[Snyk] Fix for 3 vulnerable dependencies - Githubissues

GIScience / helios

HELIOS - the Heidelberg LiDAR Operations Simulator - is a software package for interactive real-time simulation and visualisation of terrestrial, mobile and airborne laser scan surveys written in Java.

http://www.geog.uni-heidelberg.de/gis/helios.html

GNU General Public License v3.0

87 stars 41 forks source link

[Snyk] Fix for 3 vulnerable dependencies #25

Closed snyk-bot closed 6 years ago

snyk-bot commented 6 years ago

Description

This PR fixes one or more vulnerable packages in the maven dependencies of this project. See the Snyk test report for more details.

Snyk Project: giscience/helios:pom.xml

Snyk Organization: TheGreatRefrigerator

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- pom.xml

Vulnerabilities that will be fixed

With an upgrade:

pom.xml
- commons-validator:commons-validator@1.4.0 > commons-validator:commons-validator@1.5.0
  - Arbitrary Code Execution
- org.codehaus.groovy:groovy-all@2.1.9 > org.codehaus.groovy:groovy-all@2.4.7
  - Deserialization of Untrusted Data
  - Deserialization of Untrusted Data

You can read more about Snyk's upgrade and patch logic in Snyk's documentation.

Check the changes in this PR to ensure they won't cause issues with your project.

Stay secure, The Snyk team

deuxbot commented 6 years ago

The changes proposed here have been added in ddc068dfb33b2f9b58cb35c8e62a353ebb8607f9.