Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get rid of commons-beanutils #2129

Open
vkochnev opened this issue Jul 18, 2024 · 0 comments
Open

Get rid of commons-beanutils #2129

vkochnev opened this issue Jul 18, 2024 · 0 comments
Labels
waiting-for-triage

Comments

@vkochnev
Copy link

Spring Cloud Contract uses commons-beanutils which is extremely old and depends on even more outdated and moreover vulnerable commons-collections library, there is also no evidence that common-beanutils will be updated any time soon.

The use of the aforementioned library is quite limited and should be easy to rewrite without use of this library.
I actually found only one usage:

spring-cloud-contract/spring-cloud-contract-verifier/src/main/java/org/springframework/cloud/contract/verifier/builder/JsonBodyVerificationBuilder.java

Line 303 in d771b76

Object result = new PropertyUtilsBean().getProperty(templateModel, justEntry);

Also there are several usages of commons-collections in one file:

spring-cloud-contract/spring-cloud-contract-verifier/src/main/java/org/springframework/cloud/contract/verifier/converter/YamlToContracts.java

Line 43 in d771b76

import org.apache.commons.collections.MapUtils;

Which can be replaced with Spring specific implementations or commons-collections4 if it's not possible.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
waiting-for-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vkochnev @spring-cloud-issues