Vulnerability fixes for RESTConf1.3.4

SDK version bump

Change-Id: I99eec3b22d59c5f8d236823f52c190818db71f5e
Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>
Issue-ID: DCAEGEN2-3213
Issue-ID: DCAEGEN2-3234
Signed-off-by: vv770d <vv770d@att.com>

3 files changed, 26 insertions, 10 deletions

diff --git a/Changelog.md b/Changelog.md
index 18e0373..875306c 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -3,6 +3,9 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
+## [1.3.4] - 2022/08/31
+         - [DCAEGEN2-3213] - dcaegen2-collectors-restconf vulnerability updates
+         - [DCAEGEN2-3234] - Update to latest SDK includes fix for env substitution
 
 ## [1.3.3] - 2022/05/21
          - [DCAEGEN2-3166] - CodeCoverage improvement for dcaegen2-collectors-restconf
diff --git a/pom.xml b/pom.xml
index ec3c17b..c4e09ce 100644
--- a/pom.xml
+++ b/pom.xml
@@ -27,7 +27,7 @@ limitations under the License.
     </parent>
     <groupId>org.onap.dcaegen2.collectors.restconf</groupId>
     <artifactId>restconfcollector</artifactId>
-    <version>1.3.3-SNAPSHOT</version>
+    <version>1.3.4-SNAPSHOT</version>
     <name>dcaegen2-collectors-restconf</name>
     <description>RestConfCollector</description>
     <properties>
@@ -51,6 +51,8 @@ limitations under the License.
         <sonar.coverage.jacoco.xmlReportPaths>
             ${project.reporting.outputDirectory}/jacoco-ut/jacoco.xml
         </sonar.coverage.jacoco.xmlReportPaths>
+        <sdk.version>1.8.10</sdk.version>
+        <jackson.core.version>2.13.3</jackson.core.version>
     </properties>
     <build>
         <pluginManagement>
@@ -299,12 +301,22 @@ limitations under the License.
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.11.0</version>
+            <version>${jackson.core.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-core</artifactId>
+            <version>${jackson.core.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-annotations</artifactId>
+            <version>${jackson.core.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-core</artifactId>
-            <version>5.2.1.RELEASE</version>
+            <version>5.7.1</version>
         </dependency>
         <dependency>
             <groupId>com.github.fge</groupId>
@@ -314,12 +326,12 @@ limitations under the License.
         <dependency>
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
-            <version>2.8.9</version>
+            <version>2.9.0</version>
         </dependency>
         <dependency>
             <groupId>org.json</groupId>
             <artifactId>json</artifactId>
-            <version>20160810</version>
+            <version>20220320</version>
         </dependency>
         <dependency>
             <groupId>com.google.guava</groupId>
@@ -465,7 +477,7 @@ limitations under the License.
         <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-core</artifactId>
-            <version>1.2.10</version>
+            <version>1.2.11</version>
         </dependency>
         <!-- TESTING -->
         <dependency>
@@ -513,17 +525,17 @@ limitations under the License.
         <dependency>
             <groupId>org.onap.dcaegen2.services.sdk.security.crypt</groupId>
             <artifactId>crypt-password</artifactId>
-            <version>1.3.1</version>
+            <version>${sdk.version}</version>
         </dependency>
         <dependency>
             <groupId>org.onap.dcaegen2.services.sdk.rest.services</groupId>
             <artifactId>cbs-client</artifactId>
-            <version>1.8.7</version>
+            <version>${sdk.version}</version>
         </dependency>
         <dependency>
             <groupId>org.onap.dcaegen2.services.sdk.rest.services</groupId>
             <artifactId>dmaap-client</artifactId>
-            <version>1.8.7</version>
+            <version>${sdk.version}</version>
             <exclusions>
                 <exclusion>
                     <groupId>ch.qos.logback</groupId>
@@ -552,3 +564,4 @@ limitations under the License.
         </pluginRepository>
     </pluginRepositories>
 </project>
+
diff --git a/version.properties b/version.properties
index fd60497..53ca589 100644
--- a/version.properties
+++ b/version.properties
@@ -1,6 +1,6 @@
 major=1
 minor=3
-patch=3
+patch=4
 base_version=${major}.${minor}.${patch}
 release_version=${base_version}
 snapshot_version=${base_version}-SNAPSHOT