POM Organization & Dependency bumps

Merge Request: Parent POM Reorganization and Updates

Summary

Structural improvements to parent POM organization and security updates for Azure provider.

Parent Properties

Package	Original	Update
spring-boot	3.3.7	3.3.7
spring-framework	6.1.16	6.1.16
spring-security	6.3.4	6.3.6
java	17	17
maven.compiler	17	17
json-smart	2.5.0	2.5.1
os-core-common	0.26.0-rc2	0.26.0-rc2
openapi	2.5.0	2.5.0
spring-boot-maven-plugin	3.2.2	3.2.2
git-commit-id-plugin	8.0.2	8.0.2

Azure Provider Properties

Package	Original	Update
core-lib-azure	2.0.2	2.0.3
jakarta.json	2.1.3	2.1.3
jakarta.json.glassfish	2.0.1	2.0.1
parsson	1.1.7	1.1.7
cucumber	7.20.1	7.20.1
surefire-plugin	3.2.2	3.2.2
jacoco-plugin	0.8.12	0.8.12

Security Updates

1. org.opengroup.osdu:core-lib-azure

• Vulnerability: CVE-2024-50379
• Severity: High
• Issue: Remote Code Execution due to TOCTOU issue in JSP compilation in Tomcat
• Resolution: Upgraded from 2.0.2 to 2.0.3 which includes Tomcat upgrade from 10.1.33 to 10.1.34

Structural Changes

1. Parent POM Improvements

• Reorganized properties into logical groups:
  • OSDU Versions
  • Spring Versions
  • Project Versions
  • Plugin Versions
• Added detailed documentation for BOM hierarchy
• Added explicit section markers for better organization
• Changed os-core-common-spring6 dependency scope to 'provided'

2. Azure Provider Organization

• Maintained clear grouping of dependencies:
  • OSDU Dependencies
  • Spring Dependencies
  • Azure Dependencies
  • Project Dependencies
  • Test Dependencies

3. Build Configuration

• Consistent plugin versioning
• Maintained JaCoCo configuration
• Spring Boot Maven plugin settings unchanged

Additional Notes

• Parent POM modifications focus on improved organization and maintainability
• Azure provider update addresses critical security vulnerability
• All Spring Boot dependencies remain managed by parent POM
• Azure dependencies continue to be managed by core-lib-azure
• No changes to test configurations or logging exclusions