DHFPROD-10595: Address Palamida security vulnerabilities - Spring

Nikhila Godugu · Sanjeevani19 · commit 7abf6f649fbd · 2023-08-28T17:12:34.000-05:00
diff --git a/marklogic-data-hub-junit5/build.gradle b/marklogic-data-hub-junit5/build.gradle
@@ -18,7 +18,7 @@ snyk {
 dependencies {
     api "org.junit.jupiter:junit-jupiter:5.7.2"
     api "org.slf4j:slf4j-api:2.0.7"
-    api "org.springframework:spring-test:5.3.24"
+    api "org.springframework:spring-test:5.3.29"
     api project(":marklogic-data-hub")
 
     api "com.marklogic:marklogic-unit-test-client:1.3.0"
diff --git a/marklogic-data-hub/build.gradle b/marklogic-data-hub/build.gradle
@@ -61,14 +61,14 @@ dependencies {
     implementation 'commons-io:commons-io:2.11.0'
 
     constraints {
-        implementation('org.springframework:spring-beans:5.3.23') {
-            because 'spring-beans:5.3.7 is vulnerable to remote code execution and other critical security vulnerabilities'
+        implementation('org.springframework:spring-beans:5.3.29') {
+            because 'spring-beans:5.3.23 is vulnerable to remote code execution and other critical security vulnerabilities'
         }
-        implementation('org.springframework:spring-jcl:5.3.23') {
-            because 'spring-jcl:5.3.7 is vulnerable to remote code execution and other critical security vulnerabilities'
+        implementation('org.springframework:spring-jcl:5.3.29') {
+            because 'spring-jcl:5.3.23 is vulnerable to remote code execution and other critical security vulnerabilities'
         }
-        implementation('org.springframework:spring-core:5.3.23') {
-            because 'spring-core:5.3.7 is vulnerable to remote code execution and other critical security vulnerabilities'
+        implementation('org.springframework:spring-core:5.3.29') {
+            because 'spring-core:5.3.23 is vulnerable to remote code execution and other critical security vulnerabilities'
         }
     }
 

Original file line number	Diff line number	Diff line change
`@@ -61,14 +61,14 @@ dependencies {`
`61`	`61`	`implementation 'commons-io:commons-io:2.11.0'`
`62`	`62`
`63`	`63`	`constraints {`
`64`		`- implementation('org.springframework:spring-beans:5.3.23') {`
`65`		`- because 'spring-beans:5.3.7 is vulnerable to remote code execution and other critical security vulnerabilities'`
	`64`	`+ implementation('org.springframework:spring-beans:5.3.29') {`
	`65`	`+ because 'spring-beans:5.3.23 is vulnerable to remote code execution and other critical security vulnerabilities'`
`66`	`66`	`}`
`67`		`- implementation('org.springframework:spring-jcl:5.3.23') {`
`68`		`- because 'spring-jcl:5.3.7 is vulnerable to remote code execution and other critical security vulnerabilities'`
	`67`	`+ implementation('org.springframework:spring-jcl:5.3.29') {`
	`68`	`+ because 'spring-jcl:5.3.23 is vulnerable to remote code execution and other critical security vulnerabilities'`
`69`	`69`	`}`
`70`		`- implementation('org.springframework:spring-core:5.3.23') {`
`71`		`- because 'spring-core:5.3.7 is vulnerable to remote code execution and other critical security vulnerabilities'`
	`70`	`+ implementation('org.springframework:spring-core:5.3.29') {`
	`71`	`+ because 'spring-core:5.3.23 is vulnerable to remote code execution and other critical security vulnerabilities'`
`72`	`72`	`}`
`73`	`73`	`}`
`74`	`74`