Skip to content
Snippets Groups Projects
Commit 765c3768 authored by VidyaDharani Lokam's avatar VidyaDharani Lokam
Browse files

remediate azure spring vulnerabilities

parent b44e8489
No related branches found
No related tags found
1 merge request!501remediate azure spring vulnerabilities
Hide whitespace changes
Inline Side-by-side
NOTICE
+ 21
7
View file @ 765c3768
......@@ -131,7 +131,7 @@ The following software have components provided under the terms of this license:
- Jackson-dataformat-YAML (from https://github.com/FasterXML/jackson, https://github.com/FasterXML/jackson-dataformats-text)
- Jackson-module-parameter-names (from https://repo1.maven.org/maven2/com/fasterxml/jackson/module/jackson-module-parameter-names)
- Jakarta Dependency Injection (from https://github.com/eclipse-ee4j/injection-api)
- Jakarta RESTful WS API (from https://github.com/eclipse-ee4j/jaxrs-api)
- Jakarta RESTful WS API (from https://repo1.maven.org/maven2/jakarta/ws/rs/jakarta.ws.rs-api)
- Jakarta Servlet (from https://projects.eclipse.org/projects/ee4j.servlet)
- Jakarta Validation API (from https://beanvalidation.org)
- Java Architecture for XML Binding (from http://jaxb.java.net/, https://repo1.maven.org/maven2/javax/xml/bind/jaxb-api)
......@@ -191,6 +191,8 @@ The following software have components provided under the terms of this license:
- OkHttp URLConnection (from https://repo1.maven.org/maven2/com/squareup/okhttp3/okhttp-urlconnection, https://square.github.io/okhttp/)
- Okio (from https://github.com/square/okio/, https://repo1.maven.org/maven2/com/squareup/okio/okio)
- OpenCensus (from https://github.com/census-instrumentation/opencensus-java, https://github.com/census-instrumentation/opencensus-proto)
- OpenTelemetry Java (from https://github.com/open-telemetry/opentelemetry-java)
- OpenTelemetry Semantic Conventions Java (from https://github.com/open-telemetry/semantic-conventions-java)
- PowerMock (from http://www.powermock.org, https://repo1.maven.org/maven2/org/powermock/powermock-api-mockito)
- Prometheus Java Simpleclient (from <https://repo1.maven.org/maven2/io/prometheus/simpleclient>, https://repo1.maven.org/maven2/io/prometheus/simpleclient)
- Prometheus Java Simpleclient Common (from <https://repo1.maven.org/maven2/io/prometheus/simpleclient_common>, https://repo1.maven.org/maven2/io/prometheus/simpleclient_common)
......@@ -250,6 +252,7 @@ The following software have components provided under the terms of this license:
- Spring Web (from http://www.springframework.org, https://github.com/spring-projects/spring-framework, https://repo1.maven.org/maven2/org/springframework/spring-web)
- Spring Web MVC (from https://github.com/spring-projects/spring-framework, https://repo1.maven.org/maven2/org/springframework/spring-webmvc)
- Spring WebFlux (from https://github.com/spring-projects/spring-framework)
- Standard Uri Template (from https://std-uritemplate.github.io/)
- Swagger UI (from <http://webjars.org>, http://webjars.org)
- Undertow Core (from <https://repo1.maven.org/maven2/io/undertow/undertow-core>, https://repo1.maven.org/maven2/io/undertow/undertow-core)
- Undertow Servlet (from <https://repo1.maven.org/maven2/io/undertow/undertow-servlet>, https://repo1.maven.org/maven2/io/undertow/undertow-servlet)
......@@ -351,7 +354,7 @@ The following software have components provided under the terms of this license:
- Jakarta Activation API (from https://github.com/eclipse-ee4j/jaf, https://github.com/jakartaee/jaf-api, https://repo1.maven.org/maven2/jakarta/activation/jakarta.activation-api)
- Jakarta Annotations API (from https://projects.eclipse.org/projects/ee4j.ca)
- Jakarta Messaging API (from https://projects.eclipse.org/projects/ee4j.jms)
- Jakarta RESTful WS API (from https://github.com/eclipse-ee4j/jaxrs-api)
- Jakarta RESTful WS API (from https://repo1.maven.org/maven2/jakarta/ws/rs/jakarta.ws.rs-api)
- Jakarta WebSocket - Client API (from https://projects.eclipse.org/projects/ee4j.websocket)
