Merge branch 'fix-deps' into 'master'

Fix security vulnerabilities

See merge request !44

NOTICE

@@ -18,7 +18,6 @@ The following software have components provided under the terms of this license:
 - Cobertura code coverage (from http://cobertura.sourceforge.net)
 - Plexus :: Default Container (from )
 - Plexus Common Utilities (from http://plexus.codehaus.org/plexus-utils)
-- StAX (from http://stax.codehaus.org/)
 - oro (from )
 
 ========================================================================
@@ -32,9 +31,11 @@ The following software have components provided under the terms of this license:
 - ASM Commons (from )
 - ASM Core (from )
 - ASM Core (from )
+- ASM Core (from )
 - ASM Tree (from )
 - ASM Util (from )
 - ASM based accessors helper used by json-smart (from )
+- ASM based accessors helper used by json-smart (from )
 - Adapter: RxJava (from )
 - Apache Ant + JUnit (from http://ant.apache.org/)
 - Apache Ant Core (from http://ant.apache.org/)
@@ -42,6 +43,7 @@ The following software have components provided under the terms of this license:
 - Apache Commons BeanUtils (from http://commons.apache.org/proper/commons-beanutils/)
 - Apache Commons CLI (from http://commons.apache.org/proper/commons-cli/)
 - Apache Commons Codec (from http://commons.apache.org/proper/commons-codec/)
+- Apache Commons Collections (from http://commons.apache.org/proper/commons-collections/)
 - Apache Commons Lang (from http://commons.apache.org/proper/commons-lang/)
 - Apache Commons Logging (from http://commons.apache.org/proper/commons-logging/)
 - Apache Commons Validator (from http://commons.apache.org/proper/commons-validator/)
@@ -70,8 +72,10 @@ The following software have components provided under the terms of this license:
 - Asynchronous Http Client (from )
 - Asynchronous Http Client Netty Utils (from )
 - AutoValue Annotations (from )
-- Azure Metrics Spring Boot Starter (from https://github.com/Microsoft/azure-spring-boot)
+- Azure Spring Boot Starter for Azure AD Spring Security Integration (from https://github.com/Azure/azure-sdk-for-java)
 - Bean Validation API (from http://beanvalidation.org)
+- Brave Instrumentation: Http Adapters (from )
+- Brave instrumentation for Reactor Netty HTTP (from https://github.com/reactor/reactor-netty)
 - Byte Buddy (without dependencies) (from )
 - Byte Buddy Java agent (from )
 - ClassMate (from http://github.com/cowtowncoder/java-classmate)
@@ -81,6 +85,7 @@ The following software have components provided under the terms of this license:
 - Commons IO (from http://commons.apache.org/io/)
 - Commons Lang (from http://commons.apache.org/lang/)
 - Converter: Jackson (from )
+- Core functionality for the Reactor Netty library (from https://github.com/reactor/reactor-netty)
 - Doxia :: APT Module (from )
 - Doxia :: Core (from )
 - Doxia :: Decoration Model (from http://maven.apache.org/doxia/doxia-sitetools/doxia-decoration-model/)
@@ -91,6 +96,7 @@ The following software have components provided under the terms of this license:
 - Doxia :: XHTML Module (from )
 - Elastic JNA Distribution (from https://github.com/java-native-access/jna)
 - Elasticsearch: 5.0.0-alpha5 (from https://github.com/elastic/elasticsearch)
+- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
 - FindBugs-jsr305 (from http://findbugs.sourceforge.net/)
 - GSON extensions to the Google HTTP Client Library for Java. (from )
 - Google APIs Client Library for Java (from )
@@ -110,7 +116,9 @@ The following software have components provided under the terms of this license:
 - Guava InternalFutureFailureAccess and InternalFutures (from )
 - Guava ListenableFuture only (from )
 - Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
+- Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
 - HPPC Collections (from http://labs.carrotsearch.com)
+- HTTP functionality for the Reactor Netty library (from https://github.com/reactor/reactor-netty)
 - Hibernate Validator Engine (from )
 - IBM COS Java SDK for Amazon S3 (from https://github.com/ibm/ibm-cos-sdk-java)
 - IBM COS Java SDK for COS KMS (from https://github.com/ibm/ibm-cos-sdk-java)
@@ -119,11 +127,13 @@ The following software have components provided under the terms of this license:
 - Identity and Access Management (IAM) API v1-rev247-1.23.0 (from )
 - IntelliJ IDEA Annotations (from http://www.jetbrains.org)
 - J2ObjC Annotations (from https://github.com/google/j2objc/)
+- J2ObjC Annotations (from https://github.com/google/j2objc/)
