Security improvement

Update dependencies to reduce security threat ( see jenkins clm )

Change-Id: I09165f017853dfe37caefdbae1f390c224198297
Issue-ID: EXTAPI-377
Signed-off-by: MatthieuGeerebaert <matthieu.geerebaert@orange.com>

diff --git a/pom.xml b/pom.xml
index d30b8c4..e738f19 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -121,7 +121,7 @@
       <dependency>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-dependencies</artifactId>
-        <version>2.1.7.RELEASE</version>
+        <version>2.2.2.RELEASE</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
@@ -144,7 +144,7 @@
     <dependency>
       <groupId>org.apache.tomcat.embed</groupId>
       <artifactId>tomcat-embed-core</artifactId>
-      <version>9.0.24</version>
+      <version>9.0.30</version>
     </dependency>
 
     <dependency>
@@ -212,7 +212,7 @@
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
-      <version>2.9.9.3</version>
+      <version>2.10.1</version>
        </dependency>   
 
     <dependency>
@@ -345,19 +345,29 @@
           <groupId>com.squareup.okhttp3</groupId>
           <artifactId>okhttp</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>com.squareup.retrofit2</groupId>
+          <artifactId>retrofit</artifactId>
+        </exclusion>        
       </exclusions>
     </dependency>
 
     <dependency>
       <groupId>com.squareup.okhttp3</groupId>
       <artifactId>okhttp</artifactId>
-      <version>3.14.2</version>
+      <version>4.3.1</version>
     </dependency>
 
     <dependency>
       <groupId>com.google.guava</groupId>
       <artifactId>guava</artifactId>
     </dependency>
+    
+    <dependency>
+      <groupId>com.squareup.retrofit2</groupId>
+      <artifactId>retrofit</artifactId>
+      <version>2.7.1</version>
+    </dependency>    
 
     <!-- karate -->
 

diff --git a/src/main/java/org/onap/nbi/commons/MultiCriteriaRequestBuilder.java b/src/main/java/org/onap/nbi/commons/MultiCriteriaRequestBuilder.java
index 3b83bb1..a222438 100644 (file)
--- a/src/main/java/org/onap/nbi/commons/MultiCriteriaRequestBuilder.java
+++ b/src/main/java/org/onap/nbi/commons/MultiCriteriaRequestBuilder.java
@@ -110,12 +110,12 @@ public class MultiCriteriaRequestBuilder {
             String limitString = limits.get(0);
             int offset = Integer.parseInt(offsetString);
             int limit = Integer.parseInt(limitString);
-            final Pageable pageableRequest = new PageRequest(offset, limit);
+            final Pageable pageableRequest = PageRequest.of(offset, limit);
             query.with(pageableRequest);
         } else if (!CollectionUtils.isEmpty(limits)) {
             String limitString = limits.get(0);
             int limit = Integer.parseInt(limitString);
-            final Pageable pageableRequest = new PageRequest(0, limit);
+            final Pageable pageableRequest = PageRequest.of(0, limit);
             query.with(pageableRequest);
         }
     }