Skip to content

remediate spring-web vulnerability in azure and cleanup repeated dependencies

VidyaDharani Lokam requested to merge az/vl-fix-azure-vul into master
  • update spring-web to '6.1.6' to remediate vulnerability in azure.

  • removed repeated dependencies and unnecessary exclusions in azure.

    mvn dependency:tree before changes:

    [INFO] +- org.springframework:spring-webmvc:jar:6.1.5:compile
    [INFO] |  +- org.springframework:spring-aop:jar:6.1.5:compile
    [INFO] |  +- org.springframework:spring-expression:jar:6.1.5:compile
    [INFO] |  \- org.springframework:spring-web:jar:6.1.5:compile

mvn dependency:tree after changes:

[INFO] +- org.springframework.boot:spring-boot-starter-json:jar:3.2.5:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter:jar:3.2.5:compile
[INFO] |  |  +- org.springframework.boot:spring-boot:jar:3.2.5:compile
[INFO] |  |  \- org.springframework.boot:spring-boot-starter-logging:jar:3.2.5:compile
[INFO] |  |     \- ch.qos.logback:logback-classic:jar:1.5.6:compile
[INFO] |  +- org.springframework:spring-web:jar:6.1.6:compile
Edited by VidyaDharani Lokam

Merge request reports