From a7e6ea3e5f6a07748f7a78bdf59a3cb2ee85eb7c Mon Sep 17 00:00:00 2001
From: Kasperki <pawel.kasperkiewicz@nokia.com>
Date: Tue, 8 Feb 2022 19:17:09 +0100
Subject: Update libraries - netty codec http from 4.1.59.Final to 4.1.73.Final
 - gson from 2.8.6 to 2.8.9 - dmaap client from 1.8.7 to 1.8.8 - spring from
 2.4.3 to 2.5.9 - spring boot starter log4j2 from 2.6.1 to 2.6.3 - test
 containers from 1.15.1 to 1.16.3

Issue-ID: DCAEGEN2-3045
Change-Id: I09f2721d75e71f0ac06c3d5c6bf1036f7cdfb0d7
Signed-off-by: Pawel <pawel.kasperkiewicz@nokia.com>
---
 Changelog.md |  1 +
 pom.xml      | 18 +++++++++++++-----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/Changelog.md b/Changelog.md
index 409bb6da..169fe36c 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -6,6 +6,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [1.11.0] - 2022/01/28
          - [DCAEGEN2-2961] - Switch VESCollector to Integration base image(onap/integration-java11:10.0.0)
+         - [DCAEGEN2-3045] - Vulnerability addressal for VESCollector
 
 ## [1.10.3] - 2022/01/18
          - [DCAEGEN2-3022] - Remediation for Log4Shell vulnerability (upgrade to 2.17.1)
diff --git a/pom.xml b/pom.xml
index 4649aa13..a59b7ba4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -53,7 +53,7 @@
     </sonar.coverage.jacoco.xmlReportPaths>
     <!-- DEPENDENCY RELATED SETTINGS -->
     <micrometer.version>1.6.5</micrometer.version>
-    <spring.version>2.4.3</spring.version>
+    <spring.version>2.5.9</spring.version>
     <maven-assembly-plugin.version>3.1.0</maven-assembly-plugin.version>
     <maven-javadoc-plugin.version>3.0.1</maven-javadoc-plugin.version>
     <maven-project-info-reports-plugin.version>2.9</maven-project-info-reports-plugin.version>
@@ -61,23 +61,24 @@
     <docker-maven-plugin.version>1.2.0</docker-maven-plugin.version>
     <json-simple.version>1.1.1</json-simple.version>
     <json-schema-validator.version>1.0.49</json-schema-validator.version>
-    <gson.version>2.8.6</gson.version>
+    <gson.version>2.8.9</gson.version>
     <json.version>20210307</json.version>
     <unirest-java.version>1.4.9</unirest-java.version>
     <commons-collections.version>3.2.2</commons-collections.version>
     <commons-configuration.version>1.10</commons-configuration.version>
     <vavr.version>0.10.3</vavr.version>
-    <spring-boot-starter-log4j2.version>2.6.1</spring-boot-starter-log4j2.version>
+    <spring-boot-starter-log4j2.version>2.6.3</spring-boot-starter-log4j2.version>
     <log4j.version>2.17.1</log4j.version>
     <springfox-swagger2.version>3.0.0</springfox-swagger2.version>
     <assertj-core.version>3.19.0</assertj-core.version>
     <spring-boot-starter-test.version>2.2.13.RELEASE</spring-boot-starter-test.version>
-    <sdk.version>1.8.7</sdk.version>
+    <sdk.version>1.8.8</sdk.version>
     <guava.version>30.1-jre</guava.version>
     <mock-server.version>5.11.1</mock-server.version>
     <reactor-test.version>3.4.0</reactor-test.version>
-    <testcontainers.version>1.15.1</testcontainers.version>
+    <testcontainers.version>1.16.3</testcontainers.version>
     <junit-jupiter.version>1.15.1</junit-jupiter.version>
+    <netty-bom.version>4.1.73.Final</netty-bom.version>
   </properties>
   <build>
     <pluginManagement>
@@ -273,6 +274,13 @@
   </reporting>
   <dependencyManagement>
     <dependencies>
+      <dependency>
+        <groupId>io.netty</groupId>
+        <artifactId>netty-bom</artifactId>
+        <version>${netty-bom.version}</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
       <dependency>
         <!-- Import dependency management from Spring Boot -->
         <groupId>org.springframework.boot</groupId>
-- 
cgit 1.2.3-korg