commit 5662ec25d8c24caa014d6988581dfca76c15fef0
author Tomasz Wrobel <tomasz.wrobel@nokia.com> Thu Aug 25 13:48:45 2022 +0200
committer Tomasz Wrobel <tomasz.wrobel@nokia.com> Mon Aug 29 18:41:45 2022 +0200
tree 0033818469c12c642076e1ed46148c951564ba91
parent 8929c55ec055d25a8e10c9e06983f849e2f65f40

Fix DFC  vulnerabilities

- Update DCAE-SDK to version 1.8.10
- Update spring-boot to version 2.7.2
- Update spring to version 5.3.22
- Update tomcat-embed-core to version 9.0.65
- Update classgraph to version 4.8.149
- Update jackson-databind to version 2.13.3
- Update springdoc-openapi-ui to version 1.6.11

Issue-ID: DCAEGEN2-3211
Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com>
Change-Id: Iab97ade90792708742283cdeec732ca11351ec28

pom.xml

diff --git a/pom.xml b/pom.xml
index 033764c..1b803e4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -32,8 +32,7 @@
 
     <groupId>org.onap.dcaegen2.collectors</groupId>
     <artifactId>datafile</artifactId>
-    <version>1.8.0-SNAPSHOT</version>
-
+    <version>${revision}</version>
     <name>dcaegen2-collectors.datafile</name>
     <description>datafile collector</description>
     <packaging>pom</packaging>
@@ -50,17 +49,20 @@
     </licenses>
 
     <properties>
+        <revision>1.9.0-SNAPSHOT</revision>
         <java.version>11</java.version>
-        <sdk.version>1.8.8</sdk.version>
+        <sdk.version>1.8.10</sdk.version>
         <apache.httpcomponents.version>4.1.4</apache.httpcomponents.version>
         <apache.commons.version>3.6</apache.commons.version>
         <immutable.version>2.7.1</immutable.version>
-        <spring.version>5.3.14</spring.version>
-        <spring-boot.version>2.4.5</spring-boot.version>
+        <spring.version>5.3.22</spring.version>
+        <spring-boot.version>2.7.2</spring-boot.version>
         <commons-io.version>2.8.0</commons-io.version>
         <commons-net.version>3.3</commons-net.version>
         <projectreactor.version>2020.0.2</projectreactor.version>
         <httpcomponents.core5.version>5.0.3</httpcomponents.core5.version>
+        <tomcat-embed-core.version>9.0.65</tomcat-embed-core.version>
+        <io.github.classgraph.version>4.8.149</io.github.classgraph.version>
 
         <!-- LOGGING SETTINGS -->
         <slf4j.version>1.7.25</slf4j.version>
@@ -75,7 +77,7 @@
         <jcraft.version>0.1.54</jcraft.version>
         <springfox.version>3.0.0</springfox.version>
         <awaitility.version>3.1.6</awaitility.version>
-        <jackson-databind.version>2.11.4</jackson-databind.version>
+        <jackson-databind.version>2.13.3</jackson-databind.version>
         <powermock.version>2.0.9</powermock.version>
 
         <!-- Plugin versions -->
@@ -86,7 +88,7 @@
         <sonar.coverage.jacoco.xmlReportPaths>
             ${project.reporting.outputDirectory}/jacoco-ut/jacoco.xml
         </sonar.coverage.jacoco.xmlReportPaths>
-        <springdoc-openapi-ui.version>1.5.3</springdoc-openapi-ui.version>
+        <springdoc-openapi-ui.version>1.6.11</springdoc-openapi-ui.version>
     </properties>
 
     <dependencyManagement>
@@ -133,6 +135,11 @@
                 <version>${immutable.version}</version>
             </dependency>
             <dependency>
+                <groupId>org.apache.tomcat.embed</groupId>
+                <artifactId>tomcat-embed-core</artifactId>
+                <version>${tomcat-embed-core.version}</version>
+            </dependency>
+            <dependency>
                 <groupId>org.springframework</groupId>
                 <artifactId>spring-web</artifactId>
                 <version>${spring.version}</version>
@@ -165,6 +172,11 @@
                 <scope>import</scope>
             </dependency>
             <dependency>
+                <groupId>io.github.classgraph</groupId>
+                <artifactId>classgraph</artifactId>
+                <version>${io.github.classgraph.version}</version>
+            </dependency>
+            <dependency>
                 <groupId>commons-io</groupId>
                 <artifactId>commons-io</artifactId>
                 <version>${commons-io.version}</version>