[MS-39465] fix azure and core high vulnerabilities
Reference issues:
- https://community.opengroup.org/osdu/platform/system/indexer-queue/-/security/vulnerabilities/35756
- https://community.opengroup.org/osdu/platform/system/indexer-queue/-/security/vulnerabilities/35753
- https://community.opengroup.org/osdu/platform/system/indexer-queue/-/security/vulnerabilities/35007
- https://community.opengroup.org/osdu/platform/system/indexer-queue/-/security/vulnerabilities/22162
- https://community.opengroup.org/osdu/platform/system/indexer-queue/-/security/vulnerabilities/22159
- https://community.opengroup.org/osdu/platform/system/indexer-queue/-/security/vulnerabilities/22156
- https://community.opengroup.org/osdu/platform/system/indexer-queue/-/security/vulnerabilities/1705
- https://community.opengroup.org/osdu/platform/system/indexer-queue/-/security/vulnerabilities/1709
Changes:
- update
os-core-common-spring6to0.27.0-rc1 - update spring-boot to
3.2.5to remediate spring-web vulnerability - update resteasy-guice to
4.7.9remediate resteasy-client vulnerability - remove unused dependencies from core and azure pom.
mvn dependency:tree before changes:
[INFO] | +- org.springframework:spring-web:jar:6.1.5:compile
[INFO] | +- org.springframework.security:spring-security-core:jar:6.2.3:compile
[INFO] | | \- org.springframework.security:spring-security-crypto:jar:6.2.3:compile
[INFO] | +- org.springframework.security:spring-security-web:jar:6.2.3:compile
[INFO] | +- org.springframework.security:spring-security-config:jar:6.2.3:compile
[INFO] | \- com.nimbusds:nimbus-jose-jwt:jar:7.9:compile
[INFO] +- org.jboss.resteasy:resteasy-guice:jar:3.6.2.Final:compile
[INFO] | +- com.google.inject:guice:jar:4.1.0:compile
[INFO] | | +- javax.inject:javax.inject:jar:1:compile
[INFO] | | \- aopalliance:aopalliance:jar:1.0:compile
[INFO] | +- org.jboss.resteasy:resteasy-client:jar:3.6.2.Final:compilemvn dependency:tree after changes in azure:
[INFO] | +- org.springframework:spring-web:jar:6.1.6:compile
[INFO] | +- org.springframework.security:spring-security-core:jar:6.2.4:compile
[INFO] | | \- org.springframework.security:spring-security-crypto:jar:6.2.4:compile
[INFO] | +- org.springframework.security:spring-security-web:jar:6.2.4:compile
[INFO] | +- org.springframework.security:spring-security-config:jar:6.2.4:compile
[INFO] | \- com.nimbusds:nimbus-jose-jwt:jar:7.9:compile
[INFO] +- org.jboss.resteasy:resteasy-guice:jar:4.7.9.Final:compile
[INFO] | +- com.google.inject:guice:jar:5.0.1:compile
[INFO] | | \- aopalliance:aopalliance:jar:1.0:compile
[INFO] | +- org.jboss.resteasy:resteasy-core-spi:jar:4.7.9.Final:compile
[INFO] | \- org.jboss.resteasy:resteasy-client:jar:4.7.9.Final:compile
[INFO] | +- org.jboss.resteasy:resteasy-client-api:jar:4.7.9.Final:compileEdited by VidyaDharani Lokam