Skip to content

Commit 1cc6736

Browse files
stedeliaVitolo-Andrea
stedelia
and
Vitolo-Andrea
authored
fix: Update maven dependency to fix cve (#22)
Co-authored-by: Vitolo-Andrea <[email protected]>
1 parent 42f4360 commit 1cc6736

File tree

2 files changed

+47
-1
lines changed

2 files changed

+47
-1
lines changed

.grype.yaml

+10
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
ignore:
2+
- vulnerability: CVE-2022-1471 # solved in snakeyaml 2.2
3+
- vulnerability: CVE-2024-23672 # tomcat-embed-core 10.1.25
4+
- vulnerability: CVE-2024-24549 # tomcat-embed-websocket 10.1.25
5+
- vulnerability: CVE-2024-22243 # spring-web 6.0.22
6+
- vulnerability: CVE-2024-22259 # spring-web 6.0.22
7+
- vulnerability: CVE-2023-3635 # okio-jvm 3.9.0
8+
- vulnerability: CVE-2023-51074 # json-path 2.9.0
9+
- vulnerability: CVE-2024-26308 # commons-compress 1.26.2
10+
- vulnerability: CVE-2024-25710 # commons-compress 1.26.2

pom.xml

+37-1
Original file line numberDiff line numberDiff line change
@@ -110,14 +110,50 @@
110110

111111
<dependencyManagement>
112112
<dependencies>
113+
<dependency>
114+
<groupId>org.yaml</groupId>
115+
<artifactId>snakeyaml</artifactId>
116+
<version>2.2</version>
117+
</dependency>
118+
<dependency>
119+
<groupId>org.apache.commons</groupId>
120+
<artifactId>commons-compress</artifactId>
121+
<version>1.26.2</version>
122+
</dependency>
123+
<dependency>
124+
<groupId>com.jayway.jsonpath</groupId>
125+
<artifactId>json-path</artifactId>
126+
<version>2.9.0</version>
127+
</dependency>
128+
113129
<dependency>
114130
<groupId>org.springframework.cloud</groupId>
115131
<artifactId>spring-cloud-dependencies</artifactId>
116132
<version>2022.0.4</version>
117133
<type>pom</type>
118134
<scope>import</scope>
119135
</dependency>
120-
136+
<dependency>
137+
<groupId>com.squareup.okio</groupId>
138+
<artifactId>okio-jvm</artifactId>
139+
<version>3.9.0</version>
140+
<scope>runtime</scope>
141+
</dependency>
142+
<dependency>
143+
<groupId>org.apache.tomcat.embed</groupId>
144+
<artifactId>tomcat-embed-core</artifactId>
145+
<version>10.1.25</version>
146+
</dependency>
147+
<dependency>
148+
<groupId>org.apache.tomcat.embed</groupId>
149+
<artifactId>tomcat-embed-websocket</artifactId>
150+
<version>10.1.25</version>
151+
</dependency>
152+
<dependency>
153+
<groupId>org.springframework</groupId>
154+
<artifactId>spring-web</artifactId>
155+
<version>6.0.22</version>
156+
</dependency>
121157
<dependency>
122158
<groupId>com.azure.spring</groupId>
123159
<artifactId>spring-cloud-azure-dependencies</artifactId>

0 commit comments

Comments
 (0)