From 3d44753698259760f8f213dc8781b4f86b922d33 Mon Sep 17 00:00:00 2001
From: Prudence Au <prudence.au@amdocs.com>
Date: Sat, 10 Aug 2019 21:22:49 -0400
Subject: Fix vulnerability issue: upgrade
 org.apache.tomcat.embed.tomcat-embed-core to 8.5.42

remove the use of commons-codec as it's not needed and also a vulnerability

and use the released version of pomba-audit-common

Issue-ID: LOG-1066
Issue-ID: LOG-1099
Issue-ID: LOG-1067
Signed-off-by: Prudence Au <prudence.au@amdocs.com>
Change-Id: I99b29f5dcac7ca532143e048eae4dd1313b5551f
---
 pom.xml | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 8aa9f29..743fd40 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
         <!-- Import dependency management from Spring Boot -->
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-dependencies</artifactId>
-        <version>1.5.17.RELEASE</version>
+        <version>1.5.22.RELEASE</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
@@ -42,6 +42,12 @@
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-web</artifactId>
+      <exclusions>
+        <exclusion>
+          <groupId>org.springframework.boot</groupId>
+          <artifactId>spring-boot-starter-json</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.springframework.boot</groupId>
@@ -152,6 +158,12 @@
       <groupId>org.onap.sdc.sdc-distribution-client</groupId>
       <artifactId>sdc-distribution-client</artifactId>
       <version>1.3.0</version>
+      <exclusions>
+        <exclusion>
+          <groupId>commons-codec</groupId>
+          <artifactId>commons-codec</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.onap.sdc.sdc-tosca</groupId>
@@ -172,7 +184,7 @@
     <dependency>
       <groupId>org.onap.logging-analytics.pomba</groupId>
       <artifactId>pomba-audit-common</artifactId>
-      <version>1.4.0</version>
+      <version>1.5.0</version>
     </dependency>
 
     <dependency>
-- 
cgit 1.2.3-korg