 - JBoss Logging 3 (from http://www.jboss.org)
 - JCIP Annotations under Apache License (from http://stephenc.github.com/jcip-annotations)
 - JDO API (from )
 - JDOM (from http://www.jdom.org)
 - JSON Small and Fast Parser (from http://www.minidev.net/)
+- JSON Small and Fast Parser (from http://www.minidev.net/)
 - JSON Web Token support for the JVM (from https://github.com/jwtk/jjwt.git)
 - JSON library from Android SDK (from http://developer.android.com/sdk)
 - JSONassert (from https://github.com/skyscreamer/JSONassert)
@@ -146,6 +156,7 @@ The following software have components provided under the terms of this license:
 - Java Native Access (from https://github.com/java-native-access/jna)
 - Java Native Access Platform (from https://github.com/java-native-access/jna)
 - Java Servlet API (from https://projects.eclipse.org/projects/ee4j.servlet)
+- Java UUID Generator (from http://wiki.fasterxml.com/JugHome)
 - Javassist (from http://www.javassist.org/)
 - Javassist (from http://www.javassist.org/)
 - Jetty :: Asynchronous HTTP Client (from http://www.eclipse.org/jetty)
@@ -158,6 +169,7 @@ The following software have components provided under the terms of this license:
 - Jetty :: Servlet Annotations (from http://www.eclipse.org/jetty)
 - Jetty :: Servlet Handling (from http://www.eclipse.org/jetty)
 - Jetty :: Utilities (from http://www.eclipse.org/jetty)
+- Jetty :: Utilities :: Ajax(JSON) (from http://www.eclipse.org/jetty)
 - Jetty :: Utility Servlets and Filters (from http://www.eclipse.org/jetty)
 - Jetty :: Webapp Application Support (from http://www.eclipse.org/jetty)
 - Jetty :: Websocket :: API (from https://www.eclipse.org/jetty)
@@ -192,7 +204,6 @@ The following software have components provided under the terms of this license:
 - Lucene Queries (from )
 - Lucene QueryParsers (from )
 - Lucene Sandbox (from )
-- Lucene Spatial (from )
 - Lucene Spatial 3D (from )
 - Lucene Spatial Extras (from )
 - Lucene Suggest (from )
@@ -217,14 +228,15 @@ The following software have components provided under the terms of this license:
 - Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
 - Microsoft Application Insights Java SDK Web Module (from https://github.com/Microsoft/ApplicationInsights-Java)
 - Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
+- Microsoft Azure Java Core Library (from https://github.com/Azure/azure-sdk-for-java)
 - Microsoft Azure Netty HTTP Client Library (from https://github.com/Azure/azure-sdk-for-java)
 - Microsoft Azure SDK for SQL API of Azure Cosmos DB Service (from https://github.com/Azure/azure-sdk-for-java)
 - Mockito (from http://mockito.org)
 - Mojo's Maven plugin for Cobertura (from http://mojo.codehaus.org/cobertura-maven-plugin/)
-- MortBay :: Apache EL :: API and Implementation (from )
 - Netty Reactive Streams Implementation (from )
 - Netty/Buffer (from http://netty.io/)
 - Netty/Codec (from )
+- Netty/Codec/DNS (from )
 - Netty/Codec/HTTP (from )
 - Netty/Codec/HTTP2 (from )
 - Netty/Codec/Socks (from )
@@ -232,16 +244,15 @@ The following software have components provided under the terms of this license:
 - Netty/Handler (from )
 - Netty/Handler/Proxy (from )
 - Netty/Resolver (from )
+- Netty/Resolver/DNS (from )
 - Netty/TomcatNative [BoringSSL - Static] (from )
 - Netty/Transport (from http://netty.io/)
 - Netty/Transport/Native/Unix/Common (from )
 - Nimbus Content Type (from https://bitbucket.org/connect2id/nimbus-content-type)
-- Nimbus Content Type (from https://bitbucket.org/connect2id/nimbus-content-type)
 - Nimbus JOSE+JWT (from https://bitbucket.org/connect2id/nimbus-jose-jwt)
 - Nimbus LangTag (from https://bitbucket.org/connect2id/nimbus-language-tags)
 - Non-Blocking Reactive Foundation for the JVM (from https://github.com/reactor/reactor)
 - OAuth 2.0 SDK with OpenID Connect extensions (from https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions)
-- OAuth 2.0 SDK with OpenID Connect extensions (from https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions)
 - Objenesis (from http://objenesis.org)
 - OkHttp (from )
 - OkHttp Logging Interceptor (from )
@@ -262,7 +273,6 @@ The following software have components provided under the terms of this license:
 - Reactive Streams Netty driver (from https://github.com/reactor/reactor-netty)
 - Retrofit (from )
 - Servlet Specification 2.5 API (from )
-- Simple XML (from http://simple.sourceforge.net)
 - SnakeYAML (from http://www.snakeyaml.org)
