From 7161044baa64d79c7b5dd174b76c5840f5558344 Mon Sep 17 00:00:00 2001
From: "adheli.tavares" <adheli.tavares@est.tech>
Date: Tue, 12 Mar 2024 15:50:35 +0000
Subject: [PATCH] Update dependencies for security fixes

- updated spring framework
- updated postgresql
- changed a few libs to latest version
- removed oparent dependency management to avoid old libs to return

Issue-ID: POLICY-4945
Change-Id: Ia191d2192944bec55218174f64e7611167f38609
Signed-off-by: adheli.tavares <adheli.tavares@est.tech>
---
 integration/pom.xml | 115 ++++++++++++++++++++++++++++++++++++++++------------
 pom.xml             |  14 +------
 2 files changed, 91 insertions(+), 38 deletions(-)

diff --git a/integration/pom.xml b/integration/pom.xml
index e0079c83..0728add4 100644
--- a/integration/pom.xml
+++ b/integration/pom.xml
@@ -2,7 +2,7 @@
   ============LICENSE_START=======================================================
    Copyright (C) 2018 Ericsson. All rights reserved.
    Modifications Copyright (C) 2018-2023 AT&T. All rights reserved.
-   Modifications Copyright (C) 2019-2023 Nordix Foundation.
+   Modifications Copyright (C) 2019-2024 Nordix Foundation.
    Modifications Copyright (C) 2020-2022 Bell Canada.
   ================================================================================
   Licensed under the Apache License, Version 2.0 (the "License");
@@ -45,22 +45,24 @@
         <docker.push.registry>nexus3.onap.org:10003</docker.push.registry>
         <!-- Dependency Versions -->
         <version.ccsdk>1.5.3</version.ccsdk>
-        <version.cucumber>7.13.0</version.cucumber>
+        <version.cucumber>7.15.0</version.cucumber>
         <version.docker-java>3.3.2</version.docker-java>
-        <version.drools>8.44.0.Final</version.drools>
+        <version.drools>9.44.0.Final</version.drools>
         <version.frontend.maven>1.13.4</version.frontend.maven>
         <version.io.prometheus>0.16.0</version.io.prometheus>
         <version.jackson>2.16.1</version.jackson>
-        <version.jacoco>0.8.10</version.jacoco>
+        <version.jacoco>0.8.11</version.jacoco>
+        <version.jaxb>4.0.5</version.jaxb>
         <version.jersey>3.1.5</version.jersey>
         <version.jetty>11.0.20</version.jetty>
-        <version.jupiter>5.10.1</version.jupiter>
+        <version.jupiter>5.10.2</version.jupiter>
         <version.kafka>3.6.1</version.kafka>
-        <version.log4j>2.20.0</version.log4j>
+        <version.kotlin>1.9.22</version.kotlin>
+        <version.log4j>2.23.1</version.log4j>
         <version.logback>1.4.14</version.logback>
         <version.maven-remote-resources-plugin>3.1.0</version.maven-remote-resources-plugin>
         <version.medeia.validator>1.1.1</version.medeia.validator>
-        <version.micrometer>1.11.4</version.micrometer>
+        <version.micrometer>1.11.10</version.micrometer>
         <version.mockito>5.5.0</version.mockito>
         <version.mockserver>5.15.0</version.mockserver>
         <version.netty>4.1.100.Final</version.netty>
@@ -69,10 +71,10 @@
         <version.plexus>3.5.0</version.plexus>
         <version.sdc-dist>2.1.1</version.sdc-dist>
         <version.sdc-tosca>1.9.0</version.sdc-tosca>
-        <version.slf4j>2.0.11</version.slf4j>
-        <version.spring>6.0.16</version.spring>
-        <version.springboot>3.1.8</version.springboot>
-        <version.spring-security>6.1.6</version.spring-security>
+        <version.slf4j>2.0.12</version.slf4j>
+        <version.spring>6.0.17</version.spring>
+        <version.springboot>3.1.9</version.springboot>
+        <version.spring-security>6.1.7</version.spring-security>
         <version.swagger.codegen.v3>3.0.52</version.swagger.codegen.v3>
         <version.swagger.core.v3>2.2.20</version.swagger.core.v3>
         <surefireArgLine>
@@ -99,6 +101,7 @@
                 <artifactId>jackson-bom</artifactId>
                 <version>${version.jackson}</version>
                 <type>pom</type>
+                <scope>import</scope>
             </dependency>
             <dependency>
                 <groupId>org.glassfish.jersey.containers</groupId>
@@ -125,6 +128,11 @@
                 <artifactId>jetty-http</artifactId>
                 <version>${version.jetty}</version>
             </dependency>
+            <dependency>
+                <groupId>org.eclipse.jetty</groupId>
+                <artifactId>jetty-servlet</artifactId>
+                <version>${version.jetty}</version>
+            </dependency>
 
