Dependency Bumps - Vulnerabilities

Daniel Scholl (MS]requested to merge
vulnerabilities into master

Summary

This Merge Request updates a few dependency versions in the project's pom.xml files.

Changes

Updated Dependencies

  • json-smart from 2.5.0 to 2.5.2

    • This update addresses a high-severity vulnerability, CVE-2024-57699, present in the previous version.

  • core-lib-azure from 2.0.3 to 2.0.4

    • This is a minor version update for the Azure core library.

Security Impact

  • The update to json-smart 2.5.2 fixes a high-severity vulnerability, CVE-2024-57699, which was present in the previous version 2.5.0.
    • This vulnerability could potentially lead to security issues, and updating to the patched version mitigates the associated risks.

Vulnerability Comparison

Fixed Vulnerabilities

HIGH

  • CVE-2024-57699 in net.minidev:json-smart 2.5.0 (provider/file-azure/pom.xml)

Merge request reports