fix: update vulnerable dependency to resolve CVE

Author: mkiran

ipp-v3-java-data/pom.xml

@@ -30,7 +30,7 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-annotations</artifactId>
-			<version>2.9.10</version>
+			<version>2.18.3</version>
 		</dependency>
 		<dependency>
 			<groupId>org.glassfish.jaxb</groupId>
@@ -192,7 +192,7 @@
 	    <dependency>
 		<groupId>org.apache.commons</groupId>
 		<artifactId>commons-lang3</artifactId>
-		<version>3.9</version>
+		<version>3.17.0</version>
 	    </dependency>
         </dependencies>
     </dependencyManagement>

ipp-v3-java-data/src/main/java/com/intuit/ipp/data/MonthEnum.java

@@ -41,7 +41,7 @@
 @XmlEnum
 public enum MonthEnum {
 
-    @XmlEnumValue("January")
+    @XmlEnumValue("JANUARY")
     JANUARY("January"),
     @XmlEnumValue("February")
     FEBRUARY("February"),

ipp-v3-java-devkit/pom.xml

@@ -63,7 +63,7 @@
     <dependency> 
       <groupId>com.google.code.gson</groupId>  
       <artifactId>gson</artifactId>  
-      <version>2.8.1</version> 
+      <version>2.12.1</version>
     </dependency>  
     <dependency> 
       <groupId>oauth.signpost</groupId>  
@@ -76,10 +76,10 @@
       <version>1.2</version> 
     </dependency>  
     <!-- Exclude commons-collection 3.2.1 due to security vulnerability and bring in 3.2.2 below that has the fix -->  
-    <dependency> 
-      <groupId>commons-configuration</groupId>  
-      <artifactId>commons-configuration</artifactId>  
-      <version>1.6</version>  
+    <dependency>
+        <groupId>org.apache.commons</groupId>
+        <artifactId>commons-configuration2</artifactId>
+        <version>2.12.0</version>
       <exclusions> 
         <exclusion> 
           <groupId>commons-collections</groupId>  
@@ -104,7 +104,7 @@
     <dependency>
       <groupId>commons-beanutils</groupId>
       <artifactId>commons-beanutils</artifactId>
-      <version>1.9.4</version>
+      <version>1.11.0</version>
     </dependency>
     <dependency>
       <groupId>commons-io</groupId>
@@ -119,7 +119,7 @@
     <dependency> 
       <groupId>com.fasterxml.jackson.jaxrs</groupId>  
       <artifactId>jackson-jaxrs-json-provider</artifactId>  
-      <version>2.9.10</version> 
+      <version>2.18.3</version>
     </dependency>  
     <dependency> 
       <groupId>org.jmockit</groupId>  
@@ -314,12 +314,12 @@
       <dependency> 
         <groupId>com.fasterxml.jackson.jaxrs</groupId>  
         <artifactId>jackson-jaxrs-base</artifactId>  
-        <version>2.9.10</version> 
+        <version>2.18.3</version>
       </dependency>  
       <dependency> 
         <groupId>org.apache.commons</groupId>  
-        <artifactId>commons-lang3</artifactId>  
-        <version>3.9</version> 
+        <artifactId>commons-lang3</artifactId>
+        <version>3.17.0</version>
       </dependency>  
       <dependency> 
         <groupId>org.jvnet.staxex</groupId>  

ipp-v3-java-devkit/src/main/java/com/intuit/ipp/interceptors/HTTPBatchClientConnectionInterceptor.java

@@ -34,7 +34,7 @@
 import javax.net.ssl.SSLContext;
 
 import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.ArrayUtils;
+import org.apache.commons.lang3.ArrayUtils;
 import org.apache.http.HttpEntity;
 import org.apache.http.HttpHost;
 import org.apache.http.HttpResponse;

ipp-v3-java-devkit/src/main/java/com/intuit/ipp/interceptors/IntuitInterceptorProvider.java

@@ -27,7 +27,7 @@
 import com.intuit.ipp.util.Config;
 import com.intuit.ipp.util.Logger;
 import com.intuit.ipp.util.StringUtils;
-import org.apache.commons.configuration.Configuration;
+import org.apache.commons.configuration2.Configuration;
 
 /**
  * Class to provide the provision to add interceptors in the order those have to be executed. 

ipp-v3-java-devkit/src/main/java/com/intuit/ipp/serialization/AttachableResponseDeserializer.java

@@ -18,17 +18,11 @@
 import java.io.IOException;
 import java.util.Iterator;
 
-import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.*;
 import com.fasterxml.jackson.core.JsonParser;
-import com.fasterxml.jackson.databind.AnnotationIntrospector;
-import com.fasterxml.jackson.databind.DeserializationConfig;
-import com.fasterxml.jackson.databind.DeserializationContext;
-import com.fasterxml.jackson.databind.JsonDeserializer;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.introspect.JacksonAnnotationIntrospector;
 import com.fasterxml.jackson.module.jaxb.JaxbAnnotationIntrospector;
 import com.fasterxml.jackson.databind.introspect.AnnotationIntrospectorPair;
-import com.fasterxml.jackson.databind.DeserializationFeature;
 
 import com.intuit.ipp.data.Attachable;
 import com.intuit.ipp.data.AttachableResponse;
@@ -57,7 +51,7 @@ public class AttachableResponseDeserializer extends JsonDeserializer<AttachableR
 	@Override
 	public AttachableResponse deserialize(JsonParser jp, DeserializationContext desContext) throws IOException {
 		ObjectMapper mapper = new ObjectMapper();
-
+		mapper.configure(MapperFeature.ACCEPT_CASE_INSENSITIVE_ENUMS,true);
 		//Make the mapper JAXB annotations aware
 		AnnotationIntrospector primary = new JaxbAnnotationIntrospector();
 		AnnotationIntrospector secondary = new JacksonAnnotationIntrospector();

ipp-v3-java-devkit/src/main/java/com/intuit/ipp/serialization/BatchItemResponseDeserializer.java

