search

GoogleCloudPlatform / point-of-sale

Anthos Edge Use Cases for bringing apps and computation closer to the location where the action is, to improve response times and save bandwidth.
Apache License 2.0
32 stars 19 forks source link

fix(deps): update dependency com.h2database:h2 to v2.2.220 [security] - autoclosed #249

Closed renovate-bot closed 1 year ago

renovate-bot commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
com.h2database:h2 (source) 2.1.214 -> 2.2.220 age adoption passing confidence

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2022-45868

The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that."

Configuration

πŸ“… Schedule: Branch creation - "" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

dpebot commented 1 year ago

/gcbrun

Shabirmean commented 1 year ago

:zap: Two deployments have been created for the Point-of-Sale application. You may access and test them at: :zap: