Version Bumps - Vulnerabilities

Daniel Scholl (MS]requested to merge
vulnerabilities into master

Summary

This merge request updates the versions of the following dependencies:

  • json-smart from 2.5.1 to 2.5.2
  • core-lib-azure from 2.0.3 to 2.0.4

Key Changes

  • json-smart version update to 2.5.2

    • Addresses a high-severity vulnerability (CVE-2024-57699) present in versions 2.5.0 through 2.5.1

  • core-lib-azure version update to 2.0.4

    • Includes bug fixes and improvements to the Azure integration

Security Impact

  • Fixes a high-severity vulnerability (CVE-2024-57699) in the json-smart library by updating to version 2.5.2
  • Resolves a high-severity vulnerability (CVE-2025-24970) in the netty-handler library used by core-lib-azure by updating to version 2.0.4

## Vulnerability Comparison


### Fixed Vulnerabilities


#### HIGH

- CVE-2024-57699 in net.minidev:json-smart 2.5.1 (provider/legal-aws/pom.xml)
- CVE-2024-57699 in net.minidev:json-smart 2.5.1 (provider/legal-azure/pom.xml)
- CVE-2024-57699 in net.minidev:json-smart 2.5.1 (provider/legal-ibm/pom.xml)
- CVE-2025-24970 in io.netty:netty-handler 4.1.116.Final (provider/legal-azure/pom.xml)

Merge request reports