Draft: Upgrade vulnerable dependencies
osdu/platform/security-and-compliance/entitlements#88 (closed)
Summary
WhiteSource's vulnerabilities list contain alerts about:
- spring-web-5.3.6.jar
- netty-codec-4.1.63.Final.jar
- netty-codec-4.1.63.Final.jar
- spring-security-oauth2-client-5.4.6.jar
- netty-all-4.1.63.Final.jar
- netty-handler-4.1.63.Final.jar
Updated:
- spring-boot.version from 2.4.5 to 2.4.12
- netty-bom.version form 4.1.63.Final to 4.1.70.Final
Related MRs:
- Entitlements
- os-core-common
- MR: osdu/platform/system/lib/core/os-core-common!124 (closed)
- Trusted branch pipeline is passed: https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/pipelines/76515
- os-core-lib-azure
- MR: !164 (closed)
- Trusted branch pipeline is passed: https://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/pipelines/76697
Edited by Dmitrii Gerashchenko