Security issue fix

[adkumar1]

• Trivy Spring security issue fix
• Changing the name of repository in documentation

[Siegfriedk]

@adkumar1 & @sachinargade123 i run the dash tool and i see multiply diffs. How can this be?

[sachinargade123]

@Siegfriedk

I had used below command to generate DEPENDENCIES file. I used this command from initial commit. Do I need to use any other eclipse dash tool version?

mvn verify dependency:list -DskipTests -Dmaven.javadoc.skip=true -DappendOutput=true -DoutputFile=maven.deps java -jar ~/Desktop/org.eclipse.dash.licenses-0.0.1-20220928.055031-560.jar maven.deps -summary DEPENDENCIES

[Siegfriedk]

@sachinargade123 i run the maven plugin: https://blog.waynebeaton.ca/posts/ip/dash-license-tool-maven-plugin/

[sachinargade123]

@Siegfriedk

I have tried plugin approach as well as latest executable jar use 'org.eclipse.dash.licenses-1.0.3-20230609.055026-17.jar' (referring https://github.com/eclipse/dash-licenses#readme and downloaded jar from https://repo.eclipse.org/service/local/artifact/maven/redirect?r=dash-licenses&g=org.eclipse.dash&a=org.eclipse.dash.licenses&v=LATEST)

Yes, there are multiple content difference in DEPENDENCIES file using executable jar and maven plugin, I notice with maven plugin approach showing less scan dependency list compare to use executable dash jar. The maven plugin skipping some jar in DEPENDENCIES for example 'spring-boot-starter-test.jar' etc.

Now not sure which is correct one. please suggest which one we should use.

[Siegfriedk]

@adkumar1 || @sachinargade123 pls run it again and i will merge it after; Use the way you did it.

[sachinargade123]

@Siegfriedk We have done scan again push latest file.