[MS-39304] remediate high vulnerabilities [Core & Azure]
Details:
- Remediate High vulnerabilities for [spring-web, spring-core, spring-security-web] in [Core & Azure] modules
- update spring-boot version to 3.2.5
- Core Module [ register-core/pom.xml]
- Services Root level: [pom.xml]
Azure
- https://community.opengroup.org/osdu/platform/system/storage/-/security/vulnerabilities/35751
- https://community.opengroup.org/osdu/platform/system/storage/-/security/vulnerabilities/33931
mvn dependency:tree before changes(service-root-level)
[INFO] --- dependency:3.6.0:tree (default-cli) @ os-storage ---
[INFO] org.opengroup.osdu:os-storage:pom:0.27.0-SNAPSHOT
[INFO] | | +- org.springdoc:springdoc-openapi-starter-common:jar:2.3.0:compile
[INFO] | | | +- org.springframework.boot:spring-boot-autoconfigure:jar:3.2.4:compile
[INFO] | | | | \- org.springframework.boot:spring-boot:jar:3.2.4:compile
[INFO] | | | \- io.swagger.core.v3:swagger-core-jakarta:jar:2.2.19:compile
[INFO] | | | +- org.apache.commons:commons-lang3:jar:3.13.0:compile
[INFO] | | \- org.springframework:spring-webmvc:jar:6.1.5:compile
[INFO] | | \- org.springframework:spring-web:jar:6.1.5:compile
[INFO] | \- org.webjars:swagger-ui:jar:5.10.3:compile
[INFO] +- org.springframework.plugin:spring-plugin-core:jar:2.0.0.RELEASE:compile
[INFO] | +- org.springframework:spring-beans:jar:6.1.5:compile
[INFO] | | \- org.springframework:spring-core:jar:6.1.5:compile
[INFO] | | \- org.springframework:spring-jcl:jar:6.1.5:compile
[INFO] | +- org.springframework:spring-context:jar:6.1.5:compile
[INFO] | | +- org.springframework:spring-expression:jar:6.1.5:compile
[INFO] | | \- io.micrometer:micrometer-observation:jar:1.12.4:compile
[INFO] | | \- io.micrometer:micrometer-commons:jar:1.12.4:compile
[INFO] | +- org.springframework:spring-aop:jar:6.1.5:compile
[INFO] | \- org.slf4j:slf4j-api:jar:2.0.12:compile
[INFO] \- org.springframework.plugin:spring-plugin-metadata:jar:2.0.0.RELEASE:compilemvn dependency:tree after changes (service-root-level)
[INFO] --- dependency:3.6.0:tree (default-cli) @ os-storage ---
[INFO] org.opengroup.osdu:os-storage:pom:0.27.0-SNAPSHOT
[INFO] +- org.projectlombok:lombok:jar:1.18.28:compile
[INFO] | | | +- org.springframework.boot:spring-boot-autoconfigure:jar:3.2.5:compile
[INFO] | | | | \- org.springframework.boot:spring-boot:jar:3.2.5:compile
[INFO] | | | \- io.swagger.core.v3:swagger-core-jakarta:jar:2.2.19:compile
[INFO] | | | +- org.apache.commons:commons-lang3:jar:3.13.0:compile
[INFO] | | \- org.springframework:spring-webmvc:jar:6.1.6:compile
[INFO] | | \- org.springframework:spring-web:jar:6.1.6:compile
[INFO] | \- org.webjars:swagger-ui:jar:5.10.3:compile
[INFO] +- org.springframework.plugin:spring-plugin-core:jar:2.0.0.RELEASE:compile
[INFO] | +- org.springframework:spring-beans:jar:6.1.6:compile
[INFO] | | \- org.springframework:spring-core:jar:6.1.6:compile
[INFO] | | \- org.springframework:spring-jcl:jar:6.1.6:compile
[INFO] | +- org.springframework:spring-context:jar:6.1.6:compile
[INFO] | | +- org.springframework:spring-expression:jar:6.1.6:compile
[INFO] | | \- io.micrometer:micrometer-observation:jar:1.12.5:compile
[INFO] | | \- io.micrometer:micrometer-commons:jar:1.12.5:compile
[INFO] | +- org.springframework:spring-aop:jar:6.1.6:compile
[INFO] | \- org.slf4j:slf4j-api:jar:2.0.13:compile
[INFO] \- org.springframework.plugin:spring-plugin-metadata:jar:2.0.0.RELEASE:compileEdited by VidyaDharani Lokam