[FOLIO-3614] mod-camunda: Remove unused commons-text 1.8 dependency Created: 17/Oct/22 Updated: 19/Oct/22 Resolved: 19/Oct/22 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Tech Debt | Priority: | TBD |
| Reporter: | Julian Ladisch | Assignee: | Unassigned |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Sprint: | |
| Development Team: | None |
| RCA Group: | Related dependency upgrade |
| Description |
|
mod-camunda has a commons-text 1.8 maven dependency https://github.com/folio-org/mod-camunda/blob/c1eb47de77a31a9f45bc0a7205e1485b7619a9c1/pom.xml#L267-L271 However, it is not used, and all commons-text versions below 1.10.0 have a Remote Execution vulnerability: Task: Remove the unused commons-text dependency to avoid false positive security warning from Snyk and other vulnerability scanners. |