Update vulnerable dependencies

Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Change-Id: I167b69de1736c81187ab3596169c6043108546b2 Issue-ID: SDC-4017
author: vasraz <vasyl.razinkov@est.tech> 2022-06-03 17:11:29 +0100
committer: Michael Morris <michael.morris@est.tech> 2022-06-07 15:10:28 +0000
commit: 2664cee1d5f2f44713d89b0de2bfa391e0f54aa8 (patch)
tree: 3696d14b721b44fcda33b5f4957cde57e176829e
parent: 80c2cf3c70db2605eb9c2e28515a73567f3404ee (diff)
5 files changed, 46 insertions, 7 deletions
diff --git a/catalog-be/pom.xml b/catalog-be/pom.xml
index a7bcd7a1dd..b28a9e1361 100644
--- a/catalog-be/pom.xml
+++ b/catalog-be/pom.xml
@@ -584,8 +584,7 @@
         <dependency>
             <groupId>org.json</groupId>
             <artifactId>json</artifactId>
-            <version>20131018</version>
-            <scope>compile</scope>
+            <version>${org.json.version}</version>
         </dependency>
 
         <!-- CASSANDRA -->
@@ -952,6 +951,11 @@
             <version>${commons.collections.version}</version>
         </dependency>
         <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter</artifactId>
+            <version>${spring.boot.version}</version>
+        </dependency>
+        <dependency>
             <groupId>org.onap.sdc.sdc-be-common</groupId>
             <artifactId>security-util-lib</artifactId>
             <version>${security.util.lib.version}</version>
@@ -960,6 +964,10 @@
                     <groupId>org.springframework.boot</groupId>
                     <artifactId>spring-boot-starter-logging</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.springframework.boot</groupId>
+                    <artifactId>spring-boot-starter</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
diff --git a/catalog-dao/pom.xml b/catalog-dao/pom.xml
index ce357ac344..4bac720acd 100644
--- a/catalog-dao/pom.xml
+++ b/catalog-dao/pom.xml
@@ -389,6 +389,11 @@ Modifications copyright (c) 2018 Nokia
       <scope>provided</scope>
     </dependency>
     <dependency>
+      <groupId>io.netty</groupId>
+      <artifactId>netty-common</artifactId>
+      <version>${netty.version}</version>
+    </dependency>
+    <dependency>
       <groupId>com.datastax.oss</groupId>
       <artifactId>java-driver-core</artifactId>
       <version>${java.driver.core.version}</version>
@@ -397,6 +402,10 @@ Modifications copyright (c) 2018 Nokia
           <groupId>org.apache.tinkerpop</groupId>
           <artifactId>gremlin-driver</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>io.netty</groupId>
+          <artifactId>netty-common</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>
diff --git a/common-app-api/pom.xml b/common-app-api/pom.xml
index 4a829bf544..c7989b948d 100644
--- a/common-app-api/pom.xml
+++ b/common-app-api/pom.xml
@@ -14,6 +14,11 @@
 
   <dependencies>
     <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter</artifactId>
+      <version>${spring.boot.version}</version>
+    </dependency>
+    <dependency>
       <groupId>org.onap.sdc.sdc-be-common</groupId>
       <artifactId>security-util-lib</artifactId>
       <version>${security.util.lib.version}</version>
@@ -23,6 +28,10 @@
           <artifactId>spring-boot-starter-logging</artifactId>
         </exclusion>
         <exclusion>
+          <groupId>org.springframework.boot</groupId>
+          <artifactId>spring-boot-starter</artifactId>
+        </exclusion>
+        <exclusion>
           <groupId>org.springframework</groupId>
           <artifactId>spring-context</artifactId>
         </exclusion>
diff --git a/openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/pom.xml b/openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/pom.xml
index 2f48121e44..959597a0ce 100644
--- a/openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/pom.xml
+++ b/openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/pom.xml
@@ -84,9 +84,20 @@
       <version>${jackson.version}</version>
     </dependency>
     <dependency>
+      <groupId>org.json</groupId>
+      <artifactId>json</artifactId>
+      <version>${org.json.version}</version>
+    </dependency>
+    <dependency>
       <groupId>org.everit.json</groupId>
       <artifactId>org.everit.json.schema</artifactId>
       <version>${org.everit.json.schema.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>org.json</groupId>
+          <artifactId>json</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.openecomp.sdc</groupId>
diff --git a/pom.xml b/pom.xml
index 2fb1276b2b..a17a0e1461 100644
--- a/pom.xml
+++ b/pom.xml
@@ -47,15 +47,16 @@ Modifications copyright (c) 2018-2019 Nokia
         <lang3.version>3.10</lang3.version>
         <guava.version>30.1-jre</guava.version>
         <janusgraph.version>0.3.3</janusgraph.version>
-        <spring.version>5.3.13</spring.version>
+        <spring.version>5.3.18</spring.version>
+        <spring.boot.version>2.2.13.RELEASE</spring.boot.version>
         <jersey-bom.version>2.34</jersey-bom.version>
-        <netty.version>4.1.68.Final</netty.version>
+        <netty.version>4.1.77.Final</netty.version>
         <servlet-api.version>4.0.1</servlet-api.version>
         <wire-mock.version>2.26.3</wire-mock.version>
         <ecomp.version>3.4.0</ecomp.version>
         <cassandra.unit.version>4.3.1.0</cassandra.unit.version>
         <cadi.version>2.1.8</cadi.version>
-        <lombok.version>1.18.20</lombok.version>
+        <lombok.version>1.18.24</lombok.version>
         <commons-beanutils>1.9.4</commons-beanutils>
         <commons.io.version>2.8.0</commons.io.version>
         <commons-configuration>2.7</commons-configuration>
@@ -68,6 +69,7 @@ Modifications copyright (c) 2018-2019 Nokia
         <swagger-core-mvn-plugin.version>2.1.7</swagger-core-mvn-plugin.version>
         <maven-antrun-plugin.version>3.0.0</maven-antrun-plugin.version>
         <hibernate.validator.version>6.1.6.Final</hibernate.validator.version>
+        <org.json.version>20220320</org.json.version>
 
         <commons.collections.version>4.1</commons.collections.version>
         <ws.rs.version>2.1.1</ws.rs.version>
@@ -82,7 +84,7 @@ Modifications copyright (c) 2018-2019 Nokia
         <org.dom4j.version>2.1.3</org.dom4j.version>
 
         <!-- JSON and YAML Parsing -->
-        <jackson.version>2.12.4</jackson.version>
+        <jackson.version>2.12.7</jackson.version>
         <jackson-annotations.version>${jackson.version}</jackson-annotations.version>
 
         <clearspring.version>2.1.1</clearspring.version>
@@ -175,7 +177,7 @@ Modifications copyright (c) 2018-2019 Nokia
         <!--jacoco-->
         <jacoco.version>0.8.7</jacoco.version>
 
-        <java.driver.core.version>4.5.1</java.driver.core.version>
+        <java.driver.core.version>4.14.1</java.driver.core.version>
 
         <!-- Surefire parameters  -->
         <surefire.forkCount>1C</surefire.forkCount>
author	vasraz <vasyl.razinkov@est.tech>	2022-06-03 17:11:29 +0100
committer	Michael Morris <michael.morris@est.tech>	2022-06-07 15:10:28 +0000
commit	2664cee1d5f2f44713d89b0de2bfa391e0f54aa8 (patch)
tree	3696d14b721b44fcda33b5f4957cde57e176829e
parent	80c2cf3c70db2605eb9c2e28515a73567f3404ee (diff)