[Snyk] Fix for 81 vulnerabilities #4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…lnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-5953331 - https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-2348247 - https://snyk.io/vuln/SNYK-JAVA-ORGTHYMELEAF-5811866 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-3369852 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-7945490 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-8383920 - https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-1769238 - https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-2331071 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-567882 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-565171 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-6435948 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-6261586 - https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-7430175 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-8073090 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230373 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3326459 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-5862028 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-451168 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-6092281 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8384234 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1767172 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1767772 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-5441321 - https://snyk.io/vuln/SNYK-JAVA-ORGTHYMELEAF-1915389 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426 - https://snyk.io/vuln/SNYK-JAVA-MYSQL-1766958 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-7444596 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-7444620 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-479774 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3225086 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-6435950 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-5564390 - https://snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360 - https://snyk.io/vuln/SNYK-JAVA-ORGYAML-6056527 - https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-3146851 - https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6094942 - https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6094943 - https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6097492 - https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-6097493 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-6444790 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-2414084 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-7687447 - https://snyk.io/vuln/SNYK-JAVA-MYSQL-2386864 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-451160 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-451162 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-451164 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-479505 - https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1767334 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-479803 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634 - https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-6597980 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2952716 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-479782 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3369687 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-5959654 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-5959972 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-7687446 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-6226862 - https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-1726923 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3035793 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3097829 - https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889 - https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230368
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: caniszczyk The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to fix 81 vulnerabilities in the maven dependencies of this project.
Snyk changed the following file(s):
detection/envs/testData/javaSpringWithMySql/pom.xmlVulnerabilities that will be fixed with an upgrade:
SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751
MatureSNYK-JAVA-ORGAPACHETOMCATEMBED-5953331
MatureSNYK-JAVA-COMH2DATABASE-2348247
Major version upgradeProof of ConceptSNYK-JAVA-ORGTHYMELEAF-5811866
Major version upgradeProof of ConceptSNYK-JAVA-ORGSPRINGFRAMEWORK-3369852
Proof of ConceptSNYK-JAVA-ORGSPRINGFRAMEWORK-7945490
Major version upgradeProof of ConceptSNYK-JAVA-ORGAPACHETOMCATEMBED-8383920
Major version upgradeNo Known ExploitSNYK-JAVA-COMH2DATABASE-1769238
Major version upgradeProof of ConceptSNYK-JAVA-COMH2DATABASE-2331071
Major version upgradeProof of ConceptSNYK-JAVA-ORGWEBJARS-567882
3.3.6->5.0.0org.webjars:jquery:
2.2.4->3.5.0Major version upgradeMatureSNYK-JAVA-ORGWEBJARS-565171
3.3.6->5.0.0org.webjars:jquery:
2.2.4->3.5.0Major version upgradeMatureSNYK-JAVA-ORGAPACHETOMCATEMBED-6435948
Major version upgradeProof of ConceptSNYK-JAVA-ORGSPRINGFRAMEWORK-6261586
Major version upgradeProof of ConceptSNYK-JAVA-ORGYAML-3152153
Major version upgradeProof of ConceptSNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-7430175
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-8073090
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-8230373
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-3326459
Proof of ConceptSNYK-JAVA-ORGAPACHETOMCATEMBED-5862028
Proof of ConceptSNYK-JAVA-ORGWEBJARS-451168