 - Spring AOP (from https://github.com/spring-projects/spring-framework)
 - Spring Beans (from https://github.com/spring-projects/spring-framework)
@@ -275,6 +285,7 @@ The following software have components provided under the terms of this license:
 - Spring Boot Json Starter (from https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-starters/spring-boot-starter-json)
 - Spring Boot Log4J2 Starter (from http://projects.spring.io/spring-boot/)
 - Spring Boot Logging Starter (from http://projects.spring.io/spring-boot/)
+- Spring Boot Reactor Netty Starter (from https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-starters/spring-boot-starter-reactor-netty)
 - Spring Boot Security Starter (from http://projects.spring.io/spring-boot/)
 - Spring Boot Starter (from http://projects.spring.io/spring-boot/)
 - Spring Boot Test (from http://projects.spring.io/spring-boot/)
@@ -282,6 +293,7 @@ The following software have components provided under the terms of this license:
 - Spring Boot Test Starter (from http://projects.spring.io/spring-boot/)
 - Spring Boot Validation Starter (from http://projects.spring.io/spring-boot/)
 - Spring Boot Web Starter (from http://projects.spring.io/spring-boot/)
+- Spring Boot WebFlux Starter (from https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-starters/spring-boot-starter-webflux)
 - Spring Commons Logging Bridge (from https://github.com/spring-projects/spring-framework)
 - Spring Context (from https://github.com/spring-projects/spring-framework)
 - Spring Core (from https://github.com/spring-projects/spring-framework)
@@ -295,13 +307,16 @@ The following software have components provided under the terms of this license:
 - Spring Transaction (from https://github.com/spring-projects/spring-framework)
 - Spring Web (from https://github.com/spring-projects/spring-framework)
 - Spring Web MVC (from https://github.com/spring-projects/spring-framework)
-- StAX (from http://stax.codehaus.org/)
-- StAX API (from http://stax.codehaus.org/)
+- Spring WebFlux (from https://github.com/spring-projects/spring-framework)
 - T-Digest (from https://github.com/tdunning/t-digest)
 - Woodstox (from https://github.com/FasterXML/woodstox)
 - Xerces2-j (from https://xerces.apache.org/xerces2-j/)
+- Zipkin Reporter Brave (from https://repo1.maven.org/maven2/io/zipkin/reporter2/zipkin-reporter-brave)
+- Zipkin Reporter: Core (from )
+- Zipkin v2 (from )
 - aalto-xml (from )
 - aggs-matrix-stats (from https://github.com/elastic/elasticsearch)
+- brave (from )
 - cli (from https://github.com/elastic/elasticsearch)
 - com.google.api.grpc:grpc-google-cloud-pubsub-v1 (from https://github.com/googleapis/googleapis)
 - com.google.api.grpc:proto-google-cloud-logging-v2 (from https://github.com/googleapis/googleapis)
@@ -312,6 +327,8 @@ The following software have components provided under the terms of this license:
 - compiler (from http://github.com/spullara/mustache.java)
 - datastore-v1-proto-client (from )
 - elasticsearch-core (from https://github.com/elastic/elasticsearch)
+- elasticsearch-geo (from https://github.com/elastic/elasticsearch)
+- error-prone annotations (from )
 - error-prone annotations (from )
 - io.grpc:grpc-alts (from https://github.com/grpc/grpc-java)
 - io.grpc:grpc-api (from https://github.com/grpc/grpc-java)
@@ -331,6 +348,7 @@ The following software have components provided under the terms of this license:
 - javax.inject (from http://code.google.com/p/atinject/)
 - lang-mustache (from https://github.com/elastic/elasticsearch)
 - lettuce (from http://github.com/mp911de/lettuce/wiki)
+- mapper-extras (from https://github.com/elastic/elasticsearch)
 - micrometer-core (from https://github.com/micrometer-metrics/micrometer)
 - micrometer-registry-azure-monitor (from https://github.com/micrometer-metrics/micrometer)
 - org.apiguardian:apiguardian-api (from https://github.com/apiguardian-team/apiguardian)
@@ -386,9 +404,9 @@ The following software have components provided under the terms of this license:
 - Hamcrest Core (from http://hamcrest.org/)
 - HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
 - Lucene Common Analyzers (from )
+- Lucene Core (from )
 - Plexus :: Default Container (from )
 - Plexus Common Utilities (from http://plexus.codehaus.org/plexus-utils)
-- StAX (from http://stax.codehaus.org/)
 - Stax2 API (from http://github.com/FasterXML/stax2-api)
 - jaxen (from http://jaxen.codehaus.org/)
 
