Spring Cloud Contract uses commons-beanutils which is extremely old and depends on even more outdated and moreover vulnerable commons-collections library, there is also no evidence that common-beanutils will be updated any time soon.
The use of the aforementioned library is quite limited and should be easy to rewrite without use of this library.
I actually found only one usage:
|
Object result = new PropertyUtilsBean().getProperty(templateModel, justEntry); |
Also there are several usages of commons-collections in one file:
|
import org.apache.commons.collections.MapUtils; |
Which can be replaced with Spring specific implementations or
commons-collections4 if it's not possible.
Spring Cloud Contract uses
commons-beanutilswhich is extremely old and depends on even more outdated and moreover vulnerablecommons-collectionslibrary, there is also no evidence thatcommon-beanutilswill be updated any time soon.The use of the aforementioned library is quite limited and should be easy to rewrite without use of this library.
I actually found only one usage:
spring-cloud-contract/spring-cloud-contract-verifier/src/main/java/org/springframework/cloud/contract/verifier/builder/JsonBodyVerificationBuilder.java
Line 303 in d771b76
Also there are several usages of
commons-collectionsin one file:spring-cloud-contract/spring-cloud-contract-verifier/src/main/java/org/springframework/cloud/contract/verifier/converter/YamlToContracts.java
Line 43 in d771b76
Which can be replaced with Spring specific implementations or
commons-collections4if it's not possible.