Merge branch 'lobtimo-cve-fix' into 'master'

Fix commons io, spring, and netty CVE See merge request !617

Merge branch 'lobtimo-cve-fix' into 'master'
fe224dce · Timothy Lobl · bc37ec79 · a7b7e6b2 · fe224dce · fe224dce
Commit fe224dce authored 4 months ago by Timothy Lobl
--- a/NOTICE
+++ b/NOTICE
@@ -45,7 +45,7 @@ The following software have components provided under the terms of this license:
 - Apache HttpCore (from http://hc.apache.org/httpcomponents-core-ga, http://hc.apache.org/httpcomponents-core-ga/, http://hc.apache.org/httpcomponents-core/)
 - Apache Log4j API (from https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api)
 - Apache Log4j Core (from https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core)
- Apache Log4j JUL Adapter (from https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-jul)
+- Apache Log4j JUL Handler (from https://logging.apache.org/log4j/3.x/)
 - Apache Log4j SLF4J Binding (from https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl)
 - Apache Log4j to SLF4J Adapter (from https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-to-slf4j)
 - AssertJ Core (from https://assertj.github.io/doc/#assertj-core)
@@ -155,7 +155,7 @@ The following software have components provided under the terms of this license:
 - PowerMock (from http://www.powermock.org, https://repo1.maven.org/maven2/org/powermock/powermock-api-mockito)
 - Proton-J (from https://repo1.maven.org/maven2/org/apache/qpid/proton-j)
 - QpidJMS Client (from https://repo1.maven.org/maven2/org/apache/qpid/qpid-jms-client)
- Redisson (from http://redisson.org)
+- Redisson (from http://redisson.org, https://redisson.pro)
 - Retrofit (from https://github.com/square/retrofit, https://repo1.maven.org/maven2/com/squareup/retrofit2/retrofit)
 - RxJava (from https://github.com/ReactiveX/RxJava)
 - Servlet API (from https://repo1.maven.org/maven2/org/mortbay/jetty/servlet-api)
@@ -275,7 +275,7 @@ The following software have components provided under the terms of this license:
 - Netty/Codec/HTTP (from https://repo1.maven.org/maven2/io/netty/netty-codec-http)
 - Plexus Common Utilities (from http://plexus.codehaus.org/plexus-utils, https://codehaus-plexus.github.io/plexus-utils/, https://repo1.maven.org/maven2/org/codehaus/plexus/plexus-utils)
 - Protocol Buffer Java API (from http://code.google.com/p/protobuf, https://repo1.maven.org/maven2/com/google/protobuf/protobuf-java)
- Redisson (from http://redisson.org)
+- Redisson (from http://redisson.org, https://redisson.pro)
 - ReflectASM (from https://github.com/EsotericSoftware/reflectasm)
 - Spring Core (from http://www.springframework.org, https://github.com/spring-projects/spring-framework, https://repo1.maven.org/maven2/org/springframework/spring-core)

@@ -304,7 +304,7 @@ The following software have components provided under the terms of this license:
 - Hibernate Validator (from https://hibernate.org/validator, https://repo1.maven.org/maven2/org/hibernate/hibernate-validator, https://repo1.maven.org/maven2/org/hibernate/validator/hibernate-validator)
 - LatencyUtils (from http://latencyutils.github.io/LatencyUtils/)
 - Netty/Common (from https://repo1.maven.org/maven2/io/netty/netty-common)
- Redisson (from http://redisson.org)
+- Redisson (from http://redisson.org, https://redisson.pro)
 - reactive-streams (from http://www.reactive-streams.org/)

 ========================================================================

--- a/pom.xml
+++ b/pom.xml
@@ -15,8 +15,8 @@
        <json-smart.version>2.5.0</json-smart.version>
        <jackson.version>2.16.1</jackson.version>
        <spring-framework-version>6.1.13</spring-framework-version>
-        <spring-boot.version> 3.3.1</spring-boot.version>
-        <spring-security.version>6.3.1</spring-security.version>
+        <spring-boot.version> 3.3.5</spring-boot.version>
+        <spring-security.version>6.3.4</spring-security.version>
    </properties>

    <licenses>

--- a/provider/legal-aws/pom.xml
+++ b/provider/legal-aws/pom.xml
@@ -35,7 +35,7 @@
        <dependency>
            <groupId>org.opengroup.osdu.core.aws</groupId>
            <artifactId>os-core-lib-aws</artifactId>
-            <version>3.0.1</version>
+            <version>3.0.2</version>
        </dependency>
        <dependency>
            <groupId>org.opengroup.osdu.legal</groupId>
@@ -69,6 +69,11 @@
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
        </dependency>
+        <dependency>
+            <groupId>io.netty</groupId>
+            <artifactId>netty-common</artifactId>
+            <version>4.1.115.Final</version>
+        </dependency>

        <!-- Testing packages -->
        <dependency>