[MS-39375] fix azure and core high vulnerabilities
Reference issues:
- https://community.opengroup.org/osdu/platform/system/notification/-/security/vulnerabilities/35647
- https://community.opengroup.org/osdu/platform/system/notification/-/security/vulnerabilities/35223
- https://community.opengroup.org/osdu/platform/system/notification/-/security/vulnerabilities/33611
Changes:
- upgrade undertow version to
2.3.13.Final - upgrade xnio-api version to
3.8.15.Final - upgrade spring-boot version to
3.2.5to remediate spring-web vulnerability in azure. - upgrade core-lib-azure to
0.27.0-rc2 - remove repeated/unused dependencies and exclusions from azure pom
mvn dependency:tree before changes:
[INFO] +- io.undertow:undertow-core:jar:2.3.5.Final:compile
[INFO] | +- org.jboss.xnio:xnio-api:jar:3.8.14.Final:compile
[INFO] | | +- org.wildfly.common:wildfly-common:jar:1.5.4.Final:compile
[INFO] | | \- org.wildfly.client:wildfly-client-config:jar:1.0.1.Final:compile
[INFO] | +- org.jboss.xnio:xnio-nio:jar:3.8.8.Final:runtime
[INFO] | \- org.jboss.threads:jboss-threads:jar:3.5.0.Final:compile
[INFO] +- io.undertow:undertow-servlet:jar:2.3.5.Final:compile
[INFO] | \- jakarta.annotation:jakarta.annotation-api:jar:2.1.1:compile
[INFO] +- io.undertow:undertow-websockets-jsr:jar:2.3.5.Final:compilemvn dependency:tree after changes:
[INFO] +- io.undertow:undertow-core:jar:2.3.13.Final:compile
[INFO] | +- org.jboss.xnio:xnio-api:jar:3.8.15.Final:compile
[INFO] | | +- org.wildfly.common:wildfly-common:jar:1.5.4.Final:compile
[INFO] | | \- org.wildfly.client:wildfly-client-config:jar:1.0.1.Final:compile
[INFO] | +- org.jboss.xnio:xnio-nio:jar:3.8.8.Final:runtime
[INFO] | \- org.jboss.threads:jboss-threads:jar:3.5.0.Final:compile
[INFO] +- io.undertow:undertow-servlet:jar:2.3.13.Final:compile
[INFO] | \- jakarta.annotation:jakarta.annotation-api:jar:2.1.1:compile
[INFO] +- io.undertow:undertow-websockets-jsr:jar:2.3.13.Final:compileEdited by VidyaDharani Lokam