From a1b3d050d46f18ad5ceec7720c397e25b69f4d38 Mon Sep 17 00:00:00 2001
From: Spencer Sutton <suttonsp@amazon.com>
Date: Wed, 16 Jun 2021 19:51:09 +0000
Subject: [PATCH] Upgrading spring to not use vulnerable jackson package
commit 7034cba5
Author: Spencer Sutton <suttonsp@amazon.com>
Date: Mon Jun 14 2021 13:28:17 GMT-0500 (Central Daylight Time)
Upgrading spring to not have dependency on vulnerable jackson package
commit f6f33c77
Author: Spencer Sutton <suttonsp@amazon.com>
Date: Mon Jun 14 2021 13:22:04 GMT-0500 (Central Daylight Time)
Merge branch 'dev' of codecommit::us-east-1://default@os-notification into fixPackage
commit ae805dfe
Author: Spencer Sutton <suttonsp@amazon.com>
Date: Wed Jun 09 2021 17:18:52 GMT-0500 (Central Daylight Time)
Merge
commit 06c26d76
Author: Spencer Sutton <suttonsp@amazon.com>
Date: Tue Jun 08 2021 10:22:41 GMT-0500 (Central Daylight Time)
Overriding packages with known vulnerabilities
---
pom.xml | 4 ++--
provider/notification-aws/pom.xml | 15 ++++++++-------
2 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/pom.xml b/pom.xml
index 1e09d8bd1..a17544220 100644
--- a/pom.xml
+++ b/pom.xml
@@ -25,7 +25,7 @@
<java.version>8</java.version>
<maven.compiler.target>${java.version}</maven.compiler.target>
<maven.compiler.source>${java.version}</maven.compiler.source>
- <os-core-common.version>0.6.9</os-core-common.version>
+ <os-core-common.version>0.10.0-SNAPSHOT</os-core-common.version>
</properties>
<licenses>
@@ -43,7 +43,7 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
- <version>2.1.7.RELEASE</version>
+ <version>2.1.18.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
diff --git a/provider/notification-aws/pom.xml b/provider/notification-aws/pom.xml
index 485162fbf..7a433db70 100644
--- a/provider/notification-aws/pom.xml
+++ b/provider/notification-aws/pom.xml
@@ -41,10 +41,16 @@
</properties>
<dependencies>
- <!-- <dependency>
+ <dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId>
- </dependency> -->
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
<dependency>
@@ -102,11 +108,6 @@
<!-- See: https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Anetty&cpe_product=cpe%3A%2F%3Anetty%3Anetty&cpe_version=cpe%3A%2F%3Anetty%3Anetty%3A4.1.38-->
<!-- See: https://ossindex.sonatype.org/component/pkg:maven/com.google.oauth-client/google-oauth-client@1.30.1?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.6-->
<!-- See: https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aredhat&cpe_product=cpe%3A%2F%3Aredhat%3Aundertow&cpe_version=cpe%3A%2F%3Aredhat%3Aundertow%3A2.0.23-->
-<!-- <dependency>-->
-<!-- <groupId>com.fasterxml.jackson.core</groupId>-->
-<!-- <artifactId>jackson-databind</artifactId>-->
-<!-- <version>2.12.3</version>-->
-<!-- </dependency>-->
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-transport</artifactId>
--
GitLab