Upgraded azure identity to 1.12.1 to remove vulnerable dependency of simple-xml (!272) · Merge requests · OSDU Software / OSDU Data Platform / Domain Data Management Services / Well-Planning-Execution / Well Delivery

Deepa Kumari requested to merge az/MS-39194-fix-simplexml into master May 17, 2024

Simple-xml is a vulnerable package, and it comes from azure-identity.
Upgrading azure-identity to 1.12.1 removes this dependency altogether.
However, some netty classes were missing from azure-core so had to add the azure-core-http-netty instead of azure core. It solves below exception in the azure module:

Handler dispatch failed; nested exception is java.lang.NoClassDefFoundError: Could not initialize class com.azure.core.http.netty.NettyAsyncHttpClientBuilder    Error: AppException(error=AppError(code=500, reason=Server error., message=An unknown error has occurred., errors=null, debuggingInfo=null, originalException=org.springframework.web.util.NestedServletException: Handler dispatch failed; nested exception is java.lang.NoClassDefFoundError: Could not initialize class com.azure.core.http.netty.NettyAsyncHttpClientBuilder), originalException=org.springframework.web.util.NestedServletException: Handler dispatch failed; nested exception is java.lang.NoClassDefFoundError: Could not initialize class com.azure.core.http.netty.NettyAsyncHttpClientBuilder)
- 2024-05-20 12:31:17.861 DEBUG 1 --- [  XNIO-1 task-2] o.s.w.s.m.m.a.HttpEntityMethodProcessor  : Using 'application/json', given [application/json] and supported [application/json, application/*+json, application/json, application/*+json, application/xml;charset=UTF-8, text/xml;charset=UTF-8,

Edited May 21, 2024 by Deepa Kumari

Upgraded azure identity to 1.12.1 to remove vulnerable dependency of simple-xml

Merge request reports