- Jakarta WebSocket - Server API (from https://projects.eclipse.org/projects/ee4j.websocket, https://repo1.maven.org/maven2/org/jboss/spec/javax/websocket/jboss-websocket-api_1.1_spec)
- Jakarta XML Binding API (from https://repo1.maven.org/maven2/jakarta/xml/bind/jakarta.xml.bind-api, https://repo1.maven.org/maven2/org/jboss/spec/javax/xml/bind/jboss-jaxb-api_2.3_spec)
......@@ -496,7 +499,7 @@ The following software have components provided under the terms of this license:
- Jakarta Activation API (from https://github.com/eclipse-ee4j/jaf, https://github.com/jakartaee/jaf-api, https://repo1.maven.org/maven2/jakarta/activation/jakarta.activation-api)
- Jakarta Annotations API (from https://projects.eclipse.org/projects/ee4j.ca)
- Jakarta Messaging API (from https://projects.eclipse.org/projects/ee4j.jms)
- Jakarta RESTful WS API (from https://github.com/eclipse-ee4j/jaxrs-api)
- Jakarta RESTful WS API (from https://repo1.maven.org/maven2/jakarta/ws/rs/jakarta.ws.rs-api)
- Jakarta Servlet (from https://projects.eclipse.org/projects/ee4j.servlet)
- Jakarta Validation API (from https://beanvalidation.org)
- Jakarta WebSocket - Client API (from https://projects.eclipse.org/projects/ee4j.websocket)
......@@ -511,7 +514,7 @@ GPL-2.0-only
The following software have components provided under the terms of this license:
- JBoss Jakarta Annotations API (from <https://github.com/jboss/jboss-jakarta-annotations-api_spec>, https://github.com/jboss/jboss-jakarta-annotations-api_spec)
- Jakarta RESTful WS API (from https://github.com/eclipse-ee4j/jaxrs-api)
- Jakarta RESTful WS API (from https://repo1.maven.org/maven2/jakarta/ws/rs/jakarta.ws.rs-api)
- Jakarta WebSocket - Client API (from https://projects.eclipse.org/projects/ee4j.websocket)
- Jakarta WebSocket - Server API (from https://projects.eclipse.org/projects/ee4j.websocket, https://repo1.maven.org/maven2/org/jboss/spec/javax/websocket/jboss-websocket-api_1.1_spec)
......@@ -525,7 +528,7 @@ The following software have components provided under the terms of this license:
- Jakarta Activation API (from https://github.com/eclipse-ee4j/jaf, https://github.com/jakartaee/jaf-api, https://repo1.maven.org/maven2/jakarta/activation/jakarta.activation-api)
- Jakarta Annotations API (from https://projects.eclipse.org/projects/ee4j.ca)
- Jakarta Messaging API (from https://projects.eclipse.org/projects/ee4j.jms)
- Jakarta RESTful WS API (from https://github.com/eclipse-ee4j/jaxrs-api)
- Jakarta RESTful WS API (from https://repo1.maven.org/maven2/jakarta/ws/rs/jakarta.ws.rs-api)
- Jakarta Servlet (from https://projects.eclipse.org/projects/ee4j.servlet)
- Jakarta Validation API (from https://beanvalidation.org)
- Jakarta WebSocket - Client API (from https://projects.eclipse.org/projects/ee4j.websocket)
......@@ -616,6 +619,15 @@ The following software have components provided under the terms of this license:
- Microsoft Azure client library for KeyVault Secrets (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure common module for Storage (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure internal Avro module for Storage (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Graph Java Core SDK (from https://github.com/microsoftgraph/msgraph-sdk-java-core)
- Microsoft Graph Java SDK (from https://github.com/microsoftgraph/msgraph-sdk-java)
- Microsoft Kiota-Java Abstractions (from https://github.com/microsoft/kiota-java)
- Microsoft Kiota-Java Authentication-Azure (from https://github.com/microsoft/kiota-java)
- Microsoft Kiota-Java Http-okHttp (from https://github.com/microsoft/kiota-java)
- Microsoft Kiota-Java Serialization-Form (from https://github.com/microsoft/kiota-java)
- Microsoft Kiota-Java Serialization-Json (from https://github.com/microsoft/kiota-java)
- Microsoft Kiota-Java Serialization-Multipart (from https://github.com/microsoft/kiota-java)
- Microsoft Kiota-Java Serialization-Text (from https://github.com/microsoft/kiota-java)
- Mockito (from http://mockito.org, http://www.mockito.org, https://github.com/mockito/mockito)
- Netty/Codec/HTTP (from https://repo1.maven.org/maven2/io/netty/netty-codec-http)
