The Clean Dependency Project is Fannie Mae’s first open source project with a clear vision to provide clean OSS libraries to the products that we care about.
There is an immediate concern with the consumption of OSS libraries that we rely on with no clear upgrade path. The main goal is to clean these dependencies and vulnerabilities with patch management with the most recent versions to push back upstream into our projects as well as the external community.
Some of the projects and dependencies we will be working on cleaning are:
- Log4J
- SpringWeb
- Pandas
- SpringWeb Security
- Jackson-Databind
Versions that need updating:
- spring-web : 1.x.x – 5.x.x
- spring-security-web : 1.x.x – 5.x.x
- jackson-databind : 2.12.5
- pandas : 1.x.x - 1.4.2
If you would like to give back to this project, please read our contributing guide and visit our open issues to get started.