DHFPROD-6948: Removing spring-beans dependency from mlcp-util

Author: rjrudin

marklogic-data-hub/build.gradle

@@ -69,7 +69,13 @@ dependencies {
         exclude group: 'org.jetbrains.kotlin', module: 'kotlin-stdlib-common'
     }
 
-    compile 'com.marklogic:mlcp-util:0.9.0'
+    compile ('com.marklogic:mlcp-util:0.9.0') {
+        // mlcp-util depends on 4.2.5, but Gradle forces this up to 5.x based on other Spring dependencies.
+        // But the Palomida security tool thinks 4.2.5 is still being used and reports it as a vulnerability.
+        // So it's forcibly exclude here to avoid confusing Palomida.
+        exclude module: "spring-beans"
+    }
+
     compile 'com.marklogic:marklogic-data-movement-components:2.2.1'
 
     compile 'commons-io:commons-io:2.4'