- Netty/Common (from https://repo1.maven.org/maven2/io/netty/netty-common)
......@@ -680,7 +692,7 @@ efsl-1.0
========================================================================
The following software have components provided under the terms of this license:
- Jakarta RESTful WS API (from https://github.com/eclipse-ee4j/jaxrs-api)
- Jakarta RESTful WS API (from https://repo1.maven.org/maven2/jakarta/ws/rs/jakarta.ws.rs-api)
========================================================================
gpl-2.0-classpath
......@@ -688,7 +700,7 @@ gpl-2.0-classpath
The following software have components provided under the terms of this license:
- Jakarta Annotations API (from https://projects.eclipse.org/projects/ee4j.ca)
- Jakarta RESTful WS API (from https://github.com/eclipse-ee4j/jaxrs-api)
- Jakarta RESTful WS API (from https://repo1.maven.org/maven2/jakarta/ws/rs/jakarta.ws.rs-api)
- Jakarta Validation API (from https://beanvalidation.org)
- Jakarta WebSocket - Client API (from https://projects.eclipse.org/projects/ee4j.websocket)
- Jakarta WebSocket - Server API (from https://projects.eclipse.org/projects/ee4j.websocket, https://repo1.maven.org/maven2/org/jboss/spec/javax/websocket/jboss-websocket-api_1.1_spec)
......@@ -701,8 +713,10 @@ The following software have components provided under the terms of this license:
- HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
- JSON in Java (from https://github.com/douglascrockford/JSON-java)
- Undertow Core (from <https://repo1.maven.org/maven2/io/undertow/undertow-core>, https://repo1.maven.org/maven2/io/undertow/undertow-core)
- Undertow Servlet (from <https://repo1.maven.org/maven2/io/undertow/undertow-servlet>, https://repo1.maven.org/maven2/io/undertow/undertow-servlet)
- Undertow WebSockets JSR356 implementations (from <https://repo1.maven.org/maven2/io/undertow/undertow-websockets-jsr>, https://repo1.maven.org/maven2/io/undertow/undertow-websockets-jsr)
- XNIO API (from <http://www.jboss.org/xnio>, http://www.jboss.org/xnio)
- XNIO NIO Implementation (from <https://repo1.maven.org/maven2/org/jboss/xnio/xnio-nio>, https://repo1.maven.org/maven2/org/jboss/xnio/xnio-nio)
========================================================================
unknown
......
provider/notification-azure/pom.xml
+ 5
12
View file @ 765c3768
......@@ -35,17 +35,17 @@
<springframework.version>4.3.0.RELEASE</springframework.version>
<reactor.netty.version>0.11.0.RELEASE</reactor.netty.version>
<reactor.core.version>3.3.0.RELEASE</reactor.core.version>
<osdu.corelibazure.version>0.26.0-rc6</osdu.corelibazure.version>
<osdu.corelibazure.version>0.26.0-rc7</osdu.corelibazure.version>
<junit.version>5.6.0</junit.version>
<jjwt.version>3.8.1</jjwt.version>
<mockito.version>2.23.0</mockito.version>
<spring-boot.version>3.2.3</spring-boot.version>
<spring-boot.version>3.2.4</spring-boot.version>
<reactor-core.version>3.6.2</reactor-core.version>
<reactor-netty.version>1.1.15</reactor-netty.version>
<oauth2-oidc-sdk.version>10.7.1</oauth2-oidc-sdk.version>
<woodstox-core.version>5.4.0</woodstox-core.version>
<undertow.version>2.3.12.Final</undertow.version>
<spring-boot-maven-plugin.version>3.2.3</spring-boot-maven-plugin.version>
<spring-boot-maven-plugin.version>3.2.4</spring-boot-maven-plugin.version>
<xnio-api.version>3.8.8.Final</xnio-api.version>
<netty.version>4.1.101.Final</netty.version>
</properties>
......@@ -64,14 +64,14 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-bom</artifactId>
<version>6.2.2</version>
<version>6.2.3</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>3.2.3</version>
<version>${spring-boot.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
......@@ -140,13 +140,6 @@
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-xml</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring-webmvc.version}</version>
</dependency>
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-registry-prometheus</artifactId>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment