Skip to content

[#MS39389] fix: remediate high vulnerabilities for [core & azure] module

Thulasi Dass Subramanian requested to merge az/td-fix-m24-high-vuln into master

Change Details:

  • Remediate High vulnerabilities in [Core & Azure] modules
  • Cleanup unused cobertura-maven-plugin which has more vulnerabilities associated. Since JaCoCo already available to coverage report generation.

Core Module

  1. [spring-web]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ entitlements-v2-core ---
[INFO] org.opengroup.osdu.entitlements.v2:entitlements-v2-core:jar:0.27.0-SNAPSHOT
[INFO] \- org.springframework.boot:spring-boot-starter-web:jar:3.2.5:compile
[INFO]    \- org.springframework:spring-web:jar:6.1.6:compile
  1. [spring-security-core]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ entitlements-v2-core ---
[INFO] org.opengroup.osdu.entitlements.v2:entitlements-v2-core:jar:0.27.0-SNAPSHOT
[INFO] \- org.springframework.boot:spring-boot-starter-security:jar:3.2.5:compile
[INFO]    \- org.springframework.security:spring-security-config:jar:6.2.4:compile
[INFO]       \- org.springframework.security:spring-security-core:jar:6.2.4:compile
  1. [commons-beanutils]
  1. [org.apache.velocity/velocity]
  1. [xerces/xercesImpl]
  1. [jdom]
  1. [org.mortbay.jetty/jetty]

Azure Module

  1. [spring-web]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ entitlements-v2-azure ---
[INFO] org.opengroup.osdu.entitlements.v2:entitlements-v2-azure:jar:0.27.0-SNAPSHOT
[INFO] \- org.springframework.boot:spring-boot-starter-web:jar:3.1.11:compile
[INFO]    \- org.springframework:spring-web:jar:6.0.19:compile
Edited by Thulasi Dass Subramanian

Merge request reports