             <!-- Prometheus Client Libraries -->
             <dependency>
@@ -155,31 +163,41 @@
             <dependency>
                 <groupId>com.google.guava</groupId>
                 <artifactId>guava</artifactId>
-                <version>32.1.3-jre</version>
+                <version>33.0.0-jre</version>
             </dependency>
 
             <!-- Jakarta dependencies -->
             <dependency>
                 <groupId>jakarta.xml.bind</groupId>
                 <artifactId>jakarta.xml.bind-api</artifactId>
-                <version>4.0.1</version>
+                <version>4.0.2</version>
             </dependency>
             <dependency>
                 <groupId>com.sun.xml.bind</groupId>
                 <artifactId>jaxb-impl</artifactId>
-                <version>4.0.4</version>
+                <version>${version.jaxb}</version>
+            </dependency>
+            <dependency>
+                <groupId>com.sun.xml.bind</groupId>
+                <artifactId>jaxb-core</artifactId>
+                <version>${version.jaxb}</version>
             </dependency>
             <dependency>
                 <groupId>org.glassfish.jaxb</groupId>
                 <artifactId>jaxb-core</artifactId>
-                <version>4.0.4</version>
+                <version>${version.jaxb}</version>
             </dependency>
             <dependency>
                 <groupId>org.glassfish.jaxb</groupId>
                 <artifactId>jaxb-runtime</artifactId>
-                <version>4.0.4</version>
+                <version>${version.jaxb}</version>
                 <scope>compile</scope>
             </dependency>
+            <dependency>
+                <groupId>com.sun.xml.bind</groupId>
+                <artifactId>jaxb-xjc</artifactId>
+                <version>${version.jaxb}</version>
+            </dependency>
             <dependency>
                 <groupId>jakarta.servlet</groupId>
                 <artifactId>jakarta.servlet-api</artifactId>
@@ -232,13 +250,13 @@
             <dependency>
                 <groupId>org.mariadb.jdbc</groupId>
                 <artifactId>mariadb-java-client</artifactId>
-                <version>3.1.4</version>
+                <version>3.3.3</version>
             </dependency>
             <!-- Postgres -->
             <dependency>
                 <groupId>org.postgresql</groupId>
                 <artifactId>postgresql</artifactId>
-                <version>42.6.0</version>
+                <version>42.7.2</version>
             </dependency>
             <!-- Kafka -->
             <dependency>
@@ -250,12 +268,12 @@
             <dependency>
                 <groupId>org.apache.httpcomponents.core5</groupId>
                 <artifactId>httpcore5</artifactId>
-                <version>5.2.2</version>
+                <version>5.2.4</version>
             </dependency>
             <dependency>
                 <groupId>org.apache.httpcomponents.client5</groupId>
                 <artifactId>httpclient5</artifactId>
-                <version>5.2.1</version>
+                <version>5.3.1</version>
             </dependency>
 
