[MS-44159] Remediate commons-text vulnerability (!473) · Merge requests · OSDU / OSDU Data Platform / Data Flow / Data Ingestion / CSV Parser / CSV Parser DAG

VidyaDharani Lokam requested to merge az/vl-fix-commons-text-vul into master Jul 22, 2024

reference issue: https://community.opengroup.org/osdu/platform/data-flow/ingestion/csv-parser/csv-parser/-/issues/95 https://community.opengroup.org/osdu/platform/data-flow/ingestion/csv-parser/csv-parser/-/issues/213 https://community.opengroup.org/osdu/platform/data-flow/ingestion/csv-parser/csv-parser/-/issues/212 https://community.opengroup.org/osdu/platform/data-flow/ingestion/csv-parser/csv-parser/-/issues/211 https://community.opengroup.org/osdu/platform/data-flow/ingestion/csv-parser/csv-parser/-/issues/210 https://community.opengroup.org/osdu/platform/data-flow/ingestion/csv-parser/csv-parser/-/issues/203
update org.json dependency to 20231013
update json-flattener dependency to 0.16.6 to remediate commons-text vulnerability.

mvn dependency:tree before changes:

[INFO] +- com.github.wnameless.json:json-flattener:jar:0.12.0:compile
[INFO] |  +- org.apache.commons:commons-text:jar:1.9:compile
[INFO] |  \- com.github.wnameless.json:json-base:jar:2.0.0:compile
[INFO] +- com.google.code.gson:gson:jar:2.10.1:compile

[INFO] +- org.projectlombok:lombok:jar:1.18.26:provided
[INFO] +- org.json:json:jar:20200518:compile

mvn dependency:tree after changes:

[INFO] +- com.github.wnameless.json:json-flattener:jar:0.16.6:compile
[INFO] |  +- org.apache.commons:commons-text:jar:1.10.0:compile
[INFO] |  \- com.github.wnameless.json:json-base:jar:2.4.3:compile
[INFO] +- com.google.code.gson:gson:jar:2.10.1:compile

[INFO] +- org.projectlombok:lombok:jar:1.18.26:provided
[INFO] +- org.json:json:jar:20231013:compile

Edited Jul 24, 2024 by VidyaDharani Lokam

[MS-44159] Remediate commons-text vulnerability

Merge request reports