Fix security vulnerabilities

ad818899 · Duvelis Carao · 4c51b24d · ad818899 · ad818899 · ad818899
Commit ad818899 authored 4 years ago by Duvelis Carao
--- a/pom.xml
+++ b/pom.xml
@@ -56,6 +56,16 @@
                <groupId>org.opengroup.osdu</groupId>
                <artifactId>os-core-common</artifactId>
                <version>${osdu.oscorecommon.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>io.netty</groupId>
+                        <artifactId>netty-codec</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>com.fasterxml.jackson.core</groupId>
+                        <artifactId>jackson-databind</artifactId>
+                    </exclusion>
+                </exclusions>
            </dependency>
        </dependencies>
    </dependencyManagement>
@@ -67,6 +77,11 @@
            <version>1.18.12</version>
            <scope>provided</scope>
        </dependency>
+        <dependency>
+            <groupId>org.yaml</groupId>
+            <artifactId>snakeyaml</artifactId>
+            <version>1.26</version>
+        </dependency>
    </dependencies>

    <build>

--- a/provider/register-azure/pom.xml
+++ b/provider/register-azure/pom.xml
@@ -54,6 +54,16 @@
            <groupId>org.opengroup.osdu</groupId>
            <artifactId>core-lib-azure</artifactId>
            <version>${osdu.corelibazure.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.fasterxml.woodstox</groupId>
+                    <artifactId>woodstox-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.simpleframework</groupId>
+                    <artifactId>simple-xml</artifactId>
+                </exclusion>
+            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.opengroup.osdu</groupId>

--- a/register-core/pom.xml
+++ b/register-core/pom.xml
@@ -46,6 +46,10 @@
                    <groupId>org.springframework.boot</groupId>
                    <artifactId>spring-boot-starter-tomcat</artifactId>
                </exclusion>
+                <exclusion>
+                    <groupId>org.yaml</groupId>
+                    <artifactId>snakeyaml</artifactId>
+                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
@@ -101,6 +105,10 @@
                    <groupId>com.google.guava</groupId>
                    <artifactId>guava</artifactId>
                </exclusion>
+                <exclusion>
+                    <groupId>org.yaml</groupId>
+                    <artifactId>snakeyaml</artifactId>
+                </exclusion>
            </exclusions>
        </dependency>

@@ -112,7 +120,7 @@
        <dependency>
            <groupId>com.fasterxml.jackson.datatype</groupId>
            <artifactId>jackson-datatype-joda</artifactId>
-            <version>2.9.9</version>
+            <version>2.11.3</version>
        </dependency>
        <dependency>
            <groupId>joda-time</groupId>