commons-configuration:1.10 has vulnerabilities:
https://mvnrepository.com/artifact/commons-configuration/commons-configuration/1.10
to fix the issue upgrade to commons-configuration2:2.12.0
@OlgaMaciaszek
Comment From: OlgaMaciaszek
Hello @ziad-saade, this is a transitive dependency not governed by our project, but brought about by Netflix/Eureka, which is an external project, not maintained by us. Switching to commons-configuration2 conflicts with the [Netflix/Eureka]https://github.com/Netflix/archaius project which is used internally by Netflix/Eureka. Please create an issue in both of those projects and link here to track when it's done.