Versions Compared

Version Old Version 13 New Version 14
Changes made by

Sanchita Pathak

Rupali Shirode

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

NOTE: This page is copy of /wiki/spaces/SV/pages/16094118 report

...

Status

Priority

Component name and version

Recommended version

Threat level

Project’s assessment

Status
colourGreen
titleComplete

1com.fasterxml.jackson.core : jackson-databind : 2.11.32.14.1


This is indirect dependency coming from the o-parent.


The version 2.14.2 is updated and available in Master branch   

Status
colourGreen
titleComplete

1com.fasterxml.jackson.core : jackson-databind : 2.9.82.14.1
Same as above

Status
colourGreen
titleComplete

1com.google.protobuf : protobuf-java : 3.10.04.0.0-rc-2

This needs further analysis and is being checked in detail. We have a resource crunch at the moment.
 
This dependancy is excluded in SO pom.xml therefor no impact, require no change in SO

Status
colourBlueGreen
titleIn ProgressCOMPLETE

1com.h2database : h2 : 1.4.2000.16.4

We dont use this code in the production and is only built for testing code.

 
1) As per analysis the recommend version is lowest which is not available in Maven dependency.
2) We update the latest version 2.1.214 and its work i.e. code build successfully. Reference link:  https://mvnrepository.com/artifact/com.h2database/h2

Status
colourBlue
titleIn Progress

1org.apache.tomcat : tomcat-catalina : 9.0.459.0.37.1

This needs further analysis and We are facing resource issue at the moment, request a waiver.

Status
colourGreen
titleComplete

1org.json : json : 2014010720220924


The change would bring in a major testing to be performed across the projects and we have a resource crunch. 


The version 2.14.2 is updated and available in Master branch   

Status
colourGreen
titleComplete

1org.json : json : 2016021220220924

The change would bring in a major testing to be performed across the projects and we have a resource crunch. 


The version 2.14.2 is updated and available in Master branch   

Status
titleOpen

1org.springframework : spring-web : 5.2.14.RELEASE6.0.2

 
Spring Framework 6 requires Java 17 

Status
colourBlueGreen
titleIn ProgressCOMPLETE

1

org.springframework.data : spring-data-rest-hal-browser : 3.3.9.RELEASE

3.3.9.RELEASE

change is pushed

Status
colourBlueGreen
titleIn ProgressCOMPLETE

1org.springframework.security : spring-security-web : 5.4.63.0.11-oss


This needs further analysis and We are facing resource issue at the moment, request a waiver.
 
1) As per our analysis the recommended version 3.0.11-oss  is not related to Spring-Security-Web. It is related to AJSC Archetype Parent which is not used in our SO Project (atleast we did not find it).
2) Therefore we can update the latest version of spring-security-web version 6.1.2 and its work i.e. code build successfully. Reference links https://mvnrepository.com/artifact/com.att.ajsc/ajsc-archetype-parent/3.0.11-oss  
and  https://mvnrepository.com/artifact/org.springframework.security/spring-security-web/6.1.2

Status
colourBlue
titleIn Progress

1org.yaml : snakeyaml : 1.261.33


This needs further analysis and We are facing resource issue at the moment, request a waiver.

Status
colourBlueGreen
titleIn ProgressCOMPLETE

2org.glassfish.jersey.core : jersey-common : 2.22.1

 change is pushed

Status
colourBlueGreen
titleIn ProgressCOMPLETE

2org.glassfish.jersey.core : jersey-common : 2.30.1

 change is pushed

Status
titleOpen

2org.springframework : spring-webmvc : 5.2.12.RELEASE6.0.2

 
Spring Framework 6 requires Java 17 

...