Remediate [guava,netty-handler,woodstox-core] dependencies vulnerabilities and cleanup 'documentdb-bulkexecutor'

Change details

• excluded unused dependency documentdb-bulkexecutor
• upgrade io.netty:netty-bom version to 4.1.98.Final
• upgrade woodstox-core to 6.4.0

Changes in:

• GCP
• Azure
• AWS
• IBM

assigned to @thulasi_dass

added 1 commit

• 5444035d - upgrade 'netty-bom' dependency in Azure

Compare with previous version

changed the description

changed milestone to %M21 - Release 0.24

added MRDependencies Upgrade Vulnerability Management labels

added 1 commit

• c8ebe10e - Update NOTICE

Compare with previous version

changed title from Draft: Remediate guava dependency and clean'documentdb-bulkexecutor' to Draft: Remediate guava dependency and cleanup 'documentdb-bulkexecutor'

added 1 commit

• 6786d30a - Upgrade 'woodstox-core' dependency

Compare with previous version

changed title from Draft: Remediate guava dependency and cleanup 'documentdb-bulkexecutor' to Draft: Remediate [guava,netty-handler,woodstox-core] dependencies vulnerabilities and cleanup 'documentdb-bulkexecutor'

changed the description

added 1 commit

• db7118f1 - Update NOTICE

Compare with previous version

added Azure label

marked this merge request as ready

Hello @Srinivasan_Narayanan - Kindly review and approve the vulnerability remediation MR (Azure only changes).

• Pipeline all jobs are passed except `gc-test' which is unrelated to the MR (Azure only changes).
• Verified the remediation by mvn dependency:tree
• Trivy container_scanning job - guava, woodstox-core dependency is not listed in the vulnerability list

cc: @chad @nursheikh @lucynliu

Thanks.

approved this merge request

Approved. Thanks Dass.

Hello Team, Merging security vulnerability fixes with passing pipelines as per policy.

Thanks.

merged

mentioned in commit 52fc523c