From c2416a57a8ab0e2899cd83fc18b0541e660d75c7 Mon Sep 17 00:00:00 2001
From: "Romain DEP." <rom1dep@gmail.com>
Date: Tue, 27 Feb 2018 02:28:58 +0100
Subject: [PATCH] deps: update jackson to a vuln-free version, bump java-jwt in
 the process

---
 airsonic-main/pom.xml |  2 +-
 pom.xml               | 14 ++++++++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/airsonic-main/pom.xml b/airsonic-main/pom.xml
index 31de9a30..ba26cc0e 100644
--- a/airsonic-main/pom.xml
+++ b/airsonic-main/pom.xml
@@ -93,7 +93,7 @@
         <dependency>
             <groupId>com.auth0</groupId>
             <artifactId>java-jwt</artifactId>
-            <version>3.1.0</version>
+            <version>3.3.0</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.ldap</groupId>
diff --git a/pom.xml b/pom.xml
index 42ab4227..fd11f43e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -86,7 +86,7 @@
                 <!-- Import dependency management from Spring Boot -->
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-dependencies</artifactId>
-                <version>1.5.8.RELEASE</version>
+                <version>1.5.10.RELEASE</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -113,6 +113,16 @@
                 <artifactId>commons-io</artifactId>
                 <version>2.5</version>
             </dependency>
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-core</artifactId>
+                <version>2.8.11</version>
+            </dependency>
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-databind</artifactId>
+                <version>2.8.11.1</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 
@@ -195,7 +205,7 @@
                 <plugin>
                     <groupId>org.owasp</groupId>
                     <artifactId>dependency-check-maven</artifactId>
-                    <version>3.0.2</version>
+                    <version>3.1.1</version>
                     <inherited>true</inherited>
                     <configuration>
                         <failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>