@@ -404,6 +422,7 @@ The following software have components provided under the terms of this license:
 - ASM Commons (from )
 - ASM Core (from )
 - ASM Core (from )
+- ASM Core (from )
 - ASM Tree (from )
 - ASM Tree (from )
 - ASM Util (from )
@@ -427,7 +446,6 @@ The following software have components provided under the terms of this license:
 - Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
 - Microsoft Application Insights Java SDK Web Module (from https://github.com/Microsoft/ApplicationInsights-Java)
 - Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
-- NanoHttpd-Core (from )
 - Netty/Codec/HTTP (from )
 - Plexus Common Utilities (from http://plexus.codehaus.org/plexus-utils)
 - Protocol Buffer Java API (from https://developers.google.com/protocol-buffers/)
@@ -472,7 +490,6 @@ CDDL-1.0
 The following software have components provided under the terms of this license:
 
 - Java EE Transaction API (from http://jcp.org/en/jsr/detail?id=907)
-- JavaMail API (from )
 - Servlet Specification 2.5 API (from )
 - javax.annotation-api (from http://jcp.org/en/jsr/detail?id=250)
 
@@ -482,7 +499,6 @@ CDDL-1.1
 The following software have components provided under the terms of this license:
 
 - JavaBeans Activation Framework (from )
-- JavaBeans(TM) Activation Framework (from http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp)
 
 ========================================================================
 CPL-1.0
@@ -496,6 +512,7 @@ EPL-1.0
 ========================================================================
 The following software have components provided under the terms of this license:
 
+- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
 - JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
 - Jakarta WebSocket - Server API (from https://projects.eclipse.org/projects/ee4j.websocket)
 - Java Servlet API (from https://projects.eclipse.org/projects/ee4j.servlet)
@@ -509,6 +526,7 @@ The following software have components provided under the terms of this license:
 - Jetty :: Servlet Annotations (from http://www.eclipse.org/jetty)
 - Jetty :: Servlet Handling (from http://www.eclipse.org/jetty)
 - Jetty :: Utilities (from http://www.eclipse.org/jetty)
+- Jetty :: Utilities :: Ajax(JSON) (from http://www.eclipse.org/jetty)
 - Jetty :: Utility Servlets and Filters (from http://www.eclipse.org/jetty)
 - Jetty :: Webapp Application Support (from http://www.eclipse.org/jetty)
 - Jetty :: Websocket :: API (from https://www.eclipse.org/jetty)
@@ -535,13 +553,13 @@ The following software have components provided under the terms of this license:
 - org.junit.jupiter:junit-jupiter-params (from http://junit.org/junit5/)
 - org.junit.platform:junit-platform-commons (from http://junit.org/junit5/)
 - org.junit.platform:junit-platform-engine (from http://junit.org/junit5/)
-- org.junit.vintage:junit-vintage-engine (from http://junit.org/junit5/)
 
 ========================================================================
 EPL-2.0
 ========================================================================
 The following software have components provided under the terms of this license:
 
+- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
 - JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
 - Jakarta WebSocket - Server API (from https://projects.eclipse.org/projects/ee4j.websocket)
 - Java Servlet API (from https://projects.eclipse.org/projects/ee4j.servlet)
@@ -551,7 +569,6 @@ The following software have components provided under the terms of this license:
 - org.junit.jupiter:junit-jupiter-params (from http://junit.org/junit5/)
 - org.junit.platform:junit-platform-commons (from http://junit.org/junit5/)
 - org.junit.platform:junit-platform-engine (from http://junit.org/junit5/)
-- org.junit.vintage:junit-vintage-engine (from http://junit.org/junit5/)
 
