-
Notifications
You must be signed in to change notification settings - Fork 161
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Fix for 7 vulnerabilities #502
base: master
Are you sure you want to change the base?
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-8383920 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230373 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEKAFKA-8384362 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366 - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230368
Important Review skippedIgnore keyword(s) in the title. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
Snyk has created this PR to fix 7 vulnerabilities in the maven dependencies of this project.
Snyk changed the following file(s):
business-services/billing-service/pom.xml
Vulnerabilities that will be fixed with an upgrade:
SNYK-JAVA-ORGAPACHETOMCATEMBED-8383920
Major version upgrade
No Known Exploit
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230373
Major version upgrade
No Known Exploit
SNYK-JAVA-ORGAPACHEKAFKA-8384362
Major version upgrade
No Known Exploit
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364
Major version upgrade
No Known Exploit
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365
5.2.20.RELEASE
->6.1.14
Major version upgrade
No Known Exploit
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366
Major version upgrade
No Known Exploit
SNYK-JAVA-ORGSPRINGFRAMEWORK-8230368
Major version upgrade
No Known Exploit
Vulnerabilities that could not be fixed
org.springframework.boot:spring-boot-devtools@2.2.6.RELEASE
toorg.springframework.boot:spring-boot-devtools@3.2.11
; Reasoncould not apply upgrade, dependency is managed externally
; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.2.6.RELEASE/spring-boot-dependencies-2.2.6.RELEASE.pom
org.springframework.boot:spring-boot-starter-jdbc@2.2.6.RELEASE
toorg.springframework.boot:spring-boot-starter-jdbc@3.2.11
; Reasoncould not apply upgrade, dependency is managed externally
; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.2.6.RELEASE/spring-boot-dependencies-2.2.6.RELEASE.pom
org.springframework.boot:spring-boot-starter-web@2.2.6.RELEASE
toorg.springframework.boot:spring-boot-starter-web@3.2.11
; Reasoncould not apply upgrade, dependency is managed externally
; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.2.6.RELEASE/spring-boot-dependencies-2.2.6.RELEASE.pom
org.springframework.kafka:spring-kafka@2.3.7.RELEASE
toorg.springframework.kafka:spring-kafka@3.3.0
; Reasoncould not apply upgrade, dependency is managed externally
; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.2.6.RELEASE/spring-boot-dependencies-2.2.6.RELEASE.pom
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Uncaught Exception
🦉 Path Traversal