Skip to content

Upgrade vulnerable dependencies according to WhiteSource alerts

Dmitrii Gerashchenko requested to merge 6912-whitesource into master

osdu/platform/system/lib/core/os-core-common#52 (closed)

os-core-common version upgrade after MR: osdu/platform/system/lib/core/os-core-common!126 (merged)

os-core-common was updated according to WhiteSource alerts:

  • spring-boot.version: 2.4.5 -> 2.4.12
  • netty-bom.version: 4.1.63.Final -> 4.1.70.Final
  • json-smart.version: 2.4.7
  • gson.version: 2.8.5 -> 2.8.9

json-smart was removed from os-core-lib-azure pom because the correct version of this dependency is provided by os-core-common after the upgrade.

The list of successfully tested related services which will use the upgraded version (there are no significant issues after the upgrade):

Part of the #14 (closed) series

Edited by David Diederich

Merge request reports