From c2e3e7567a82249b193a6532ffd00b90a8724aaa Mon Sep 17 00:00:00 2001
From: "Lee, Tian (tl5884)" <TianL@amdocs.com>
Date: Wed, 12 Sep 2018 15:52:57 +0100
Subject: [PATCH] Fix NexusIQ security vulnerabilities

- Update oparent version to 1.2.0
- Remove explicit Guava dependency (not used)
- Update commons-compress version to latest (1.18)

Change-Id: Ic76e7ee7634fa8f410583a9019c59b86f1f180b4
Issue-ID: AAI-1291
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
---
 pom.xml | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)
diff --git a/pom.xml b/pom.xml
index e63b674..c2d2678 100644
--- a/pom.xml
+++ b/pom.xml
@@ -28,7 +28,7 @@
 	<parent>
 		<groupId>org.onap.oparent</groupId>
 		<artifactId>oparent</artifactId>
-		<version>1.1.0</version>
+		<version>1.2.0</version>
 		<relativePath />
 	</parent>
 
@@ -54,7 +54,7 @@
 		<!-- Dependency Versions -->
 		<common.logging.version>1.2.2</common.logging.version>
 		<sdc.tosca.version>1.4.1</sdc.tosca.version>
-		<commons.compress.version>1.16.1</commons.compress.version>
+		<commons.compress.version>1.18</commons.compress.version>
 		<javax.ws.rs.version>2.1</javax.ws.rs.version>
 		<mvn.jaxb2.version>0.13.2</mvn.jaxb2.version>
 		<aai-schema.group.id>org.onap.aai.aai-common</aai-schema.group.id>
@@ -64,7 +64,6 @@
 		<sdc.distribution.client.version>1.3.0</sdc.distribution.client.version>
 		<xmlunit.version>1.6</xmlunit.version>
 		<logback.version>1.2.3</logback.version>
-		<guava.version>25.1-jre</guava.version>
 		<antrun.version>1.8</antrun.version>
 	</properties>
 
@@ -105,7 +104,6 @@
 			<artifactId>logback-core</artifactId>
 			<version>${logback.version}</version><!--$NO-MVN-MAN-VER$-->
 		</dependency>
-
 		<dependency>
 			<groupId>commons-codec</groupId>
 			<artifactId>commons-codec</artifactId>
@@ -129,18 +127,11 @@
 			<groupId>org.codehaus.groovy</groupId>
 			<artifactId>groovy-all</artifactId>
 		</dependency>
-
 		<dependency>
 			<groupId>org.onap.sdc.sdc-tosca</groupId>
 			<artifactId>sdc-tosca</artifactId>
 			<version>${sdc.tosca.version}</version>
 		</dependency>
-		<dependency>
-			<groupId>com.google.guava</groupId>
-			<artifactId>guava</artifactId>
-			<version>${guava.version}</version>
-		</dependency>
-
 		<dependency>
 			<groupId>org.onap.aai</groupId>
 			<artifactId>rest-client</artifactId>
-- 
2.16.6

