty</groupId>
+                    <artifactId>jetty-io</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.eclipse.jetty</groupId>
+                    <artifactId>jetty-servlets</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.eclipse.jetty</groupId>
+                    <artifactId>jetty-http</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.glassfish</groupId>
+                    <artifactId>jakarta.el</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-io</artifactId>
+            <version>9.4.40.v20210413</version>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-servlets</artifactId>
+            <version>9.4.40.v20210413</version>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-http</artifactId>
+            <version>9.4.40.v20210413</version>
         </dependency>
         <dependency>
             <groupId>junit</groupId>
diff --git a/cps-tbdmt-service/pom.xml b/cps-tbdmt-service/pom.xml
index f136023..27ded92 100644
--- a/cps-tbdmt-service/pom.xml
+++ b/cps-tbdmt-service/pom.xml
@@ -37,6 +37,7 @@
     <packaging>jar</packaging>
 
     <properties>
+        <spring.version>5.3.7</spring.version>
         <maven.build.timestamp.format>yyyyMMdd'T'HHmmss</maven.build.timestamp.format>
     </properties>
 
@@ -44,10 +45,32 @@
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-beans</artifactId>
+            <version>${spring.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-web</artifactId>
+            <version>${spring.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-webmvc</artifactId>
+            <version>${spring.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-core</artifactId>
+            <version>${spring.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-expression</artifactId>
+            <version>${spring.version}</version>
+        </dependency>
+         <dependency>
+             <groupId>org.springframework</groupId>
+             <artifactId>spring-tx</artifactId>
+             <version>${spring.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.data</groupId>
@@ -56,10 +79,12 @@
         <dependency>
             <groupId>org.postgresql</groupId>
             <artifactId>postgresql</artifactId>
+            <version>42.2.18</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-data-jpa</artifactId>
+            <version>2.5.0</version>
         </dependency>
         <dependency>
             <groupId>org.projectlombok</groupId>
@@ -76,6 +101,13 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-validation</artifactId>
+            <version>2.5.2</version>
+             <exclusions>
+                <exclusion>
+                    <groupId>org.glassfish</groupId>
+                    <artifactId>jakarta.el</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>com.google.code.gson</groupId>
-- 
2.16.6