             <!-- JSON marshalling and unmarshalling -->
@@ -267,7 +285,7 @@
             <dependency>
                 <groupId>org.json</groupId>
                 <artifactId>json</artifactId>
-                <version>20231013</version>
+                <version>20240303</version>
             </dependency>
             <dependency>
                 <groupId>com.worldturner.medeia</groupId>
@@ -288,7 +306,7 @@
             <dependency>
                 <groupId>org.projectlombok</groupId>
                 <artifactId>lombok</artifactId>
-                <version>1.18.28</version>
+                <version>1.18.30</version>
             </dependency>
             <!-- Logging -->
             <dependency>
@@ -468,7 +486,7 @@
             <dependency>
                 <groupId>com.h2database</groupId>
                 <artifactId>h2</artifactId>
-                <version>2.2.220</version>
+                <version>2.2.224</version>
                 <scope>test</scope>
             </dependency>
             <!-- JUNIT -->
@@ -508,7 +526,7 @@
             <dependency>
                 <groupId>org.assertj</groupId>
                 <artifactId>assertj-core</artifactId>
-                <version>3.24.2</version>
+                <version>3.25.3</version>
                 <scope>test</scope>
             </dependency>
             <!-- Mock libraries -->
@@ -630,6 +648,11 @@
                 <artifactId>commons-jexl3</artifactId>
                 <version>3.2.1</version>
             </dependency>
+            <dependency>
+                <groupId>commons-beanutils</groupId>
+                <artifactId>commons-beanutils</artifactId>
+                <version>1.9.4</version>
+            </dependency>
             <!-- Github -->
             <dependency>
                 <groupId>com.github.docker-java</groupId>
@@ -763,7 +786,7 @@
             <dependency>
                 <groupId>org.apache.tomcat.embed</groupId>
                 <artifactId>tomcat-embed-core</artifactId>
-                <version>10.1.18</version>
+                <version>10.1.19</version>
             </dependency>
             <dependency>
                 <groupId>org.springframework</groupId>
@@ -792,6 +815,48 @@
                 <artifactId>bcpkix-fips</artifactId>
                 <version>1.0.7</version>
             </dependency>
+            <dependency>
+                <groupId>io.opentelemetry.instrumentation</groupId>
+                <artifactId>opentelemetry-kafka-clients-2.6</artifactId>
+                <version>1.25.0-alpha</version>
+            </dependency>
+            <dependency>
+                <groupId>io.opentelemetry</groupId>
+                <artifactId>opentelemetry-exporter-otlp</artifactId>
+                <version>1.25.0</version>
+            </dependency>
+            <dependency>
+                <groupId>io.opentelemetry</groupId>
+                <artifactId>opentelemetry-sdk-extension-autoconfigure</artifactId>
+                <version>1.25.0-alpha</version>
+            </dependency>
+            <dependency>
+                <groupId>io.micrometer</groupId>
+                <artifactId>micrometer-tracing-bridge-otel</artifactId>
+                <version>1.1.8</version>
+            </dependency>
+            <dependency>
+                <groupId>io.opentelemetry</groupId>
+                <artifactId>opentelemetry-sdk-extension-jaeger-remote-sampler</artifactId>
+                <version>1.25.0</version>
+            </dependency>
+
+            <!-- Kotlin dependencies -->
+            <dependency>
+                <groupId>org.jetbrains.kotlin</groupId>
+                <artifactId>kotlin-stdlib</artifactId>
+                <version>${version.kotlin}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.jetbrains.kotlin</groupId>
+                <artifactId>kotlin-stdlib-jdk8</artifactId>
+                <version>${version.kotlin}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.jetbrains.kotlin</groupId>
+                <artifactId>kotlin-reflect</artifactId>
+                <version>${version.kotlin}</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
     <scm>
diff --git a/pom.xml b/pom.xml
index 767cbfd7..dc589fac 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2,7 +2,7 @@
   ============LICENSE_START=======================================================
    Copyright (C) 2018 Ericsson. All rights reserved.
    Modifications Copyright (C) 2020-2021 AT&T. All rights reserved.
-   Modifications Copyright (C) 2021 Nordix Foundation.
+   Modifications Copyright (C) 2021, 2024 Nordix Foundation.
   ================================================================================
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
@@ -42,18 +42,6 @@
         <module>integration</module>
     </modules>
 
-    <dependencyManagement>
-        <dependencies>
-            <dependency>
-                <groupId>org.onap.oparent</groupId>
-                <artifactId>dependencies</artifactId>
-                <version>${oparent.version}</version>
-                <type>pom</type>
-                <scope>import</scope>
-            </dependency>
-        </dependencies>
-    </dependencyManagement>
-
     <build>
         <pluginManagement>
             <plugins>
-- 
2.16.6