CVE Fixes (#4200)

* CVEs

* bump snakeyaml again

* Add updates to changes.yaml

hapi-fhir-batch/pom.xml

@@ -19,14 +19,6 @@
 	</description>
 
 	<dependencies>
-		<dependency>
-			<groupId>org.springframework.batch</groupId>
-			<artifactId>spring-batch-core</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.batch</groupId>
-			<artifactId>spring-batch-infrastructure</artifactId>
-		</dependency>
 		<dependency>
 			<groupId>javax.annotation</groupId>
 			<artifactId>javax.annotation-api</artifactId>

hapi-fhir-docs/pom.xml

@@ -111,7 +111,7 @@
 		<dependency>
 			<groupId>org.yaml</groupId>
 			<artifactId>snakeyaml</artifactId>
-			<version>1.31</version>
+			<version>1.33</version>
 		</dependency>
 
 		<dependency>

hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/6_2_0/changes.yaml

@@ -12,6 +12,9 @@
 <li>Caffeine (JPA): 2.9.1 -> 3.1.1</li>
 <li>Commons-Text (JPA and Testpage Overlay): 1.9.0 -> 1.10.0 (Addresses <a href=\"https://nvd.nist.gov/vuln/detail/CVE-2022-42889\">CVE-2022-42889</a>)</li>
 <li>Spring Boot (Boot): 2.6.7 -> 2.7.4</li>
+<li>Jackson Databind: 2.13.2.2 -> 2.13.4.1</li>
+<li>Snakeyaml : 1.31 -> 1.33</li>
+<li>Graphql-Java : 17.3 -> 17.4</li>
 </ul>
 "
 

hapi-fhir-server/pom.xml

@@ -73,10 +73,6 @@
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-messaging</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>org.springframework.batch</groupId>
-			<artifactId>spring-batch-core</artifactId>
-		</dependency>
 		<dependency>
 			<groupId>ch.qos.logback</groupId>
 			<artifactId>logback-classic</artifactId>

hapi-fhir-test-utilities/pom.xml

@@ -75,16 +75,6 @@
 			<artifactId>spring-test</artifactId>
 			<optional>true</optional>
 		</dependency>
-		<dependency>
-			<groupId>org.springframework.batch</groupId>
-			<artifactId>spring-batch-core</artifactId>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.batch</groupId>
-			<artifactId>spring-batch-test</artifactId>
-			<optional>true</optional>
-		</dependency>
 
         <!-- HTMLUnit -->
         <dependency>

pom.xml

@@ -827,7 +827,7 @@
         <httpcore_version>4.4.13</httpcore_version>
         <httpclient_version>4.5.13</httpclient_version>
         <jackson_version>2.13.2</jackson_version>
-        <jackson_databind_version>2.13.2.2</jackson_databind_version>
+        <jackson_databind_version>2.13.4.1</jackson_databind_version>
         <maven_assembly_plugin_version>3.3.0</maven_assembly_plugin_version>
         <maven_license_plugin_version>1.8</maven_license_plugin_version>
         <okhttp_version>4.10.0</okhttp_version>
@@ -947,7 +947,7 @@
 			<dependency>
 				<groupId>com.graphql-java</groupId>
 				<artifactId>graphql-java</artifactId>
-				<version>17.3</version>
+				<version>17.4</version>
 			</dependency>
 			<!-- mail start -->
 			<dependency>
@@ -1847,16 +1847,6 @@
 				<artifactId>spring-retry</artifactId>
 				<version>${spring_retry_version}</version>
 			</dependency>
-			<dependency>
-				<groupId>org.springframework.batch</groupId>
-				<artifactId>spring-batch-core</artifactId>
-				<version>${spring_batch_version}</version>
-			</dependency>
-			<dependency>
-				<groupId>org.springframework.batch</groupId>
-				<artifactId>spring-batch-infrastructure</artifactId>
-				<version>${spring_batch_version}</version>
-			</dependency>
 			<dependency>
 				<groupId>org.thymeleaf</groupId>
 				<artifactId>thymeleaf</artifactId>
@@ -1967,12 +1957,6 @@
 				<artifactId>flyway-core</artifactId>
 				<version>${flyway_version}</version>
 			</dependency>
-			<dependency>
-				<groupId>org.springframework.batch</groupId>
-				<artifactId>spring-batch-test</artifactId>
-				<version>${spring_batch_version}</version>
-				<scope>test</scope>
-			</dependency>
 		</dependencies>
 	</dependencyManagement>