Skip to content

Commit

Permalink
Merge pull request #831 from zalando/bump-jackson
Browse files Browse the repository at this point in the history 
Bump multiple dependencies
  • Loading branch information
@MALPI
MALPI authored Jan 11, 2023
2 parents 8380b0e + e37f428 commit 054f801
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 18 deletions.
17 changes: 12 additions & 5 deletions cve-suppressions.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,17 @@
<cve>CVE-2019-12814</cve>
<cve>CVE-2020-7712</cve>
<cve>CVE-2020-10663</cve>
</suppress>
<suppress>
<!-- false positive -->
<gav regex="true">com\.github\.java-json-tools:json-schema-validator:.+</gav>
<cve>CVE-2018-18749</cve>
<cve>CVE-2021-4279</cve>
<cve>CVE-2022-1471</cve>
<cve>CVE-2022-25857</cve>
<cve>CVE-2022-3064</cve>
<cve>CVE-2022-38749</cve>
<cve>CVE-2022-38751</cve>
<cve>CVE-2022-38752</cve>
<cve>CVE-2022-41854</cve>
<cve>CVE-2021-4235</cve>
<cve>CVE-2022-38750</cve>
<cve>CVE-2016-1000027</cve>
<cve>CVE-2020-5408</cve>
</suppress>
</suppressions>
19 changes: 6 additions & 13 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,11 +51,11 @@
<maven.compiler.target>1.8</maven.compiler.target>

<slf4j.version>1.7.36</slf4j.version>
<jackson.version>2.13.2</jackson.version>
<jackson.version>2.14.1</jackson.version>
<problem.version>0.27.1</problem.version>
<spring.version>5.3.16</spring.version>
<spring-security.version>5.6.2</spring-security.version>
<spring-boot.version>2.6.4</spring-boot.version>
<spring.version>5.3.24</spring.version>
<spring-security.version>5.6.10</spring-security.version>
<spring-boot.version>2.6.6</spring-boot.version>
<junit-jupiter.version>5.8.2</junit-jupiter.version>
<javax-el.version>3.0.0</javax-el.version>
</properties>
Expand Down Expand Up @@ -190,13 +190,6 @@
</exclusion>
</exclusions>
</dependency>
<dependency>
<!-- CVE-2017-18640 -->
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>1.30</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-ext</artifactId>
Expand Down Expand Up @@ -323,7 +316,7 @@
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>6.5.0</version>
<version>7.4.4</version>
<executions>
<execution>
<goals>
Expand All @@ -332,7 +325,7 @@
</execution>
</executions>
<configuration>
<failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>
<failBuildOnAnyVulnerability>false</failBuildOnAnyVulnerability>
<suppressionFiles>
<suppressionFile>cve-suppressions.xml</suppressionFile>
</suppressionFiles>
Expand Down

0 comments on commit 054f801

Please sign in to comment.