Upgrading spring to not use vulnerable jackson package

commit 7034cba5 Author: Spencer Sutton <suttonsp@amazon.com> Date: Mon Jun 14 2021 13:28:17 GMT-0500 (Central Daylight Time) Upgrading spring to not have dependency on vulnerable jackson package commit f6f33c77 Author: Spencer Sutton <suttonsp@amazon.com> Date: Mon Jun 14 2021 13:22:04 GMT-0500 (Central Daylight Time) Merge branch 'dev' of codecommit::us-east-1://default@os-notification into fixPackage commit ae805dfe Author: Spencer Sutton <suttonsp@amazon.com> Date: Wed Jun 09 2021 17:18:52 GMT-0500 (Central Daylight Time) Merge commit 06c26d76 Author: Spencer Sutton <suttonsp@amazon.com> Date: Tue Jun 08 2021 10:22:41 GMT-0500 (Central Daylight Time) Overriding packages with known vulnerabilities

Upgrading spring to not use vulnerable jackson package
a1b3d050 · Spencer Sutton · 2c87fef1 · a1b3d050 · a1b3d050
Commit a1b3d050 authored 3 years ago by Spencer Sutton
--- a/pom.xml
+++ b/pom.xml
@@ -25,7 +25,7 @@
 		<java.version>8</java.version>
 		<maven.compiler.target>${java.version}</maven.compiler.target>
 		<maven.compiler.source>${java.version}</maven.compiler.source>
-		<os-core-common.version>0.6.9</os-core-common.version>
+		<os-core-common.version>0.10.0-SNAPSHOT</os-core-common.version>
 	</properties>

 	<licenses>
@@ -43,7 +43,7 @@
 			<dependency>
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-dependencies</artifactId>
-				<version>2.1.7.RELEASE</version>
+				<version>2.1.18.RELEASE</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>

--- a/provider/notification-aws/pom.xml
+++ b/provider/notification-aws/pom.xml
@@ -41,10 +41,16 @@
    </properties>

    <dependencies>
-      <!--   <dependency>
+        <dependency>
            <groupId>org.opengroup.osdu</groupId>
            <artifactId>os-core-common</artifactId>
-        </dependency> -->
+            <exclusions>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-databind</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>


        <dependency>
@@ -102,11 +108,6 @@
        <!-- See: https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Anetty&cpe_product=cpe%3A%2F%3Anetty%3Anetty&cpe_version=cpe%3A%2F%3Anetty%3Anetty%3A4.1.38-->
        <!-- See: https://ossindex.sonatype.org/component/pkg:maven/com.google.oauth-client/google-oauth-client@1.30.1?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.6-->
        <!-- See: https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aredhat&cpe_product=cpe%3A%2F%3Aredhat%3Aundertow&cpe_version=cpe%3A%2F%3Aredhat%3Aundertow%3A2.0.23-->
-<!--        <dependency>-->
-<!--            <groupId>com.fasterxml.jackson.core</groupId>-->
-<!--            <artifactId>jackson-databind</artifactId>-->
-<!--            <version>2.12.3</version>-->
-<!--        </dependency>-->
        <dependency>
            <groupId>io.netty</groupId>
            <artifactId>netty-transport</artifactId>