Skip to content

Commit

Permalink
fix: Update maven dependency to fix cve (#22)
Browse files Browse the repository at this point in the history 
Co-authored-by: Vitolo-Andrea <[email protected]>
  • Loading branch information
@stedelia @Vitolo-Andrea
stedelia and Vitolo-Andrea authored Jul 31, 2024
1 parent 42f4360 commit 1cc6736
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 1 deletion.
10 changes: 10 additions & 0 deletions .grype.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
ignore:
- vulnerability: CVE-2022-1471 # solved in snakeyaml 2.2
- vulnerability: CVE-2024-23672 # tomcat-embed-core 10.1.25
- vulnerability: CVE-2024-24549 # tomcat-embed-websocket 10.1.25
- vulnerability: CVE-2024-22243 # spring-web 6.0.22
- vulnerability: CVE-2024-22259 # spring-web 6.0.22
- vulnerability: CVE-2023-3635 # okio-jvm 3.9.0
- vulnerability: CVE-2023-51074 # json-path 2.9.0
- vulnerability: CVE-2024-26308 # commons-compress 1.26.2
- vulnerability: CVE-2024-25710 # commons-compress 1.26.2
38 changes: 37 additions & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,14 +110,50 @@

<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>2.2</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId>
<version>1.26.2</version>
</dependency>
<dependency>
<groupId>com.jayway.jsonpath</groupId>
<artifactId>json-path</artifactId>
<version>2.9.0</version>
</dependency>

<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>2022.0.4</version>
<type>pom</type>
<scope>import</scope>
</dependency>

<dependency>
<groupId>com.squareup.okio</groupId>
<artifactId>okio-jvm</artifactId>
<version>3.9.0</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>10.1.25</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-websocket</artifactId>
<version>10.1.25</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>6.0.22</version>
</dependency>
<dependency>
<groupId>com.azure.spring</groupId>
<artifactId>spring-cloud-azure-dependencies</artifactId>
Expand Down

0 comments on commit 1cc6736

Please sign in to comment.