Issue #SB-COSS-000 fix: Release-8.0.0 vulnerability fixes

[aimansharief]

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Type of change

Please choose appropriate options.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes in the below checkboxes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

• Ran Test A
• Ran Test B

Test Configuration:

• Software versions: Java 11, scala-2.12, play-2.7.2
• Hardware versions: 2 CPU/ 4GB RAM

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbit review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbit in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbit in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbit gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbit read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbit help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbit ignore or @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbit summary or @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbit or @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Pull Request Overview

This PR addresses vulnerability fixes for release 8.0.0 by updating various dependencies to their latest secure versions and managing transitive dependency conflicts through exclusions.

• Updates multiple vulnerable dependencies to their latest secure versions (Jackson, Netty, Logback, Commons libraries)
• Implements explicit dependency exclusions to prevent version conflicts and ensure consistent dependency resolution
• Standardizes dependency versions across multiple services for better security and maintainability

Reviewed Changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
taxonomy-api/taxonomy-service/pom.xml	Updates Jackson, Netty, Logback, and Snappy dependencies with exclusions
search-api/search-service/pom.xml	Similar dependency updates with exclusions for Jackson, Netty, Logback, and Snappy
search-api/search-core/pom.xml	Updates Commons BeanUtils, Jackson dependencies with version management
platform-modules/url-manager/pom.xml	Updates Google OAuth client dependency with exclusions
platform-modules/mimetype-manager/pom.xml	Updates Netty, Commons BeanUtils, and Jackson Core dependencies
platform-core/platform-telemetry/pom.xml	Updates Logback dependencies with exclusions
platform-core/platform-common/pom.xml	Updates Commons IO and Jackson Core dependencies
content-api/content-service/pom.xml	Updates Jackson, Logback, and Netty dependencies with exclusions

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

The netty-codec-http version 4.1.44.Final is outdated and may contain security vulnerabilities. Consider updating to version 4.1.118.Final to match the netty-handler version used in other modules for consistency and security.

Suggested change

	<artifactId>netty-codec-http</artifactId>
	<version>4.1.44.Final</version>
	<version>4.1.118.Final</version>

[Copilot]

The netty-handler version 4.1.46.Final is outdated compared to version 4.1.118.Final used in other modules. This inconsistency could introduce security vulnerabilities and compatibility issues. Update to 4.1.118.Final for consistency.

Suggested change

	<artifactId>netty-handler</artifactId>
	<version>4.1.46.Final</version>
	<version>4.1.118.Final</version>

[Copilot]

The netty-codec version 4.1.68.Final is newer than the other Netty components but still behind the 4.1.118.Final version used elsewhere. For security and compatibility, all Netty components should use the same version 4.1.118.Final.

Suggested change

	<artifactId>netty-codec</artifactId>
	<version>4.1.68.Final</version>
	<version>4.1.118.Final</version>