Issue #SBCOSS-385 fix: Vulnerability fixes in groups-service

[chethann007]

This PR addresses a known security vulnerability stemming from the use of an outdated version of the io.netty:netty library (3.10.6.Final) brought in transitively via akka-remote.

Changes Implemented

• Excluded the vulnerable netty (3.10.6.Final) .
• Added an explicit dependency on a secure and stable version:
  • io.netty:netty-codec-http:4.1.44.Final

Description by Korbit AI

What change is being made?

Add and update dependencies in the pom.xml file to address vulnerability issues in the groups-service by explicitly excluding older netty-codec-http versions and including a safe version.

Why are these changes being made?

These changes are being made to resolve security vulnerabilities associated with the netty-codec-http library by upgrading to version 4.1.44.Final, ensuring the application remains secure and stable. This approach eliminates the risk of using an unsafe library version while maintaining necessary functionality.

Is this description stale? Ask me to generate a new description by commenting /korbit-generate-pr-description

[korbit-ai]

I've completed my review and didn't find any issues... but I did find this bear.

/  \.-"""-./  \
\    -   -    /
 |   o   o   |
 \  .-'''-.  /
  '-\__Y__/-'
     `---`

Check out our docs on how you can make Korbit work best for you and your team.

Loving Korbit!? Share us on LinkedIn Reddit and X

[sonarqubecloud]

Quality Gate failed

Failed conditions
1 Security Hotspot
13.8% Coverage on New Code (required ≥ 80%)
3.7% Duplication on New Code (required ≤ 3%)
E Reliability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE