Skip to content

ASM-2115:Remove Sonar and Fix vulnerabilities#19

Open
vaibhavcompanieshouse wants to merge 2 commits into
mainfrom
feature/asm-2115-sonar-removal-cve-fix
Open

ASM-2115:Remove Sonar and Fix vulnerabilities#19
vaibhavcompanieshouse wants to merge 2 commits into
mainfrom
feature/asm-2115-sonar-removal-cve-fix

Conversation

@vaibhavcompanieshouse

@vaibhavcompanieshouse vaibhavcompanieshouse commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

*This commit will add changes to pom to fix vulnerability and remove sonar from makefile resolves :ASM-2115

Describe the changes

Related Jira tickets

Jira Ticket

Developer check list

General

  • Is the PR as small as it can be?
  • Has the Jira ticket been updated with any relevant comments?
  • Is the README up to date?
  • Has the POM been updated for the latest versions of dependencies?
  • Has the code been double-checked against main?
  • Does the code adhere standards in this repository, including SonarQube checks?

Testing

  • Do the code changes have unit and integration tests with code coverage > 80%?
  • Has the code been tested locally and/or passed the API Karate tests on docker-chs-development?
  • Have mandatory manual test cases been run?
  • Are extra Karate tests required?
  • Are all the test data resources up to date?

Release preparation

Where possible, add links to the respective Jira tickets when an item is checked

  • Have these changes been included in a release ticket?
  • Are changes required to the docker-chs-development deployment or test data?
  • Are any changes required to the environment added to chs-configs?

Notes to the tester

Add any testing hints or instructions here.

*This commit will add changes to pom to fix vulnerability and remove sonar from makefile resolves :[ASM-2115](https://companieshouse.atlassian.net/browse/ASM-2115)
@ch-code-analysis

Copy link
Copy Markdown

CI: No security warnings found

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request updates the build configuration to address reported dependency vulnerabilities and removes Sonar-related Makefile targets, aligning the project’s build tooling with the stated “remove Sonar” aim.

Changes:

  • Updated several dependency and plugin versions in pom.xml, including explicit CVE-driven overrides in dependencyManagement.
  • Removed Sonar and PR-analysis targets from the Makefile.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
pom.xml Updates dependency/plugin versions and adds CVE override entries; adjusts test dependency configuration.
Makefile Removes sonar and sonar-pr-analysis targets.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread pom.xml
Comment thread pom.xml
*This commit will add changes to pom to fix vulnerability and remove sonar from makefile resolves :[ASM-2115](https://companieshouse.atlassian.net/browse/ASM-2115)
@ch-code-analysis

Copy link
Copy Markdown

CI: No security warnings found

@chsonarqubeprchecks

Copy link
Copy Markdown

@vaibhavcompanieshouse vaibhavcompanieshouse removed the request for review from dtoulcher-ch July 16, 2026 08:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants