Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security warnings on several dependencies #42

Open
captrespect opened this issue Mar 6, 2023 · 0 comments
Open

Security warnings on several dependencies #42

captrespect opened this issue Mar 6, 2023 · 0 comments

Comments

@captrespect
Copy link

Several of the dependencies of this library have critical security errors.

The following seem to be safe to update by just updating the versions to the following:

commons-beanutils:commons-beanutils-core:1.8.3
org.apache.maven.shared:maven-shared-utils:3.3.4
com.thoughtworks.xstream:xstream:1.4.19
jakarta.annotation:jakarta.annotation-api:1.3.5

The org.yaml:snakeyaml:1.30 dependency needs to be updated to 2.0 to resolve CVE-2022-1471. This requires code changes since the library is not backward compatible.

@captrespect captrespect changed the title Security warnings on several dependenceis Security warnings on several dependencies Mar 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant