Upgrade vulnerable dependencies according to WhiteSource alerts

(cherry picked from commit 9af46e34)

Upgrade vulnerable dependencies according to WhiteSource alerts
c611568e · Dmitrii Gerashchenko · David Diederich · e1b77dc3 · c611568e · c611568e
Commit c611568e authored 3 years ago by Dmitrii Gerashchenko Committed by David Diederich 3 years ago
--- a/legal-core/pom.xml
+++ b/legal-core/pom.xml
@@ -59,11 +59,6 @@
 			<artifactId>proto-google-common-protos</artifactId>
 			<version>1.16.0</version>
 		</dependency>
-		<dependency>
-			<groupId>com.google.code.gson</groupId>
-			<artifactId>gson</artifactId>
-			<version>2.8.5</version>
-		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>

--- a/pom.xml
+++ b/pom.xml
@@ -8,7 +8,7 @@
        <maven.compiler.source>1.8</maven.compiler.source>
        <docker.image.prefix>opendes</docker.image.prefix>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <os-core-common.version>0.12.0</os-core-common.version>
+        <os-core-common.version>0.13.0-SNAPSHOT-6912-0</os-core-common.version>
        <snakeyaml.version>1.26</snakeyaml.version>
        <resilience4jVersion>1.7.0</resilience4jVersion>
    </properties>

--- a/provider/legal-azure/pom.xml
+++ b/provider/legal-azure/pom.xml
@@ -31,13 +31,12 @@
        <azure.appservice.plan />
        <azure.appservice.appname />
        <azure.appservice.subscription />
-        <osdu.corelibazure.version>0.12.0</osdu.corelibazure.version>
-        <osdu.oscorecommon.version>0.12.0</osdu.oscorecommon.version>
+        <osdu.corelibazure.version>0.12.3</osdu.corelibazure.version>
+        <osdu.oscorecommon.version>0.12.2</osdu.oscorecommon.version>
        <osdu.legal-core.version>0.12.1-SNAPSHOT</osdu.legal-core.version>
        <javax.inject.version>1</javax.inject.version>
        <javax.servlet-api.version>4.0.1</javax.servlet-api.version>
        <woodstox-core.version>5.3.0</woodstox-core.version>
-        <json-smart.version>2.4.6</json-smart.version>
    </properties>

    <dependencyManagement>
@@ -54,20 +53,6 @@
    </dependencyManagement>

    <dependencies>
-        <!--
-        Many dependencies contain library with vulnerabilities: net.minidev:json-smart:jar:2.3
-        because of that we need to enforce the higher version
-        -->
-        <dependency>
-            <groupId>net.minidev</groupId>
-            <artifactId>json-smart</artifactId>
-            <version>${json-smart.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.opengroup.osdu</groupId>
-            <artifactId>os-core-common</artifactId>
-            <version>${osdu.oscorecommon.version}</version>
-        </dependency>
        <dependency>
            <groupId>org.opengroup.osdu.legal</groupId>
            <artifactId>legal-core</artifactId>