@@ -20,19 +20,13 @@
 
 import javax.xml.bind.JAXBElement;
 
-import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.*;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.Version;
-import com.fasterxml.jackson.databind.AnnotationIntrospector;
-import com.fasterxml.jackson.databind.DeserializationConfig;
-import com.fasterxml.jackson.databind.DeserializationContext;
-import com.fasterxml.jackson.databind.JsonDeserializer;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.introspect.JacksonAnnotationIntrospector;
 import com.fasterxml.jackson.databind.module.SimpleModule;
 import com.fasterxml.jackson.module.jaxb.JaxbAnnotationIntrospector;
 import com.fasterxml.jackson.databind.introspect.AnnotationIntrospectorPair;
-import com.fasterxml.jackson.databind.DeserializationFeature;
 
 import com.intuit.ipp.data.BatchItemResponse;
 import com.intuit.ipp.data.CDCResponse;
@@ -96,7 +90,7 @@ public class BatchItemResponseDeserializer extends JsonDeserializer<BatchItemRes
 	@Override
 	public BatchItemResponse deserialize(JsonParser jp, DeserializationContext desContext) throws IOException {
 		ObjectMapper mapper = new ObjectMapper();
-
+		mapper.configure(MapperFeature.ACCEPT_CASE_INSENSITIVE_ENUMS,true);
 		//Make the mapper JAXB annotations aware
 		AnnotationIntrospector primary = new JaxbAnnotationIntrospector();
 		AnnotationIntrospector secondary = new JacksonAnnotationIntrospector();

ipp-v3-java-devkit/src/main/java/com/intuit/ipp/serialization/CDCQueryResponseDeserializer.java

@@ -20,19 +20,13 @@
 import java.util.Iterator;
 import java.util.List;
 
-import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.*;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.Version;
-import com.fasterxml.jackson.databind.AnnotationIntrospector;
-import com.fasterxml.jackson.databind.DeserializationConfig;
-import com.fasterxml.jackson.databind.DeserializationContext;
-import com.fasterxml.jackson.databind.JsonDeserializer;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.introspect.JacksonAnnotationIntrospector;
 import com.fasterxml.jackson.databind.module.SimpleModule;
 import com.fasterxml.jackson.module.jaxb.JaxbAnnotationIntrospector;
 import com.fasterxml.jackson.databind.introspect.AnnotationIntrospectorPair;
-import com.fasterxml.jackson.databind.DeserializationFeature;
 
 import com.intuit.ipp.data.CDCResponse;
 import com.intuit.ipp.data.Fault;
@@ -69,7 +63,7 @@ public class CDCQueryResponseDeserializer extends JsonDeserializer<CDCResponse>
 	@Override
 	public CDCResponse deserialize(JsonParser jp, DeserializationContext desContext) throws IOException {
 		ObjectMapper mapper = new ObjectMapper();
-
+		mapper.configure(MapperFeature.ACCEPT_CASE_INSENSITIVE_ENUMS,true);
 		//Make the mapper JAXB annotations aware
 		AnnotationIntrospector primary = new JaxbAnnotationIntrospector();
 		AnnotationIntrospector secondary = new JacksonAnnotationIntrospector();

ipp-v3-java-devkit/src/main/java/com/intuit/ipp/serialization/CustomFieldDefinitionDeserializer.java

@@ -20,17 +20,11 @@
 import java.util.Iterator;
 import java.util.List;
 
-import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.*;
 import com.fasterxml.jackson.core.JsonParser;
-import com.fasterxml.jackson.databind.AnnotationIntrospector;
-import com.fasterxml.jackson.databind.DeserializationConfig;
-import com.fasterxml.jackson.databind.DeserializationContext;
-import com.fasterxml.jackson.databind.JsonDeserializer;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.introspect.JacksonAnnotationIntrospector;
 import com.fasterxml.jackson.module.jaxb.JaxbAnnotationIntrospector;
 import com.fasterxml.jackson.databind.introspect.AnnotationIntrospectorPair;
-import com.fasterxml.jackson.databind.DeserializationFeature;
 
 import com.intuit.ipp.data.CustomField;
 import com.intuit.ipp.data.CustomFieldDefinition;
@@ -61,7 +55,7 @@ public class CustomFieldDefinitionDeserializer extends JsonDeserializer<CustomFi
 	@Override
 	public CustomFieldDefinition deserialize(JsonParser jp, DeserializationContext desContext) throws IOException {
 		ObjectMapper mapper = new ObjectMapper();
-
+		mapper.configure(MapperFeature.ACCEPT_CASE_INSENSITIVE_ENUMS,true);
 		//Make the mapper JAXB annotations aware
 		AnnotationIntrospector primary = new JaxbAnnotationIntrospector();
 		AnnotationIntrospector secondary = new JacksonAnnotationIntrospector();

ipp-v3-java-devkit/src/main/java/com/intuit/ipp/serialization/IntuitResponseDeserializer.java

@@ -144,7 +144,7 @@ public IntuitResponse deserialize(JsonParser jp, DeserializationContext desConte
 			throws IOException {
 		ObjectMapper mapper = new ObjectMapper();
 		Report report = new Report();
-
+		mapper.configure(MapperFeature.ACCEPT_CASE_INSENSITIVE_ENUMS,true);
 		//Make the mapper JAXB annotations aware
 		AnnotationIntrospector primary = new JaxbAnnotationIntrospector();
 		AnnotationIntrospector secondary = new JacksonAnnotationIntrospector();