From 4a25983d60fab118ed9a637a406eb3ffe8c68806 Mon Sep 17 00:00:00 2001
From: Thulasi Dass Subramanian <thulasi_dass_subramanian@epam.com>
Date: Tue, 21 May 2024 11:30:12 +0000
Subject: [PATCH] [#MS39206] - remediate high vulnerabilities [Core & Azure]
---
NOTICE | 3 ++-
pom.xml | 6 +++---
provider/register-azure/pom.xml | 6 +++---
register-core/pom.xml | 4 ++--
4 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/NOTICE b/NOTICE
index 47183a01f..e46ec4794 100644
--- a/NOTICE
+++ b/NOTICE
@@ -78,7 +78,7 @@ The following software have components provided under the terms of this license:
- Byte Buddy (without dependencies) (from https://repo1.maven.org/maven2/net/bytebuddy/byte-buddy)
- Byte Buddy Java agent (from https://repo1.maven.org/maven2/net/bytebuddy/byte-buddy-agent)
- ClassMate (from http://github.com/cowtowncoder/java-classmate)
-- Cloud Key Management Service (KMS) API v1-rev20240219-2.0.0 (from https://repo1.maven.org/maven2/com/google/apis/google-api-services-cloudkms)
+- Cloud Key Management Service (KMS) API v1-rev20240502-2.0.0 (from https://repo1.maven.org/maven2/com/google/apis/google-api-services-cloudkms)
- Collections (from https://repo1.maven.org/maven2/commons-collections/commons-collections)
- Commons Digester (from http://commons.apache.org/digester/)
- Converter: Jackson (from https://github.com/square/retrofit, https://repo1.maven.org/maven2/com/squareup/retrofit2/converter-jackson)
@@ -520,6 +520,7 @@ GPL-2.0-only
The following software have components provided under the terms of this license:
- JavaMail API jar (from https://repo1.maven.org/maven2/javax/mail/javax.mail-api)
+- javax.annotation API (from http://jcp.org/en/jsr/detail?id=250)
- tomcat-embed-core (from http://tomcat.apache.org/)
========================================================================
diff --git a/pom.xml b/pom.xml
index ad82bc3ec..f7f65dc0c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -30,13 +30,13 @@
<maven.compiler.source>17</maven.compiler.source>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<openapi.version>2.3.0</openapi.version>
- <os-core-common-spring6.version>0.26.0</os-core-common-spring6.version>
+ <os-core-common-spring6.version>0.26.0-rc2</os-core-common-spring6.version>
<gson.version>2.8.9</gson.version>
<json-smart.version>2.5.0</json-smart.version>
<netty.version>4.1.97.Final</netty.version>
<guava.version>32.1.2-jre</guava.version>
- <spring-boot.version>3.2.3</spring-boot.version>
- <spring-security.version>6.2.2</spring-security.version>
+ <spring-boot.version>3.2.5</spring-boot.version>
+ <spring-security.version>6.2.4</spring-security.version>
<argLine>
--add-opens=java.base/java.util=ALL-UNNAMED
--add-opens java.base/java.lang=ALL-UNNAMED
diff --git a/provider/register-azure/pom.xml b/provider/register-azure/pom.xml
index 051f8f72a..75c450b0a 100644
--- a/provider/register-azure/pom.xml
+++ b/provider/register-azure/pom.xml
@@ -41,8 +41,8 @@
<reactor-core.version>3.6.2</reactor-core.version>
<reactor-netty.version>1.1.15</reactor-netty.version>
<okhttp.version>4.12.0</okhttp.version>
- <spring-boot.version>3.2.4</spring-boot.version>
- <spring-security.version>6.2.3</spring-security.version>
+ <spring-boot.version>3.2.5</spring-boot.version>
+ <spring-security.version>6.2.4</spring-security.version>
</properties>
<dependencyManagement>
@@ -99,7 +99,7 @@
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common-spring6</artifactId>
- <version>0.26.0</version>
+ <version>${os-core-common-spring6.version}</version>
</dependency>
<dependency>
<groupId>org.opengroup.osdu</groupId>
diff --git a/register-core/pom.xml b/register-core/pom.xml
index 2473bcfa6..4d1975cf7 100644
--- a/register-core/pom.xml
+++ b/register-core/pom.xml
@@ -31,8 +31,8 @@
<properties>
<jackson-databind.version>2.16.1</jackson-databind.version>
<jackson.version>2.16.1</jackson.version>
- <spring-core.version>6.2.2</spring-core.version>
- <spring-boot.version>3.2.3</spring-boot.version>
+ <spring-core.version>6.2.5</spring-core.version>
+ <spring-boot.version>3.2.5</spring-boot.version>
</properties>
<dependencyManagement>
--
GitLab