Skip to content

Commit

Permalink
1.x upgrade netty to 4.1.100.Final (helidon-io#7862)
Browse files Browse the repository at this point in the history
* Upgrade netty to 4.1.100.Final
* Suppress jgit false positive
  • Loading branch information
barchetta authored Oct 21, 2023
1 parent fa6bef1 commit d6f8abc
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 1 deletion.
2 changes: 1 addition & 1 deletion dependencies/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@
<version.lib.mockito>2.23.4</version.lib.mockito>
<version.lib.mysql-connector-java>8.0.29</version.lib.mysql-connector-java>
<version.lib.narayana>5.9.3.Final</version.lib.narayana>
<version.lib.netty>4.1.94.Final</version.lib.netty>
<version.lib.netty>4.1.100.Final</version.lib.netty>
<version.lib.oci-java-sdk-objectstorage>2.66.0</version.lib.oci-java-sdk-objectstorage>
<version.lib.ojdbc8>19.3.0.0</version.lib.ojdbc8>
<version.lib.opentracing>0.32.0</version.lib.opentracing>
Expand Down
14 changes: 14 additions & 0 deletions etc/dependency-check-suppression.xml
Original file line number Diff line number Diff line change
Expand Up @@ -279,4 +279,18 @@
<vulnerabilityName>CVE-2023-4586</vulnerabilityName>
</suppress>

<!--
This is a FP. We have upgrade jgit to a fixed version, but it is still getting flagged.
Probably due to the funky version string used by jgit. See
https://github.com/jeremylong/DependencyCheck/issues/5943
-->
<suppress>
<notes><![CDATA[
file name: org.eclipse.jgit-6.7.0.202309050840-r.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$</packageUrl>
<cve>CVE-2023-4759</cve>
</suppress>


</suppressions>

0 comments on commit d6f8abc

Please sign in to comment.