From 296ddb8a3741c72342bf0f4068a711d2b121b948 Mon Sep 17 00:00:00 2001
From: Tadgh <garygrantgraham@gmail.com>
Date: Wed, 26 Oct 2022 10:17:11 -0700
Subject: [PATCH] CVE Fixes (#4200)

* CVEs

* bump snakeyaml again

* Add updates to changes.yaml
---
 hapi-fhir-batch/pom.xml                       |  8 --------
 hapi-fhir-docs/pom.xml                        |  2 +-
 .../hapi/fhir/changelog/6_2_0/changes.yaml    |  3 +++
 hapi-fhir-server/pom.xml                      |  4 ----
 hapi-fhir-test-utilities/pom.xml              | 10 ----------
 pom.xml                                       | 20 ++-----------------
 6 files changed, 6 insertions(+), 41 deletions(-)

diff --git a/hapi-fhir-batch/pom.xml b/hapi-fhir-batch/pom.xml
index 319d18e5bc9..8a77c19e516 100644
--- a/hapi-fhir-batch/pom.xml
+++ b/hapi-fhir-batch/pom.xml
@@ -19,14 +19,6 @@
 	</description>
 
 	<dependencies>
-		<dependency>
-			<groupId>org.springframework.batch</groupId>
-			<artifactId>spring-batch-core</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.batch</groupId>
-			<artifactId>spring-batch-infrastructure</artifactId>
-		</dependency>
 		<dependency>
 			<groupId>javax.annotation</groupId>
 			<artifactId>javax.annotation-api</artifactId>
diff --git a/hapi-fhir-docs/pom.xml b/hapi-fhir-docs/pom.xml
index 65d215271be..80e025cd4ae 100644
--- a/hapi-fhir-docs/pom.xml
+++ b/hapi-fhir-docs/pom.xml
@@ -111,7 +111,7 @@
 		<dependency>
 			<groupId>org.yaml</groupId>
 			<artifactId>snakeyaml</artifactId>
-			<version>1.31</version>
+			<version>1.33</version>
 		</dependency>
 
 		<dependency>
diff --git a/hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/6_2_0/changes.yaml b/hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/6_2_0/changes.yaml
index 3ed9435c656..8e83ad09950 100644
--- a/hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/6_2_0/changes.yaml
+++ b/hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/6_2_0/changes.yaml
@@ -12,6 +12,9 @@
 <li>Caffeine (JPA): 2.9.1 -> 3.1.1</li>
 <li>Commons-Text (JPA and Testpage Overlay): 1.9.0 -> 1.10.0 (Addresses <a href=\"https://nvd.nist.gov/vuln/detail/CVE-2022-42889\">CVE-2022-42889</a>)</li>
 <li>Spring Boot (Boot): 2.6.7 -> 2.7.4</li>
+<li>Jackson Databind: 2.13.2.2 -> 2.13.4.1</li>
+<li>Snakeyaml : 1.31 -> 1.33</li>
+<li>Graphql-Java : 17.3 -> 17.4</li>
 </ul>
 "
 
diff --git a/hapi-fhir-server/pom.xml b/hapi-fhir-server/pom.xml
index ee94dcf1a8d..958980042c8 100644
--- a/hapi-fhir-server/pom.xml
+++ b/hapi-fhir-server/pom.xml
@@ -73,10 +73,6 @@
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-messaging</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>org.springframework.batch</groupId>
-			<artifactId>spring-batch-core</artifactId>
-		</dependency>
 		<dependency>
 			<groupId>ch.qos.logback</groupId>
 			<artifactId>logback-classic</artifactId>
diff --git a/hapi-fhir-test-utilities/pom.xml b/hapi-fhir-test-utilities/pom.xml
index 384b3eb974d..628b12e9cda 100644
--- a/hapi-fhir-test-utilities/pom.xml
+++ b/hapi-fhir-test-utilities/pom.xml
@@ -75,16 +75,6 @@
 			<artifactId>spring-test</artifactId>
 			<optional>true</optional>
 		</dependency>
-		<dependency>
-			<groupId>org.springframework.batch</groupId>
-			<artifactId>spring-batch-core</artifactId>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.batch</groupId>
-			<artifactId>spring-batch-test</artifactId>
-			<optional>true</optional>
-		</dependency>
 
         <!-- HTMLUnit -->
         <dependency>
diff --git a/pom.xml b/pom.xml
index 653b8c226bc..bc869f522b5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -827,7 +827,7 @@
         <httpcore_version>4.4.13</httpcore_version>
         <httpclient_version>4.5.13</httpclient_version>
         <jackson_version>2.13.2</jackson_version>
-        <jackson_databind_version>2.13.2.2</jackson_databind_version>
+        <jackson_databind_version>2.13.4.1</jackson_databind_version>
         <maven_assembly_plugin_version>3.3.0</maven_assembly_plugin_version>
         <maven_license_plugin_version>1.8</maven_license_plugin_version>
         <okhttp_version>4.10.0</okhttp_version>
@@ -947,7 +947,7 @@
 			<dependency>
 				<groupId>com.graphql-java</groupId>
 				<artifactId>graphql-java</artifactId>
-				<version>17.3</version>
+				<version>17.4</version>
 			</dependency>
 			<!-- mail start -->
 			<dependency>
@@ -1847,16 +1847,6 @@
 				<artifactId>spring-retry</artifactId>
 				<version>${spring_retry_version}</version>
 			</dependency>
-			<dependency>
-				<groupId>org.springframework.batch</groupId>
-				<artifactId>spring-batch-core</artifactId>
-				<version>${spring_batch_version}</version>
-			</dependency>
-			<dependency>
-				<groupId>org.springframework.batch</groupId>
-				<artifactId>spring-batch-infrastructure</artifactId>
-				<version>${spring_batch_version}</version>
-			</dependency>
 			<dependency>
 				<groupId>org.thymeleaf</groupId>
 				<artifactId>thymeleaf</artifactId>
@@ -1967,12 +1957,6 @@
 				<artifactId>flyway-core</artifactId>
 				<version>${flyway_version}</version>
 			</dependency>
-			<dependency>
-				<groupId>org.springframework.batch</groupId>
-				<artifactId>spring-batch-test</artifactId>
-				<version>${spring_batch_version}</version>
-				<scope>test</scope>
-			</dependency>
 		</dependencies>
 	</dependencyManagement>