In order to improve the security of the ONAP code base, projects are to focus on upgrading the third party packages that are direct dependencies. This change has been implemented in the Frankfurt release. Previous releases required vulnerability analysis in addition to package upgrades. Beginning with the Frankfurt release, the remediation of known vulnerabilities in third party packages will be tracked as follows.
...