diff --git a/.grype.yaml b/.grype.yaml new file mode 100644 index 0000000..28e75a2 --- /dev/null +++ b/.grype.yaml @@ -0,0 +1,10 @@ +ignore: + - vulnerability: CVE-2022-1471 # solved in snakeyaml 2.2 + - vulnerability: CVE-2024-23672 # tomcat-embed-core 10.1.25 + - vulnerability: CVE-2024-24549 # tomcat-embed-websocket 10.1.25 + - vulnerability: CVE-2024-22243 # spring-web 6.0.22 + - vulnerability: CVE-2024-22259 # spring-web 6.0.22 + - vulnerability: CVE-2023-3635 # okio-jvm 3.9.0 + - vulnerability: CVE-2023-51074 # json-path 2.9.0 + - vulnerability: CVE-2024-26308 # commons-compress 1.26.2 + - vulnerability: CVE-2024-25710 # commons-compress 1.26.2 \ No newline at end of file diff --git a/pom.xml b/pom.xml index 2105923..ac4ac7e 100644 --- a/pom.xml +++ b/pom.xml @@ -110,6 +110,22 @@ + + org.yaml + snakeyaml + 2.2 + + + org.apache.commons + commons-compress + 1.26.2 + + + com.jayway.jsonpath + json-path + 2.9.0 + + org.springframework.cloud spring-cloud-dependencies @@ -117,7 +133,27 @@ pom import - + + com.squareup.okio + okio-jvm + 3.9.0 + runtime + + + org.apache.tomcat.embed + tomcat-embed-core + 10.1.25 + + + org.apache.tomcat.embed + tomcat-embed-websocket + 10.1.25 + + + org.springframework + spring-web + 6.0.22 + com.azure.spring spring-cloud-azure-dependencies