tubbynl
commented
1 year ago please recheck after merge #220
Closed MarcelWildenburg closed 1 year ago
tubbynl
commented
1 year ago please recheck after merge #220
tubbynl
commented
1 year ago Issues with no direct upgrade or patch:
✗ Improper Input Validation [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-5829116] in com.fasterxml.jackson.dataformat:jackson-dataformat-toml@2.14.2
introduced by io.quarkus:quarkus-flyway@3.0.4.Final > org.flywaydb:flyway-core@9.16.3 > com.fasterxml.jackson.dataformat:jackson-dataformat-toml@2.14.2
This issue was fixed in versions: 2.15.0https://github.com/Devoxx4Kids-NPO/littil-backend/actions/runs/6022454285
tubbynl
commented
1 year ago perhaps upgrade to Quarkus 3.2, that's a LTS version https://quarkus.io/blog/quarkus-3-2-5-final-released/
tubbynl
commented
1 year ago in 3.1 the jackson version is bumped beyond that version https://github.com/quarkusio/quarkus/releases/tag/3.1.1.Final
tubbynl
commented
1 year ago Fixed by #222
Snyk reporst an issue :
Tested 238 dependencies for known issues, found 1 issue, 1 vulnerable path.
Issues with no direct upgrade or patch: ✗ Improper Input Validation [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-5829116] in com.fasterxml.jackson.dataformat:jackson-dataformat-toml@2.14.2 introduced by io.quarkus:quarkus-flyway@2.16.7.Final > org.flywaydb:flyway-core@9.11.0 > com.fasterxml.jackson.dataformat:jackson-dataformat-toml@2.14.2 This issue was fixed in versions: 2.15.0