From 0b374bea0c977d3f1e57f1f99c71d4dae9bfd310 Mon Sep 17 00:00:00 2001
From: Ronak <ronak@traceable.ai>
Date: Tue, 21 Feb 2023 16:05:23 +0530
Subject: [PATCH] fix: upgrade libs for fix vulnerabilities

---
 platform-metrics/build.gradle.kts           | 4 ++--
 platform-service-framework/build.gradle.kts | 7 ++++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/platform-metrics/build.gradle.kts b/platform-metrics/build.gradle.kts
index 9232ba9..926e373 100644
--- a/platform-metrics/build.gradle.kts
+++ b/platform-metrics/build.gradle.kts
@@ -11,7 +11,7 @@ tasks.test {
 
 dependencies {
   api("com.typesafe:config:1.4.2")
-  api("io.dropwizard.metrics:metrics-core:4.2.13")
+  api("io.dropwizard.metrics:metrics-core:4.2.16")
   api("io.micrometer:micrometer-core:1.10.2")
   api("javax.servlet:javax.servlet-api:3.1.0")
 
@@ -20,7 +20,7 @@ dependencies {
   implementation("io.github.mweirauch:micrometer-jvm-extras:0.2.2")
   implementation("org.slf4j:slf4j-api:1.7.36")
   implementation("org.apache.logging.log4j:log4j-slf4j-impl:2.19.0")
-  implementation("io.dropwizard.metrics:metrics-jvm:4.2.13")
+  implementation("io.dropwizard.metrics:metrics-jvm:4.2.16")
   implementation("io.prometheus:simpleclient_dropwizard:0.12.0")
   implementation("io.prometheus:simpleclient_servlet:0.12.0")
   implementation("io.prometheus:simpleclient_pushgateway:0.12.0")
diff --git a/platform-service-framework/build.gradle.kts b/platform-service-framework/build.gradle.kts
index eed208d..4b87ec7 100644
--- a/platform-service-framework/build.gradle.kts
+++ b/platform-service-framework/build.gradle.kts
@@ -17,7 +17,12 @@ dependencies {
   api("com.typesafe:config:1.4.2")
 
   // Use for thread dump servlet
-  implementation("io.dropwizard.metrics:metrics-servlets:4.2.13")
+  implementation("io.dropwizard.metrics:metrics-servlets:4.2.16")
+  constraints {
+    implementation("com.fasterxml.jackson.core:jackson-databind:2.14.2") {
+      because("version 2.12.7.1 has a vulnerability https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424")
+    }
+  }
   implementation("org.eclipse.jetty:jetty-servlet:9.4.50.v20221201")
 
   // Use for metrics servlet