From f7df876a54e22ad1db47ebef6384bec3815d23e9 Mon Sep 17 00:00:00 2001
From: Hariharan Ramanathan <rhari@mail.uni-paderborn.de>
Date: Wed, 20 Nov 2019 08:18:21 +0100
Subject: [PATCH 1/3] - Upgrading jackson-databind to 2.9.10.1 - Upgrading akka
 to 2.5.16 - Upgrading elastic4s to 6.3.8

---
 build.sbt | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/build.sbt b/build.sbt
index 2b507e0..eb1bdeb 100644
--- a/build.sbt
+++ b/build.sbt
@@ -4,7 +4,7 @@ version := "1.0.0-SNAPSHOT"
 
 scalaVersion := "2.12.4"
 
-val akkaVersion = "2.5.14"
+val akkaVersion = "2.5.16"
 libraryDependencies ++= Seq (
   "com.typesafe.akka" %% "akka-stream" % akkaVersion,
   "com.typesafe.akka" %% "akka-slf4j" % akkaVersion
@@ -17,7 +17,7 @@ libraryDependencies ++= Seq (
   "com.typesafe.akka" %% "akka-http-spray-json" % akkaHttpVersion
 )
 
-val elastic4sVersion = "6.3.0"
+val elastic4sVersion = "6.3.8"
 libraryDependencies ++= Seq(
   "com.sksamuel.elastic4s" %% "elastic4s-core" % elastic4sVersion,
   "com.sksamuel.elastic4s" %% "elastic4s-http" % elastic4sVersion,
@@ -27,7 +27,7 @@ libraryDependencies ++= Seq(
 libraryDependencies += "com.pauldijou" %% "jwt-core" % "1.0.0"
 
 libraryDependencies += "org.parboiled" %% "parboiled" % "2.1.4"
-libraryDependencies += "io.spray" %% "spray-json" % "1.3.3"
+libraryDependencies += "io.spray" %% "spray-json" % "1.3.5"
 libraryDependencies += "org.scalactic" %% "scalactic" % "3.0.4"
 libraryDependencies += "org.scalatest" %% "scalatest" % "3.0.4" % "it,test"
 libraryDependencies += "ch.qos.logback" % "logback-classic" % "1.2.3" % Runtime
@@ -56,7 +56,7 @@ scalastyleConfig := baseDirectory.value / "project" / "scalastyle-config.xml"
 // Pinning secure versions of insecure transitive libraryDependencies
 // Please update when updating dependencies above (including Play plugin)
 libraryDependencies ++= Seq(
-  "com.fasterxml.jackson.core" % "jackson-databind" % "2.9.9"
+  "com.fasterxml.jackson.core" % "jackson-databind" % "2.9.10.1"
 )
 
 trapExit := false

From bb7f7d6681cec32753994fa315e6502eb32bced2 Mon Sep 17 00:00:00 2001
From: Hariharan Ramanathan <rhari@mail.uni-paderborn.de>
Date: Wed, 20 Nov 2019 08:49:39 +0100
Subject: [PATCH 2/3] Upgrading httpclient to 4.5.3

---
 build.sbt | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/build.sbt b/build.sbt
index eb1bdeb..5311634 100644
--- a/build.sbt
+++ b/build.sbt
@@ -5,25 +5,29 @@ version := "1.0.0-SNAPSHOT"
 scalaVersion := "2.12.4"
 
 val akkaVersion = "2.5.16"
-libraryDependencies ++= Seq (
+libraryDependencies ++= Seq(
   "com.typesafe.akka" %% "akka-stream" % akkaVersion,
   "com.typesafe.akka" %% "akka-slf4j" % akkaVersion
 )
 
 val akkaHttpVersion = "10.1.5"
-libraryDependencies ++= Seq (
+libraryDependencies ++= Seq(
   "com.typesafe.akka" %% "akka-http" % akkaHttpVersion,
   "com.typesafe.akka" %% "akka-http-testkit" % akkaHttpVersion,
   "com.typesafe.akka" %% "akka-http-spray-json" % akkaHttpVersion
 )
+//Including http client for elastic4s
+libraryDependencies += "org.apache.httpcomponents" % "httpclient" % "4.5.3"
 
 val elastic4sVersion = "6.3.8"
 libraryDependencies ++= Seq(
   "com.sksamuel.elastic4s" %% "elastic4s-core" % elastic4sVersion,
-  "com.sksamuel.elastic4s" %% "elastic4s-http" % elastic4sVersion,
+  //Excluding default 4.5.2 due to https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-31517
+  "com.sksamuel.elastic4s" %% "elastic4s-http" % elastic4sVersion exclude("org.apache.httpcomponents", "httpclient"),
   "com.sksamuel.elastic4s" %% "elastic4s-http-streams" % elastic4sVersion,
 )
 
+
 libraryDependencies += "com.pauldijou" %% "jwt-core" % "1.0.0"
 
 libraryDependencies += "org.parboiled" %% "parboiled" % "2.1.4"
@@ -34,10 +38,10 @@ libraryDependencies += "ch.qos.logback" % "logback-classic" % "1.2.3" % Runtime
 
 lazy val webapi = (project in file(".")).
   //https://www.scala-sbt.org/1.x/docs/Testing.html
-configs(IntegrationTest).
+  configs(IntegrationTest).
   settings(
     Defaults.itSettings,
-   ).
+  ).
   enablePlugins(JavaAppPackaging).
   enablePlugins(DockerPlugin).
   enablePlugins(ScalastylePlugin).

From 613d1ea3eadf0f8cdcdd3e3cacc28858e24a2c61 Mon Sep 17 00:00:00 2001
From: Hariharan Ramanathan <rhari@mail.uni-paderborn.de>
Date: Thu, 21 Nov 2019 00:23:35 +0100
Subject: [PATCH 3/3] Upgrading sbt codacy plugin for java 11

---
 project/plugins.sbt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/project/plugins.sbt b/project/plugins.sbt
index 705f861..77bfe2c 100644
--- a/project/plugins.sbt
+++ b/project/plugins.sbt
@@ -4,7 +4,7 @@ addSbtPlugin("com.typesafe.sbt" % "sbt-native-packager" % "1.3.2")
 
 // coverage
 addSbtPlugin("org.scoverage" % "sbt-scoverage" % "1.5.1")
-addSbtPlugin("com.codacy" % "sbt-codacy-coverage" % "1.3.12")
+addSbtPlugin("com.codacy" % "sbt-codacy-coverage" % "1.3.14")
 
 // preparation for dependency checking
 addSbtPlugin("net.virtual-void" % "sbt-dependency-graph" % "0.9.1")