Vulnerabilities on DSBulk 1.11.0

[dbapramod882]

Hi Team,

Vulnerabilities detected, in which version can it be resolved.

CVE-2023-44487 Critical dsbulk-1.11.0/lib/netty-codec-http2-4.1.94.Final.jar
CVE-2023-35116 Low dsbulk-1.11.0/lib/jackson-databind-2.13.3.jar
CVE-2024-25710 Low dsbulk-1.11.0/lib/commons-compress-1.21.jar
CVE-2024-26308 Low dsbulk-1.11.0/lib/commons-compress-1.21.jar
CVE-2023-43642 Medium dsbulk-1.11.0/lib/snappy-java-1.1.7.3.jar
CVE-2022-42003 Medium dsbulk-1.11.0/lib/jackson-databind-2.13.3.jar
CVE-2023-5072 Medium dsbulk-1.11.0/lib/json-20220320.jar
CVE-2023-34454 Medium dsbulk-1.11.0/lib/snappy-java-1.1.7.3.jar
CVE-2023-34455 Medium dsbulk-1.11.0/lib/snappy-java-1.1.7.3.jar
CVE-2023-34453 Medium dsbulk-1.11.0/lib/snappy-java-1.1.7.3.jar
CVE-2023-6378 Medium dsbulk-1.11.0/lib/logback-classic-1.2.11.jar
CVE-2022-42004 Medium dsbulk-1.11.0/lib/jackson-databind-2.13.3.jar
CVE-2022-45688 Medium dsbulk-1.11.0/lib/json-20220320.jar

Thanks
Pramod P

[absurdfarce]

Thanks @dbapramod882 !

I'll note that there are a few things mentioned here that aren't covered in #497

[dbapramod882]

Any update here.

[absurdfarce]

Thanks for the ping @dbapramod882 ! We're currently quite busy trying to wrap up a few other releases by the end of this month so I don't anticipate much action on this until next quarter. I can't commit to any kind of fix at this point but I do know there are plans to review this ticket (and a few other fixes we've been considering for dsbulk) when we consider planned objectives for future work!