From b68d842f8eab0b79438f4ebbee34bc40f89eb31d Mon Sep 17 00:00:00 2001
From: Yauheni_Lesnikau <ylesnikau@slb.com>
Date: Tue, 24 Jan 2023 17:55:26 +0100
Subject: [PATCH] fix security issues for azure  and core modules

---
 NOTICE                              | 8 ++++++++
 notification-core/pom.xml           | 6 ++++++
 pom.xml                             | 6 +++---
 provider/notification-azure/pom.xml | 9 +++++++--
 4 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/NOTICE b/NOTICE
index 5d438117e..a4cf92eff 100644
--- a/NOTICE
+++ b/NOTICE
@@ -383,6 +383,13 @@ The following software have components provided under the terms of this license:
 - Spring Core (from http://www.springframework.org, https://github.com/spring-projects/spring-framework, https://repo1.maven.org/maven2/org/springframework/spring-core)
 - ThreeTen backport (from https://github.com/ThreeTen/threetenbp, https://www.threeten.org/threetenbp)
 
+========================================================================
+BSL-1.0
+========================================================================
+The following software have components provided under the terms of this license:
+
+- Jackson-core (from http://wiki.fasterxml.com/JacksonHome, https://github.com/FasterXML/jackson-core)
+
 ========================================================================
 Beerware
 ========================================================================
@@ -631,6 +638,7 @@ The following software have components provided under the terms of this license:
 - Checker Qual (from https://checkerframework.org)
 - ClassGraph (from https://github.com/classgraph/classgraph)
 - JUL to SLF4J bridge (from http://www.slf4j.org)
+- Jackson-core (from http://wiki.fasterxml.com/JacksonHome, https://github.com/FasterXML/jackson-core)
 - Jakarta XML Binding API (from https://repo1.maven.org/maven2/jakarta/xml/bind/jakarta.xml.bind-api, https://repo1.maven.org/maven2/org/jboss/spec/javax/xml/bind/jboss-jaxb-api_2.3_spec)
 - Java Client Runtime for AutoRest (from https://github.com/Azure/autorest-clientruntime-for-java)
 - Java JWT (from http://www.jwt.io, https://github.com/auth0/java-jwt)
diff --git a/notification-core/pom.xml b/notification-core/pom.xml
index 5ab7bd13b..25bbb293e 100644
--- a/notification-core/pom.xml
+++ b/notification-core/pom.xml
@@ -42,6 +42,7 @@
         <log4j.version>2.17.1</log4j.version>
         <google-oauth-client.version>1.33.3</google-oauth-client.version>
         <google-api-client.version>1.33.2</google-api-client.version>
+        <xnio-api.version>3.8.8.Final</xnio-api.version>
     </properties>
 
     <dependencyManagement>
@@ -58,6 +59,11 @@
                 <artifactId>woodstox-core</artifactId>
                 <version>${woodstox-core.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.jboss.xnio</groupId>
+                <artifactId>xnio-api</artifactId>
+                <version>${xnio-api.version}</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 
diff --git a/pom.xml b/pom.xml
index 1c8565baa..0c0a28b3b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -69,17 +69,17 @@
 		<dependency>
 				<groupId>com.fasterxml.jackson.core</groupId>
 				<artifactId>jackson-core</artifactId>
-				<version>2.13.4</version>
+				<version>2.14.1</version>
 			</dependency>
 			<dependency>
 				<groupId>com.fasterxml.jackson.core</groupId>
 				<artifactId>jackson-databind</artifactId>
-				<version>2.13.4</version>
+				<version>2.14.1</version>
 			</dependency>
 			<dependency>
 				<groupId>com.fasterxml.jackson.core</groupId>
 				<artifactId>jackson-annotations</artifactId>
-				<version>2.13.4</version>
+				<version>2.14.1</version>
 			</dependency>
 			
 			<dependency>
diff --git a/provider/notification-azure/pom.xml b/provider/notification-azure/pom.xml
index 2f567861c..1378472c4 100644
--- a/provider/notification-azure/pom.xml
+++ b/provider/notification-azure/pom.xml
@@ -48,11 +48,11 @@
     <reactor-core.version>3.4.6</reactor-core.version>
     <reactor-netty.version>1.0.7</reactor-netty.version>
     <oauth2-oidc-sdk.version>6.0</oauth2-oidc-sdk.version>
-    <woodstox-core.version>5.3.0</woodstox-core.version>
+    <woodstox-core.version>5.4.0</woodstox-core.version>
     <spring-webmvc.version>5.3.22</spring-webmvc.version>
-    <os-core-common.version>0.19.0-rc6</os-core-common.version>
     <undertow.version>2.2.19.Final</undertow.version>
     <spring-boot-maven-plugin.version>2.7.6</spring-boot-maven-plugin.version>
+    <xnio-api.version>3.8.8.Final</xnio-api.version>
   </properties>
 
   <dependencyManagement>
@@ -115,6 +115,11 @@
         <artifactId>undertow-websockets-jsr</artifactId>
         <version>${undertow.version}</version>
       </dependency>
+      <dependency>
+        <groupId>org.jboss.xnio</groupId>
+        <artifactId>xnio-api</artifactId>
+        <version>${xnio-api.version}</version>
+      </dependency>
     </dependencies>
   </dependencyManagement>
 
-- 
GitLab