Bump snakeyaml and jackson-databind to latest versions #201

dgrad · 2023-12-21T21:46:04Z

Previous versions had known vulenerabilities.

Vulnerabilities
NAME              INSTALLED  FIXED-IN  TYPE          VULNERABILITY        SEVERITY
jackson-databind  2.13.4     2.13.4.2  java-archive  GHSA-jjjh-jjxp-wpff  High
snakeyaml         1.28       1.31      java-archive  GHSA-hhhw-99gj-p3c3  Medium
snakeyaml         1.28       2.0       java-archive  GHSA-mjmj-j48q-9wg2  High
snakeyaml         1.28       1.32      java-archive  GHSA-w37g-rhq8-7m4j  Medium
snakeyaml         1.28       1.31      java-archive  GHSA-3mc7-4q67-w48m  High
snakeyaml         1.28       1.31      java-archive  GHSA-98wm-3w3q-mw94  Medium
snakeyaml         1.28       1.32      java-archive  GHSA-9w3m-gqgf-c4p9  Medium
snakeyaml         1.28       1.31      java-archive  GHSA-c4r9-r8fh-9vj2  Medium

All tests passing and tested with local sonarqube instance.

zippy1978 · 2024-01-10T08:44:08Z

Thank you @dgrad !
I changed the PR target branch to develop

Bump snakeyaml and jackson-databind to latest versions

78347ca

zippy1978 changed the base branch from master to develop January 10, 2024 08:42

Merge branch 'develop' into master

48fcdeb

zippy1978 merged commit 426cc38 into insideapp-oss:develop May 16, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump snakeyaml and jackson-databind to latest versions #201

Bump snakeyaml and jackson-databind to latest versions #201

dgrad commented Dec 21, 2023

zippy1978 commented Jan 10, 2024

Bump snakeyaml and jackson-databind to latest versions #201

Bump snakeyaml and jackson-databind to latest versions #201

Conversation

dgrad commented Dec 21, 2023

zippy1978 commented Jan 10, 2024