From 23d1aae9783ee21113e0e136c9026ef6ef03a527 Mon Sep 17 00:00:00 2001
From: Derek Hudson <dhudsons@amazon.com>
Date: Wed, 6 Dec 2023 20:06:35 +0000
Subject: [PATCH] Aws fix vulnerabilities

---
 NOTICE                                         | 4 +---
 provider/notification-aws/build-aws/Dockerfile | 1 +
 provider/notification-aws/pom.xml              | 4 ++--
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/NOTICE b/NOTICE
index ea15b7bad..4d70dd1ab 100644
--- a/NOTICE
+++ b/NOTICE
@@ -196,7 +196,6 @@ The following software have components provided under the terms of this license:
 - OkHttp URLConnection (from https://repo1.maven.org/maven2/com/squareup/okhttp3/okhttp-urlconnection, https://square.github.io/okhttp/)
 - Okio (from https://github.com/square/okio/, https://repo1.maven.org/maven2/com/squareup/okio/okio)
 - Old JAXB Core (from <https://eclipse-ee4j.github.io/jaxb-ri/>, https://eclipse-ee4j.github.io/jaxb-ri/)
-- Old JAXB Runtime (from https://eclipse-ee4j.github.io/jaxb-ri/, https://repo1.maven.org/maven2/com/sun/xml/bind/jaxb-impl)
 - OpenCensus (from https://github.com/census-instrumentation/opencensus-java, https://github.com/census-instrumentation/opencensus-proto)
 - PWDB :: Database (from https://repo1.maven.org/maven2/org/linguafranca/pwdb/database)
 - PowerMock (from http://www.powermock.org, https://repo1.maven.org/maven2/org/powermock/powermock-api-mockito)
@@ -480,7 +479,6 @@ The following software have components provided under the terms of this license:
 - Microsoft Application Insights Java SDK Web Module (from https://github.com/Microsoft/ApplicationInsights-Java)
 - Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
 - Old JAXB Core (from <https://eclipse-ee4j.github.io/jaxb-ri/>, https://eclipse-ee4j.github.io/jaxb-ri/)
-- Old JAXB Runtime (from https://eclipse-ee4j.github.io/jaxb-ri/, https://repo1.maven.org/maven2/com/sun/xml/bind/jaxb-impl)
 
 ========================================================================
 EPL-2.0
@@ -544,6 +542,7 @@ The following software have components provided under the terms of this license:
 - Angus Activation Registries (from https://repo1.maven.org/maven2/org/eclipse/angus/angus-activation)
 - Jakarta Annotations API (from https://projects.eclipse.org/projects/ee4j.ca)
 - Java Servlet 4.0 API
+- Old JAXB Runtime (from https://eclipse-ee4j.github.io/jaxb-ri/, https://repo1.maven.org/maven2/com/sun/xml/bind/jaxb-impl)
 
 ========================================================================
 ISC
@@ -639,7 +638,6 @@ The following software have components provided under the terms of this license:
 - Netty/Codec/HTTP (from https://repo1.maven.org/maven2/io/netty/netty-codec-http)
 - Netty/Common (from https://repo1.maven.org/maven2/io/netty/netty-common)
 - Old JAXB Core (from <https://eclipse-ee4j.github.io/jaxb-ri/>, https://eclipse-ee4j.github.io/jaxb-ri/)
-- Old JAXB Runtime (from https://eclipse-ee4j.github.io/jaxb-ri/, https://repo1.maven.org/maven2/com/sun/xml/bind/jaxb-impl)
 - Project Lombok (from http://projectlombok.org, https://projectlombok.org)
 - QpidJMS Client (from https://repo1.maven.org/maven2/org/apache/qpid/qpid-jms-client)
 - SLF4J API Module (from http://www.slf4j.org)
diff --git a/provider/notification-aws/build-aws/Dockerfile b/provider/notification-aws/build-aws/Dockerfile
index ad5ef0451..772b3df66 100644
--- a/provider/notification-aws/build-aws/Dockerfile
+++ b/provider/notification-aws/build-aws/Dockerfile
@@ -19,6 +19,7 @@ ARG JAR_FILE=provider/notification-aws/target/*spring-boot.jar
 # Harcoding this value since Notification-core requires this variable. AWS does not use it. Might change in future
 ENV ENVIRONMENT=DEV
 
+RUN yum update -y
 
 WORKDIR /
 COPY ${JAR_FILE} app.jar
diff --git a/provider/notification-aws/pom.xml b/provider/notification-aws/pom.xml
index df5caae59..70ad1d5a8 100644
--- a/provider/notification-aws/pom.xml
+++ b/provider/notification-aws/pom.xml
@@ -36,8 +36,8 @@
         <maven.compiler.target>${java.version}</maven.compiler.target>
         <maven.compiler.source>${java.version}</maven.compiler.source>
         <log4j2.version>2.17.1</log4j2.version>
-        <jackson-databind.version>2.13.2.2</jackson-databind.version>
-        <jackson.version>2.13.2</jackson.version>
+        <jackson-databind.version>2.13.4.2</jackson-databind.version>
+        <jackson.version>2.13.4</jackson.version>
         <spring-boot-maven-plugin.version>2.7.6</spring-boot-maven-plugin.version>
     </properties>
 
-- 
GitLab