Draft: Upgrade vulnerable dependencies (!124) · Merge requests · Open Subsurface Data Universe Software / Platform / System / Lib / core / OS Core Common · GitLab

Closed Dmitrii Gerashchenko requested to merge 6907-whitesource into master Nov 09, 2021

osdu/platform/security-and-compliance/entitlements#88 (closed)

Summary

WhiteSource's vulnerabilities list contain alerts about:

spring-web-5.3.6.jar
netty-codec-4.1.63.Final.jar
netty-codec-4.1.63.Final.jar
spring-security-oauth2-client-5.4.6.jar
netty-all-4.1.63.Final.jar
netty-handler-4.1.63.Final.jar

Updated:

spring-boot.version from 2.4.5 to 2.4.12
netty-bom.version form 4.1.63.Final to 4.1.70.Final

Related MRs:

Entitlements
- MR: osdu/platform/security-and-compliance/entitlements!143 (closed)
- Trusted branch pipeline is passed: https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/pipelines/76742
os-core-common
- MR: !124 (closed)
- Trusted branch pipeline is passed: https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/pipelines/76515
os-core-lib-azure
- MR: osdu/platform/system/lib/cloud/azure/os-core-lib-azure!164 (closed)
- Trusted branch pipeline is passed: https://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/pipelines/76697

Edited Nov 15, 2021 by Dmitrii Gerashchenko