From 412c6b69b11edbfd462dc84a76a8c31d98ac5f54 Mon Sep 17 00:00:00 2001
From: Prudence Au <prudence.au@amdocs.com>
Date: Sat, 10 Aug 2019 21:51:27 -0400
Subject: Fix vulnerability issue: upgrade
 org.apache.tomcat.embed.tomcat-embed-core to 8.5.42

remove the use of commons-codec as it's not needed and also a vulnerability

and use the released version of pomba-audit-common

Issue-ID: LOG-1066
Issue-ID: LOG-1067
Issue-ID: LOG-1099
Signed-off-by: Prudence Au <prudence.au@amdocs.com>
Change-Id: Iaaedfef7c59a80dae468ff937375b09b56216d98
---
 pom.xml | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index aa33780..e15e84d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -46,7 +46,7 @@ limitations under the License.
                 <!-- Import dependency management from Spring Boot -->
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-dependencies</artifactId>
-                <version>1.5.17.RELEASE</version>
+                <version>1.5.22.RELEASE</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -65,6 +65,12 @@ limitations under the License.
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.springframework.boot</groupId>
+                    <artifactId>spring-boot-starter-json</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -129,7 +135,7 @@ limitations under the License.
         <dependency>
            <groupId>org.onap.logging-analytics.pomba</groupId>
            <artifactId>pomba-audit-common</artifactId>
-           <version>1.4.0</version>
+           <version>1.5.0</version>
         </dependency>
         <dependency>
             <groupId>com.google.guava</groupId>
@@ -163,6 +169,12 @@ limitations under the License.
             <groupId>org.kie</groupId>
             <artifactId>kie-ci</artifactId>
             <version>${kie.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-codec</groupId>
+                    <artifactId>commons-codec</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <!-- Test dependencies -->
-- 
cgit 1.2.3-korg