sebastian-j-ibanez
commented
3 weeks ago Work will be pushed to the pom-dependency-security-update branch.
Open sebastian-j-ibanez opened 3 weeks ago
sebastian-j-ibanez
commented
3 weeks ago Work will be pushed to the pom-dependency-security-update branch.
sebastian-j-ibanez
commented
3 weeks ago Apache CXF should be upgraded to 3.5.8.
OscarOAuthDataProvider and OscarRequestTokenService classes would need to be refactored. CXF 3.5 moved from oauth to oauth2.
Not sure how feasible this move is right now.
sebastian-j-ibanez
commented
3 weeks ago 2024-10-22)sebastian-j-ibanez
commented
3 weeks ago The OWASP csrfguard library should be updated from 3.1.0 to 4.0.0.
Will require refactoring multiple classes.
sebastian-j-ibanez
commented
2 weeks ago Trying to figure out how to find unused dependencies.
Dependencies only used at runtime will show up as unused declared dependencies by the maven-dependency-plugin.
Will try analyzing dependencies using the maven-jdeps-plugin.
Analyze dependencies using Dependabot and Intellij.
Upgrade dependencies to reduce number of CVEs associated with project.
Remove unnecessary dependencies if feasible.