Address some vulnerabilities from IQ report

Upgraded the version of a couple of items reported in IQ. The new versions are likely to have the same issues, but at least it should be good for a moment. Verified that the change to json-smart did not cause the CDS Actor tests to break. (Though it should eventually be tested with a real CDS.) Verified that the change to xstream did not cause any tests in drools-pdp or drools-apps to break. Issue-ID: POLICY-3431 Change-Id: I1419871577174fd986c9eebf2ce35134bd4bda93 Signed-off-by: Jim Hahn <jrh3@att.com>
author: Jim Hahn <jrh3@att.com> 2021-07-02 11:53:59 -0400
committer: Jim Hahn <jrh3@att.com> 2021-07-02 11:59:26 -0400
commit: 53ef7ed7d2a9354146e2ad3f1a34186613a7b1b1 (patch)
tree: a8883405192abe9daf72678a0efb442eebf55222 /integration
parent: 7ed5ee20e1ff1505e9f1f4fa187ac81ef522ca9a (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/integration/pom.xml b/integration/pom.xml
index dd234c87..d453f533 100644
--- a/integration/pom.xml
+++ b/integration/pom.xml
@@ -210,7 +210,7 @@
             <dependency>
                 <groupId>com.thoughtworks.xstream</groupId>
                 <artifactId>xstream</artifactId>
-                <version>1.4.15</version>
+                <version>1.4.17</version>
             </dependency>
 
             <!-- Eclipse JPA API -->
@@ -308,6 +308,11 @@
                     </exclusion>
                 </exclusions>
             </dependency>
+            <dependency>
+                <groupId>net.minidev</groupId>
+                <artifactId>json-smart</artifactId>
+                <version>2.4.7</version>
+            </dependency>
 
             <!-- AAF Client -->
             <dependency>
author	Jim Hahn <jrh3@att.com>	2021-07-02 11:53:59 -0400
committer	Jim Hahn <jrh3@att.com>	2021-07-02 11:59:26 -0400
commit	53ef7ed7d2a9354146e2ad3f1a34186613a7b1b1 (patch)
tree	a8883405192abe9daf72678a0efb442eebf55222 /integration
parent	7ed5ee20e1ff1505e9f1f4fa187ac81ef522ca9a (diff)