aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPrudence Au <prudence.au@amdocs.com>2019-08-10 21:22:49 -0400
committerPrudence Au <prudence.au@amdocs.com>2019-08-10 21:26:21 -0400
commit3d44753698259760f8f213dc8781b4f86b922d33 (patch)
tree41a71f711d2e03f84e4c1672aa3515732b962a77
parent79adaa544bd0a19357d18c5c4f7518179e369faa (diff)
Fix vulnerability issue: upgrade org.apache.tomcat.embed.tomcat-embed-core to 8.5.42
remove the use of commons-codec as it's not needed and also a vulnerability and use the released version of pomba-audit-common Issue-ID: LOG-1066 Issue-ID: LOG-1099 Issue-ID: LOG-1067 Signed-off-by: Prudence Au <prudence.au@amdocs.com> Change-Id: I99b29f5dcac7ca532143e048eae4dd1313b5551f
-rw-r--r--pom.xml16
1 files changed, 14 insertions, 2 deletions
diff --git a/pom.xml b/pom.xml
index 8aa9f29..743fd40 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
<!-- Import dependency management from Spring Boot -->
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
- <version>1.5.17.RELEASE</version>
+ <version>1.5.22.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -42,6 +42,12 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-json</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
@@ -152,6 +158,12 @@
<groupId>org.onap.sdc.sdc-distribution-client</groupId>
<artifactId>sdc-distribution-client</artifactId>
<version>1.3.0</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.onap.sdc.sdc-tosca</groupId>
@@ -172,7 +184,7 @@
<dependency>
<groupId>org.onap.logging-analytics.pomba</groupId>
<artifactId>pomba-audit-common</artifactId>
- <version>1.4.0</version>
+ <version>1.5.0</version>
</dependency>
<dependency>