 ========================================================================
 GPL-2.0-only
@@ -562,7 +579,6 @@ The following software have components provided under the terms of this license:
 - Cobertura code coverage (from http://cobertura.sourceforge.net)
 - Commons Lang (from http://commons.apache.org/lang/)
 - JavaBeans Activation Framework (from )
-- JavaMail API (from )
 - Mojo's Maven plugin for Cobertura (from http://mojo.codehaus.org/cobertura-maven-plugin/)
 - javax.annotation-api (from http://jcp.org/en/jsr/detail?id=250)
 
@@ -580,10 +596,10 @@ The following software have components provided under the terms of this license:
 
 - Checker Qual (from https://checkerframework.org)
 - Cobertura code coverage (from http://cobertura.sourceforge.net)
+- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
 - Jakarta WebSocket - Server API (from https://projects.eclipse.org/projects/ee4j.websocket)
 - Java Servlet API (from https://projects.eclipse.org/projects/ee4j.servlet)
 - JavaBeans Activation Framework (from )
-- JavaMail API (from )
 - jakarta.annotation-api (from https://projects.eclipse.org/projects/ee4j.ca)
 - javax.annotation-api (from http://jcp.org/en/jsr/detail?id=250)
 
@@ -592,10 +608,18 @@ GPL-3.0-only
 ========================================================================
 The following software have components provided under the terms of this license:
 
+- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
 - Java Servlet API (from https://projects.eclipse.org/projects/ee4j.servlet)
 - Project Lombok (from https://projectlombok.org)
 - jakarta.annotation-api (from https://projects.eclipse.org/projects/ee4j.ca)
 
+========================================================================
+JSON
+========================================================================
+The following software have components provided under the terms of this license:
+
+- JSON in Java (from https://github.com/douglascrockford/JSON-java)
+
 ========================================================================
 LGPL-2.1-only
 ========================================================================
@@ -624,7 +648,6 @@ LGPL-2.1-or-later
 ========================================================================
 The following software have components provided under the terms of this license:
 
-- Java Native Access Platform (from https://github.com/java-native-access/jna)
 - Javassist (from http://www.javassist.org/)
 - SnakeYAML (from http://www.snakeyaml.org)
 
@@ -642,12 +665,11 @@ MIT
 The following software have components provided under the terms of this license:
 
