fix: upgrade libs for fix vulnerabilities (#66)

kotharironak · web-flow · commit bab890090a71 · 2023-02-21T20:27:59.000+05:30
diff --git a/platform-metrics/build.gradle.kts b/platform-metrics/build.gradle.kts
@@ -11,7 +11,7 @@ tasks.test {
 
 dependencies {
   api("com.typesafe:config:1.4.2")
-  api("io.dropwizard.metrics:metrics-core:4.2.13")
+  api("io.dropwizard.metrics:metrics-core:4.2.16")
   api("io.micrometer:micrometer-core:1.10.2")
   api("javax.servlet:javax.servlet-api:3.1.0")
 
@@ -20,7 +20,7 @@ dependencies {
   implementation("io.github.mweirauch:micrometer-jvm-extras:0.2.2")
   implementation("org.slf4j:slf4j-api:1.7.36")
   implementation("org.apache.logging.log4j:log4j-slf4j-impl:2.19.0")
-  implementation("io.dropwizard.metrics:metrics-jvm:4.2.13")
+  implementation("io.dropwizard.metrics:metrics-jvm:4.2.16")
   implementation("io.prometheus:simpleclient_dropwizard:0.12.0")
   implementation("io.prometheus:simpleclient_servlet:0.12.0")
   implementation("io.prometheus:simpleclient_pushgateway:0.12.0")
diff --git a/platform-service-framework/build.gradle.kts b/platform-service-framework/build.gradle.kts
@@ -17,7 +17,12 @@ dependencies {
   api("com.typesafe:config:1.4.2")
 
   // Use for thread dump servlet
-  implementation("io.dropwizard.metrics:metrics-servlets:4.2.13")
+  implementation("io.dropwizard.metrics:metrics-servlets:4.2.16")
+  constraints {
+    implementation("com.fasterxml.jackson.core:jackson-databind:2.14.2") {
+      because("version 2.12.7.1 has a vulnerability https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424")
+    }
+  }
   implementation("org.eclipse.jetty:jetty-servlet:9.4.50.v20221201")
 
   // Use for metrics servlet
