From d42049eb79797f138c68c6fab9ecb909e0d56f38 Mon Sep 17 00:00:00 2001
From: Pintu Gupta <pintu.gupta@ibm.com>
Date: Mon, 26 Dec 2022 03:55:50 +0000
Subject: [PATCH] Vulnerability fix ibm storage service

---
 NOTICE                       | 10 ----------
 pom.xml                      |  6 +++---
 provider/storage-gcp/pom.xml |  5 +++++
 provider/storage-ibm/pom.xml |  2 +-
 4 files changed, 9 insertions(+), 14 deletions(-)

diff --git a/NOTICE b/NOTICE
index 7dd52051b..ddf4f8ea3 100644
--- a/NOTICE
+++ b/NOTICE
@@ -626,7 +626,6 @@ The following software have components provided under the terms of this license:
 - Protocol Buffer Java API (from http://code.google.com/p/protobuf, https://repo1.maven.org/maven2/com/google/protobuf/protobuf-java)
 - Protocol Buffers [Util] (from https://repo1.maven.org/maven2/com/google/protobuf/protobuf-java-util)
 - Redisson (from http://redisson.org)
-- SnakeYAML (from http://code.google.com/p/snakeyaml/, http://www.snakeyaml.org, https://bitbucket.org/snakeyaml/snakeyaml)
 - Spring Core (from http://www.springframework.org, https://github.com/spring-projects/spring-framework, https://repo1.maven.org/maven2/org/springframework/spring-core)
 - ThreeTen backport (from https://github.com/ThreeTen/threetenbp, https://www.threeten.org/threetenbp)
 
@@ -746,7 +745,6 @@ The following software have components provided under the terms of this license:
 - Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
 - Microsoft Application Insights Java SDK Web Module (from https://github.com/Microsoft/ApplicationInsights-Java)
 - Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
-- SnakeYAML (from http://code.google.com/p/snakeyaml/, http://www.snakeyaml.org, https://bitbucket.org/snakeyaml/snakeyaml)
 
 ========================================================================
 EPL-2.0
@@ -778,13 +776,6 @@ The following software have components provided under the terms of this license:
 - RabbitMQ Java Client (from http://www.rabbitmq.com, https://www.rabbitmq.com)
 - tomcat-embed-core (from http://tomcat.apache.org/)
 
-========================================================================
-GPL-2.0-or-later
-========================================================================
-The following software have components provided under the terms of this license:
-
-- SnakeYAML (from http://code.google.com/p/snakeyaml/, http://www.snakeyaml.org, https://bitbucket.org/snakeyaml/snakeyaml)
-
 ========================================================================
 GPL-2.0-with-classpath-exception
 ========================================================================
@@ -870,7 +861,6 @@ The following software have components provided under the terms of this license:
 - Java Native Access (from https://github.com/java-native-access/jna, https://github.com/twall/jna)
 - Java Native Access Platform (from https://github.com/java-native-access/jna)
 - Javassist (from http://www.javassist.org/)
-- SnakeYAML (from http://code.google.com/p/snakeyaml/, http://www.snakeyaml.org, https://bitbucket.org/snakeyaml/snakeyaml)
 
 ========================================================================
 MIT
diff --git a/pom.xml b/pom.xml
index 1e26c6e8a..6042fd4c4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -28,10 +28,10 @@
 		<docker.image.prefix>opendes</docker.image.prefix>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<os-core-common.version>0.19.0-rc1</os-core-common.version>
-		<jackson-databind.version>2.13.4.1</jackson-databind.version>
-		<jackson.version>2.13.2</jackson.version>
+		<jackson-databind.version>2.14.0</jackson-databind.version>
+		<jackson.version>2.14.0</jackson.version>
 		<netty.version>4.1.51.Final</netty.version>
-		<snakeyaml.version>1.31</snakeyaml.version>
+		<snakeyaml.version>1.33</snakeyaml.version>
 		<commons-codec.version>1.14</commons-codec.version>
 		<nimbusds.version>7.9</nimbusds.version>
 		<woodstox-core.version>6.2.3</woodstox-core.version>
diff --git a/provider/storage-gcp/pom.xml b/provider/storage-gcp/pom.xml
index 3e029214f..1b9e5f8d5 100644
--- a/provider/storage-gcp/pom.xml
+++ b/provider/storage-gcp/pom.xml
@@ -82,6 +82,11 @@
                 <version>8.3.4</version>
                 <scope>compile</scope>
             </dependency>
+            <dependency>
+			    <groupId>com.google.code.gson</groupId>
+			    <artifactId>gson</artifactId>
+			    <version>2.9.1</version>
+			</dependency>
         </dependencies>
     </dependencyManagement>
 
diff --git a/provider/storage-ibm/pom.xml b/provider/storage-ibm/pom.xml
index ed07e1f43..46c8e32e8 100644
--- a/provider/storage-ibm/pom.xml
+++ b/provider/storage-ibm/pom.xml
@@ -30,7 +30,7 @@
 		<start-class>org.opengroup.osdu.storage.provider.ibm.app.StorageIBMApplication</start-class>
 		<jackson-dataformat-cbor.version>2.11.4</jackson-dataformat-cbor.version>
 		<spring-security-core.version>5.7.4</spring-security-core.version>
-		<tomcat-embed-core.version>9.0.67</tomcat-embed-core.version>
+		<tomcat-embed-core.version>9.0.68</tomcat-embed-core.version>
 		<commons-compress.version>1.22</commons-compress.version>
 	</properties>
 
-- 
GitLab