 - Animal Sniffer Annotations (from )
-- Azure AD Spring Security Integration Spring Boot Starter (from https://github.com/Microsoft/azure-spring-boot)
 - Azure Java Client Authentication Library for AutoRest (from https://github.com/Azure/autorest-clientruntime-for-java)
+- Azure Java Client Runtime for ARM (from https://github.com/Azure/autorest-clientruntime-for-java)
 - Azure Java Client Runtime for AutoRest (from https://github.com/Azure/autorest-clientruntime-for-java)
-- Azure Metrics Spring Boot Starter (from https://github.com/Microsoft/azure-spring-boot)
-- Azure Spring Boot AutoConfigure (from https://github.com/Microsoft/azure-spring-boot)
-- Azure Spring Boot Starter (from https://github.com/Microsoft/azure-spring-boot)
+- Azure Spring Boot AutoConfigure (from https://github.com/Azure/azure-sdk-for-java)
+- Checker Qual (from https://checkerframework.org)
 - Checker Qual (from https://checkerframework.org)
 - Extensions on Apache Proton-J library (from https://github.com/Azure/qpid-proton-j-extensions)
 - JOpt Simple (from http://pholser.github.io/jopt-simple)
@@ -656,7 +678,6 @@ The following software have components provided under the terms of this license:
 - Java JWT (from http://www.jwt.io)
 - Jetty :: Utilities (from http://www.eclipse.org/jetty)
 - Lucene Core (from )
-- Lucene Sandbox (from )
 - Microsoft Application Insights Java SDK Core (from https://github.com/Microsoft/ApplicationInsights-Java)
 - Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
 - Microsoft Application Insights Java SDK Web Module (from https://github.com/Microsoft/ApplicationInsights-Java)
@@ -664,10 +685,13 @@ The following software have components provided under the terms of this license:
 - Microsoft Azure Java Core Library (from https://github.com/Azure/azure-sdk-for-java)
 - Microsoft Azure Netty HTTP Client Library (from https://github.com/Azure/azure-sdk-for-java)
 - Microsoft Azure SDK annotations (from https://github.com/Microsoft/java-api-annotations)
+- Microsoft Azure SDK for EventGrid Management (from https://github.com/Azure/azure-sdk-for-java)
 - Microsoft Azure SDK for SQL API of Azure Cosmos DB Service (from https://github.com/Azure/azure-sdk-for-java)
 - Microsoft Azure SDK for Service Bus (from https://github.com/Azure/azure-sdk-for-java)
+- Microsoft Azure SDK for eventgrid (from https://github.com/Azure/azure-sdk-for-java)
 - Microsoft Azure client library for Blob Storage (from https://github.com/Azure/azure-sdk-for-java)
 - Microsoft Azure client library for Identity (from https://github.com/Azure/azure-sdk-for-java)
+- Microsoft Azure client library for KeyVault Keys (from https://github.com/Azure/azure-sdk-for-java)
 - Microsoft Azure client library for KeyVault Secrets (from https://github.com/Azure/azure-sdk-for-java)
 - Microsoft Azure common module for Storage (from https://github.com/Azure/azure-sdk-for-java)
 - Microsoft Azure internal Avro module for Storage (from https://github.com/Azure/azure-sdk-for-java)
@@ -679,10 +703,12 @@ The following software have components provided under the terms of this license:
 - Plexus Default Interactivity Handler (from )
 - Project Lombok (from https://projectlombok.org)
 - SLF4J API Module (from http://www.slf4j.org)
+- SLF4J API Module (from http://www.slf4j.org)
 - Spongy Castle (from http://rtyley.github.io/spongycastle/)
 - Spring Data for Azure Cosmos DB SQL API (from https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/cosmos/azure-spring-data-cosmos)
 - adal4j (from https://github.com/AzureAD/azure-activedirectory-library-for-java)
-- jwks-rsa (from http://www.auth0.com)
+- azure-documentdb (from https://azure.microsoft.com/en-us/services/cosmos-db/)
+- documentdb-bulkexecutor (from http://azure.microsoft.com/en-us/services/documentdb/)
 - micrometer-core (from https://github.com/micrometer-metrics/micrometer)
 - mockito-junit-jupiter (from https://github.com/mockito/mockito)
 - msal4j (from https://github.com/AzureAD/microsoft-authentication-library-for-java)
@@ -738,6 +764,7 @@ SPL-1.0
 ========================================================================
 The following software have components provided under the terms of this license:
 
+- Checker Qual (from https://checkerframework.org)
 - Checker Qual (from https://checkerframework.org)
 
 ========================================================================
@@ -763,16 +790,18 @@ The following software have components provided under the terms of this license:
 
 - Asynchronous Http Client (from )
 - Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
+- Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
 - HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
 - HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
 - Joda-Time (from http://www.joda.org/joda-time/)
 - LatencyUtils (from http://latencyutils.github.io/LatencyUtils/)
 - Microsoft Application Insights Java SDK Core (from https://github.com/Microsoft/ApplicationInsights-Java)
+- Microsoft Azure SDK for EventGrid Management (from https://github.com/Azure/azure-sdk-for-java)
 - Microsoft Azure SDK for SQL API of Azure Cosmos DB Service (from https://github.com/Azure/azure-sdk-for-java)
 - Microsoft Azure client library for Blob Storage (from https://github.com/Azure/azure-sdk-for-java)
 - Project Lombok (from https://projectlombok.org)
 - Spring Web (from https://github.com/spring-projects/spring-framework)
-- StAX API (from http://stax.codehaus.org/)
+- azure-documentdb (from https://azure.microsoft.com/en-us/services/cosmos-db/)
 - msal4j (from https://github.com/AzureAD/microsoft-authentication-library-for-java)
 - reactive-streams (from http://www.reactive-streams.org/)
 - xml-apis (from )
@@ -783,10 +812,10 @@ unknown
 The following software have components provided under the terms of this license:
 
