POM Organization & Dependency bumps
-
Review changes -
-
Download -
Patches
-
Plain diff
Merge Request: Dependency updates
Summary
Version tracking for all packages in pom.xml with updates noted.
Parent Properties
| Package | Original | Update |
|---|---|---|
| lombok | 1.18.34 | 1.18.36 |
| snakeyaml | 2.0 | managed by BOM |
| httpclient | 4.5.13 | managed by BOM |
| spring-security | 6.3.4 | 6.3.6 |
| java | 17 | 17 |
| maven.compiler | 17 | 17 |
| os-core-common | 3.3.0 | 3.3.0 |
| spring-framework | 6.1.16 | 6.1.16 |
| spring-boot | 3.3.7 | 3.3.7 |
| log4j | 2.21.1 | 2.21.1 |
| guava | 32.1.2-jre | 32.1.2-jre |
| netty | 4.1.115.Final | 4.1.115.Final |
Core Properties
| Package | Original | Update |
|---|---|---|
| openapi | 2.3.0 | 2.3.0 |
| mockito.core | 3.4.0 | 3.4.0 |
| assertj_core | 3.16.1 | 3.16.1 |
| kotlin_stdlib | 1.3.60 | 1.3.60 |
| cobertura_maven_plugin | 2.7 | 2.7 |
| maven_surefire_plugin | 3.0.0-M4 | 3.0.0-M4 |
| maven_failsafe_plugin | 3.0.0-M4 | 3.0.0-M4 |
| commons-beanutils | 1.9.4 | 1.9.4 |
| xercesImpl | 2.12.2 | 2.12.2 |
| maven-reporting-impl | 3.2.0 | 3.2.0 |
| mockito-inline | 3.6.28 | 3.6.28 |
| plexus-utils | 4.0.1 | 4.0.1 |
| jacoco-maven-plugin | 0.8.8 | 0.8.8 |
| json-smart | 2.5.1 | 2.5.1 |
GC Provider Properties
| Package | Original | Update |
|---|---|---|
| libraries-bom | 26.29.0 | 26.29.0 |
| logback-json-classic | 0.1.5 | 0.1.5 |
| logback-jackson | 0.1.5 | 0.1.5 |
| surefire-plugin | 2.22.2 | 2.22.2 |
| jacoco-plugin | 0.8.8 | 0.8.8 |
Azure Provider Properties
| Package | Original | Update |
|---|---|---|
| core-lib-azure | 2.0.2 | 2.0.3 |
| surefire-plugin | 2.22.2 | 2.22.2 |
| jacoco-plugin | 0.8.12 | 0.8.12 |
Resolved Vulnerabilities
org.springframework.security:spring-security-bom
-
Vulnerability: CVE-2024-3839
- Severity: High
- Issue: Authorization bypass vulnerability in Spring Security
-
Resolution: Upgraded from
6.3.4to6.3.6
org.opengroup.osdu:core-lib-azure
-
Vulnerability: CVE-2024-50379
- Severity: High
- Issue: Remote Code Execution due to TOCTOU issue in JSP compilation in Tomcat
-
Resolution: Upgraded from
2.0.2to2.0.3which includes Tomcat upgrade from10.1.33to10.1.34
Additional Changes
- Improved POM organization with clearer property groupings
- Normalized dependency management structure across modules
- Consistent formatting and documentation
- Removed redundant netty-bom from GC provider as it's already managed by parent POM
- Added mockito.inline.version property to core POM for better version management
- Reorganized core POM properties into logical groups (Test Scoped, Plugin Versions)
Edited by Daniel Scholl (MS]
Merge request reports
Compare and
Show latest version
- latest versionebf0551315 commits,
- version 14861c32be14 commits,
- version 13f19ed34313 commits,
- version 121e16c53712 commits,
- version 1162f31e0911 commits,
- version 10b16cf21b10 commits,
- version 9589b16729 commits,
- version 834bd49c08 commits,
- version 70ac4c4d57 commits,
- version 6677087d06 commits,
- version 564f24e355 commits,
- version 4d1578a9d4 commits,
- version 3cf5597a03 commits,
- version 28819d7ba2 commits,
- version 1dc811bea1 commit,
Compare changes
- Side-by-side
- Inline
Files
20Loading