3.3.6->5.0.0Proof of ConceptSNYK-JAVA-ORGAPACHETOMCATEMBED-6092281
No Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-8384234
Major version upgradeNo Known ExploitSNYK-JAVA-ORGWEBJARS-1767172
1.11.4->1.13.2Proof of ConceptSNYK-JAVA-ORGWEBJARS-1767772
1.11.4->1.13.2Proof of ConceptSNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-5441321
No Known ExploitSNYK-JAVA-ORGTHYMELEAF-1915389
No Known ExploitSNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424
Proof of ConceptSNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426
Proof of ConceptSNYK-JAVA-MYSQL-1766958
Proof of ConceptSNYK-JAVA-ORGWEBJARS-7444596
3.3.6->5.0.0Major version upgradeProof of ConceptSNYK-JAVA-ORGWEBJARS-7444620
3.3.6->5.0.0Major version upgradeProof of ConceptSNYK-JAVA-ORGWEBJARS-479774
3.3.6->5.0.0org.webjars:jquery:
2.2.4->3.5.0Major version upgradeProof of ConceptSNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244
No Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-3225086
No Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-6435950
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-5564390
No Known ExploitSNYK-JAVA-ORGYAML-2806360
Major version upgradeNo Known ExploitSNYK-JAVA-ORGYAML-6056527
Major version upgradeNo Known ExploitSNYK-JAVA-COMH2DATABASE-3146851
Major version upgradeProof of ConceptSNYK-JAVA-CHQOSLOGBACK-6094942
Major version upgradeNo Known ExploitSNYK-JAVA-CHQOSLOGBACK-6094943
Major version upgradeNo Known ExploitSNYK-JAVA-CHQOSLOGBACK-6097492
Major version upgradeNo Known ExploitSNYK-JAVA-CHQOSLOGBACK-6097493
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-6444790
Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-2414084
No Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-7687447
Major version upgradeNo Known ExploitSNYK-JAVA-MYSQL-2386864
No Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-5422217
No Known ExploitSNYK-JAVA-ORGWEBJARS-451160
3.3.6->5.0.0No Known ExploitSNYK-JAVA-ORGWEBJARS-451162
3.3.6->5.0.0No Known ExploitSNYK-JAVA-ORGWEBJARS-451164
3.3.6->5.0.0No Known ExploitSNYK-JAVA-ORGWEBJARS-479505
3.3.6->5.0.0No Known ExploitSNYK-JAVA-ORGYAML-3016891
Major version upgradeProof of ConceptSNYK-JAVA-ORGWEBJARS-1767334
1.11.4->1.13.2No Known ExploitSNYK-JAVA-ORGWEBJARS-479803
1.11.4->1.13.2No Known ExploitSNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698
No Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-2689634
Proof of ConceptSNYK-JAVA-ORGYAML-3016888
Major version upgradeProof of ConceptSNYK-JAVA-ORGSPRINGFRAMEWORK-6597980
Major version upgradeNo Known ExploitSNYK-JAVA-ORGWEBJARS-2952716
1.11.4->1.13.2No Known ExploitSNYK-JAVA-ORGWEBJARS-479782
3.3.6->5.0.0org.webjars:jquery:
2.2.4->3.5.0Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-3369687
No Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-5959654
No Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-5959972
No Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-2434828
No Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-2823313
No Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-3369749
No Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-7687446
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-6226862
No Known ExploitSNYK-JAVA-CHQOSLOGBACK-1726923
No Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-2329097
No Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-2330878
No Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-3035793
No Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-3097829
No Known ExploitSNYK-JAVA-ORGYAML-3016889
Major version upgradeNo Known ExploitSNYK-JAVA-ORGYAML-3113851
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-8230364
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-8230365
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-8230366
Major version upgradeNo Known ExploitSNYK-JAVA-ORGSPRINGFRAMEWORK-8230368
Major version upgradeNo Known ExploitVulnerabilities that could not be fixed
com.h2database:[email protected]tocom.h2database:[email protected]; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.5.4/spring-boot-dependencies-2.5.4.pommysql:[email protected]tomysql:[email protected]; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.5.4/spring-boot-dependencies-2.5.4.pomorg.springframework.boot:[email protected]toorg.springframework.boot:[email protected]; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.5.4/spring-boot-dependencies-2.5.4.pomorg.springframework.boot:[email protected]toorg.springframework.boot:[email protected]; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.5.4/spring-boot-dependencies-2.5.4.pomorg.springframework.boot:[email protected]toorg.springframework.boot:[email protected]; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.5.4/spring-boot-dependencies-2.5.4.pomorg.springframework.boot:[email protected]toorg.springframework.boot:[email protected]; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.5.4/spring-boot-dependencies-2.5.4.pomorg.springframework.boot:[email protected]toorg.springframework.boot:[email protected]; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.5.4/spring-boot-dependencies-2.5.4.pomorg.springframework.boot:[email protected]toorg.springframework.boot:[email protected]; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.5.4/spring-boot-dependencies-2.5.4.pomorg.webjars:[email protected]toorg.webjars:[email protected]; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.5.4/spring-boot-dependencies-2.5.4.pomImportant
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Insufficient Hostname Verification
🦉 Denial of Service (DoS)
🦉 XML External Entity (XXE) Injection
🦉 More lessons are available in Snyk Learn