Commit a1b3d050 authored by Spencer Sutton's avatar Spencer Sutton
Browse files

Upgrading spring to not use vulnerable jackson package

commit 7034cba5 
Author: Spencer Sutton <suttonsp@amazon.com> 
Date: Mon Jun 14 2021 13:28:17 GMT-0500 (Central Daylight Time) 

    Upgrading spring to not have dependency on vulnerable jackson package


commit f6f33c77 
Author: Spencer Sutton <suttonsp@amazon.com> 
Date: Mon Jun 14 2021 13:22:04 GMT-0500 (Central Daylight Time) 

    Merge branch 'dev' of codecommit::us-east-1://default@os-notification into fixPackage


commit ae805dfe 
Author: Spencer Sutton <suttonsp@amazon.com> 
Date: Wed Jun 09 2021 17:18:52 GMT-0500 (Central Daylight Time) 

    Merge


commit 06c26d76 
Author: Spencer Sutton <suttonsp@amazon.com> 
Date: Tue Jun 08 2021 10:22:41 GMT-0500 (Central Daylight Time) 

    Overriding packages with known vulnerabilities
parent 2c87fef1
......@@ -25,7 +25,7 @@
<java.version>8</java.version>
<maven.compiler.target>${java.version}</maven.compiler.target>
<maven.compiler.source>${java.version}</maven.compiler.source>
<os-core-common.version>0.6.9</os-core-common.version>
<os-core-common.version>0.10.0-SNAPSHOT</os-core-common.version>
</properties>
<licenses>
......@@ -43,7 +43,7 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>2.1.7.RELEASE</version>
<version>2.1.18.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
......
......@@ -41,10 +41,16 @@
</properties>
<dependencies>
<!-- <dependency>
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId>
</dependency> -->
<exclusions>
<exclusion>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
......@@ -102,11 +108,6 @@
<!-- See: https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Anetty&cpe_product=cpe%3A%2F%3Anetty%3Anetty&cpe_version=cpe%3A%2F%3Anetty%3Anetty%3A4.1.38-->
<!-- See: https://ossindex.sonatype.org/component/pkg:maven/com.google.oauth-client/google-oauth-client@1.30.1?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.6-->
<!-- See: https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aredhat&cpe_product=cpe%3A%2F%3Aredhat%3Aundertow&cpe_version=cpe%3A%2F%3Aredhat%3Aundertow%3A2.0.23-->
<!-- <dependency>-->
<!-- <groupId>com.fasterxml.jackson.core</groupId>-->
<!-- <artifactId>jackson-databind</artifactId>-->
<!-- <version>2.12.3</version>-->
<!-- </dependency>-->
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-transport</artifactId>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment