Fix dependency vulnerabilities of the configuration-server in v2.2.0

inspectIT / inspectit-ocelot

inspectIT Ocelot - Java agent for collecting application performance, tracing and behavior data

http://www.inspectit.rocks/

Apache License 2.0

204 stars 69 forks source link

Fix dependency vulnerabilities of the configuration-server in v2.2.0 #1553

Closed heiko-holz closed 1 year ago

heiko-holz commented 1 year ago

The configuration-server of the current release (v2.2.0) has various security-high and risk in its dependencies, e.g.,

com.fasterxml.jackson.core : jackson-databind : 2.13.1
org.apache.tomcat.embed : tomcat-embed-core : 8.5.46
org.springframework : spring-beans : 5.3.14
org.yaml : snakeyaml : 1.30

In this issue, these dependencies (also transitively) need to be updated so that we do not have any vulnerabilities in the configuration server.