 - Byte Buddy (without dependencies) (from )
+- Checker Qual (from https://checkerframework.org)
 - JUnit (from http://junit.org)
 - JUnit Jupiter (Aggregator) (from https://junit.org/junit5/)
 - JavaBeans Activation Framework API jar (from )
-- JavaMail API (from )
 - Servlet Specification 2.5 API (from )
 - Spongy Castle (from http://rtyley.github.io/spongycastle/)
 - jakarta.xml.bind-api (from )
@@ -795,7 +824,6 @@ The following software have components provided under the terms of this license:
 - org.junit.jupiter:junit-jupiter-params (from http://junit.org/junit5/)
 - org.junit.platform:junit-platform-commons (from http://junit.org/junit5/)
 - org.junit.platform:junit-platform-engine (from http://junit.org/junit5/)
-- org.junit.vintage:junit-vintage-engine (from http://junit.org/junit5/)
 - xml-apis (from )
 
 

crs-catalog-core/pom.xml

@@ -10,9 +10,7 @@
         <relativePath>../pom.xml</relativePath>
     </parent>
 
-    <groupId>org.opengroup.osdu.crs-catalog-service</groupId>
     <artifactId>crs-catalog-core</artifactId>
-    <version>0.9.0-SNAPSHOT</version>
     <packaging>jar</packaging>
     <name>crs-catalog-core</name>
     <description>CRS catalog service core</description>
@@ -44,11 +42,6 @@
             <artifactId>javax.inject</artifactId>
             <version>1</version>
         </dependency>
-        <dependency>
-            <groupId>com.auth0</groupId>
-            <artifactId>jwks-rsa</artifactId>
-            <version>0.11.0</version>
-        </dependency>
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-config</artifactId>
@@ -80,6 +73,15 @@
             <groupId>io.springfox</groupId>
             <artifactId>springfox-swagger2</artifactId>
             <version>${springfox-swagger2.version}</version>
+            <exclusions>
+                <exclusion>
+                    <!--
+                    Excluding com.google.guava:guava:jar:18.0, because it has security vulnerability
+                    -->
+                    <groupId>com.google.guava</groupId>
+                    <artifactId>guava</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>io.springfox</groupId>
@@ -195,28 +197,6 @@
                 <version>2.21.0</version>
                 <configuration>
                     <redirectTestOutputToFile>true</redirectTestOutputToFile>
-                    <!--
-                    <testFailureIgnore>true</testFailureIgnore>
-                     -->
-                </configuration>
-            </plugin>
-            <plugin>
-                <groupId>org.whitesource</groupId>
-                <artifactId>whitesource-maven-plugin</artifactId>
-                <version>18.11.1</version>
-                <configuration>
-                    <orgToken>${orgToken}</orgToken>
-                    <wssUrl>https://app-eu.whitesourcesoftware.com/agent</wssUrl>
-                    <aggregateModules>true</aggregateModules>
-                    <product>DE</product>
-                    <aggregateProjectName>de-crs-catalog-service</aggregateProjectName>
-                    <forceCheckAllDependencies>true</forceCheckAllDependencies>
-                    <checkPolicies>false</checkPolicies>
-                    <forceUpdate>true</forceUpdate>
-                    <failOnError>false</failOnError>
-                    <excludes>
-                        <exclude>integration-tests</exclude>
-                    </excludes>
                 </configuration>
             </plugin>
         </plugins>

pom.xml

@@ -2,12 +2,6 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
-    <parent>
-        <groupId>org.springframework.boot</groupId>
-        <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.2.11.RELEASE</version>
-    </parent>
-
     <properties>
         <java.version>1.8</java.version>
         <maven.compiler.target>1.8</maven.compiler.target>
@@ -17,7 +11,6 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <os-core-common.version>0.9.0-rc17</os-core-common.version>
         <snakeyaml.version>1.26</snakeyaml.version>
-        <jackson.version>2.11.2</jackson.version>
         <nimbus-jose-jwt.version>7.9</nimbus-jose-jwt.version>
     </properties>
 
@@ -94,21 +87,31 @@
                 <version>${os-core-common.version}</version>
             </dependency>
             <dependency>
-                <groupId>com.fasterxml.jackson.core</groupId>
-                <artifactId>jackson-core</artifactId>
-                <version>${jackson.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>com.fasterxml.jackson.core</groupId>
-                <artifactId>jackson-databind</artifactId>
-                <version>${jackson.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>com.nimbusds</groupId>
-                <artifactId>nimbus-jose-jwt</artifactId>
-                <version>${nimbus-jose-jwt.version}</version>
+                <groupId>org.opengroup.osdu</groupId>
+                <artifactId>os-core-common</artifactId>
+                <version>${os-core-common.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
             </dependency>
         </dependencies>
     </dependencyManagement>
 
