[FOLIO-3614] mod-camunda: Remove unused commons-text 1.8 dependency Created: 17/Oct/22  Updated: 19/Oct/22  Resolved: 19/Oct/22

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Tech Debt Priority: TBD
Reporter: Julian Ladisch Assignee: Unassigned
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Sprint:
Development Team: None
RCA Group: Related dependency upgrade

 Description   

mod-camunda has a commons-text 1.8 maven dependency https://github.com/folio-org/mod-camunda/blob/c1eb47de77a31a9f45bc0a7205e1485b7619a9c1/pom.xml#L267-L271

However, it is not used, and all commons-text versions below 1.10.0 have a Remote Execution vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2022-42889

Task: Remove the unused commons-text dependency to avoid false positive security warning from Snyk and other vulnerability scanners.


Generated at Thu Feb 08 23:29:25 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.