remediate spring-web vulnerability in azure and cleanup repeated dependencies (!580) · Merge requests · OSDU Software / OSDU Data Platform / System / File

VidyaDharani Lokam requested to merge az/vl-fix-azure-vul into master May 27, 2024

update spring-web to '6.1.6' to remediate vulnerability in azure.

removed repeated dependencies and unnecessary exclusions in azure.

mvn dependency:tree before changes:

[INFO] +- org.springframework:spring-webmvc:jar:6.1.5:compile
[INFO] |  +- org.springframework:spring-aop:jar:6.1.5:compile
[INFO] |  +- org.springframework:spring-expression:jar:6.1.5:compile
[INFO] |  \- org.springframework:spring-web:jar:6.1.5:compile

mvn dependency:tree after changes:

[INFO] +- org.springframework.boot:spring-boot-starter-json:jar:3.2.5:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter:jar:3.2.5:compile
[INFO] |  |  +- org.springframework.boot:spring-boot:jar:3.2.5:compile
[INFO] |  |  \- org.springframework.boot:spring-boot-starter-logging:jar:3.2.5:compile
[INFO] |  |     \- ch.qos.logback:logback-classic:jar:1.5.6:compile
[INFO] |  +- org.springframework:spring-web:jar:6.1.6:compile

Edited May 27, 2024 by VidyaDharani Lokam

remediate spring-web vulnerability in azure and cleanup repeated dependencies

Merge request reports