+    <build>
+        <pluginManagement>
+            <plugins>
+                <plugin>
+                    <groupId>org.springframework.boot</groupId>
+                    <artifactId>spring-boot-maven-plugin</artifactId>
+                    <executions>
+                        <execution>
+                            <goals>
+                                <goal>repackage</goal>
+                            </goals>
+                        </execution>
+                    </executions>
+                </plugin>
+            </plugins>
+        </pluginManagement>
+    </build>
+
 </project>

provider/crs-catalog-aws/pom.xml

@@ -25,9 +25,7 @@
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
-    <groupId>org.opengroup.osdu.crs-catalog-service</groupId>
     <artifactId>crs-catalog-aws</artifactId>
-    <version>0.9.0-SNAPSHOT</version>
     <packaging>jar</packaging>
     <name>crs-catalog-aws</name>
     <description>CRS Catalog service on AWS</description>
@@ -35,9 +33,7 @@
     <properties>
         <app.version>1</app.version>
         <app.id>crs-catalog-aws</app.id>
-
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-
         <objectify.version>5.1.22</objectify.version>
         <slf4j.version>1.7.25</slf4j.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -55,7 +51,7 @@
         <dependency>
             <groupId>org.opengroup.osdu.crs-catalog-service</groupId>
             <artifactId>crs-catalog-core</artifactId>
-            <version>0.9.0-SNAPSHOT</version>
+            <version>${project.version}</version>
         </dependency>
 
         <dependency>

provider/crs-catalog-azure/crs-catalog-aks/pom.xml

@@ -3,7 +3,6 @@
 
     <modelVersion>4.0.0</modelVersion>
 
-
     <parent>
         <groupId>org.opengroup.osdu.crs-catalog-service</groupId>
         <artifactId>crs-catalog-service</artifactId>
@@ -11,9 +10,7 @@
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
-    <groupId>org.opengroup.osdu.crs-catalog-service</groupId>
     <artifactId>crs-catalog-aks</artifactId>
-    <version>0.9.0-SNAPSHOT</version>
     <packaging>jar</packaging>
     <name>crs-catalog-aks</name>
     <description>CRS Catalog service Google Kubernetes Engine deployment</description>
@@ -21,43 +18,68 @@
     <properties>
         <app.version>1</app.version>
         <app.id>crs-catalog-aks</app.id>    
-
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-
         <objectify.version>5.1.22</objectify.version>
-        <azure.version>2.1.7</azure.version>
         <slf4j.version>1.7.25</slf4j.version>
-        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <maven.compiler.showDeprecation>true</maven.compiler.showDeprecation>	    
+        <maven.compiler.showDeprecation>true</maven.compiler.showDeprecation>
         <maven.compiler.source>1.8</maven.compiler.source>
         <maven.compiler.target>1.8</maven.compiler.target>
-        <osdu.corelibazure.version>0.0.42</osdu.corelibazure.version>
+        <osdu.corelibazure.version>0.9.0-rc8</osdu.corelibazure.version>
+        <json-smart.version>2.4.6</json-smart.version>
     </properties>
 
     <prerequisites>
         <maven>3.1.0</maven>
     </prerequisites>
 
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.opengroup.osdu</groupId>
+                <artifactId>core-lib-azure</artifactId>
+                <version>${osdu.corelibazure.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
     <dependencies>
 
         <dependency>
             <groupId>org.opengroup.osdu.crs-catalog-service</groupId>
             <artifactId>crs-catalog-core</artifactId>
-            <version>0.9.0-SNAPSHOT</version>
+            <version>${project.version}</version>
         </dependency>
         <dependency>
             <groupId>org.opengroup.osdu</groupId>
             <artifactId>core-lib-azure</artifactId>
             <version>${osdu.corelibazure.version}</version>
         </dependency>
+        <dependency>
+            <groupId>net.minidev</groupId>
+            <artifactId>json-smart</artifactId>
+            <version>${json-smart.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.azure.spring</groupId>
+            <artifactId>azure-spring-boot-starter-active-directory</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.springframework.boot</groupId>
+                    <artifactId>spring-boot-starter-logging</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
 
         <!-- Compile/runtime dependencies -->
         <dependency>
-        <groupId>javax.jdo</groupId>
-        <artifactId>jdo-api</artifactId>