search

Knotx / knotx-stack

Stack is a way of distributing fully functional bootstrap project for Knot.x-based solutions
https://knotx.io
Apache License 2.0
2 stars 8 forks source link

Upgrade Gradle to 7.6.3 #142

Closed tomaszmichalak closed 7 months ago

tomaszmichalak commented 8 months ago

Upgrade Gradle to 7.6.3.

Description

Distribution with openjdk 11 and Vert.x 3.9.16.

Motivation and Context

Fix multiple vulnerabilities: com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty.http2:http2-common:9.4.43.v20210629 which has 1 vulnerabilities => [CVE-2023-44487] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (see https://ossindex.sonatype.org/vuln/CVE-2023-44487) io.vertx:vertx-config:3.9.8 introduces com.fasterxml.jackson.core:jackson-databind:2.12.4 which has 4 vulnerabilities => [CVE-2020-36518] CWE-787: Out-of-bounds Write (see https://ossindex.sonatype.org/vuln/CVE-2020-36518) => [CVE-2022-42003] CWE-502: Deserialization of Untrusted Data (see https://ossindex.sonatype.org/vuln/CVE-2022-42003) => [CVE-2022-42004] CWE-502: Deserialization of Untrusted Data (see https://ossindex.sonatype.org/vuln/CVE-2022-42004) => [CVE-2021-46877] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (see https://ossindex.sonatype.org/vuln/CVE-2021-46877) com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty:jetty-http:9.4.43.v20210629 which has 3 vulnerabilities => [CVE-2022-2047] CWE-20: Improper Input Validation (see https://ossindex.sonatype.org/vuln/CVE-2022-2047) => [CVE-2023-26048] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (see https://ossindex.sonatype.org/vuln/CVE-2023-26048) => [CVE-2023-40167] CWE-130: Improper Handling of Length Parameter Inconsistency (see https://ossindex.sonatype.org/vuln/CVE-2023-40167) com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty:jetty-servlets:9.4.43.v20210629 which has 1 vulnerabilities => [CVE-2023-36479] CWE-149: Improper Neutralization of Quoting Syntax (see https://ossindex.sonatype.org/vuln/CVE-2023-36479) io.vertx:vertx-config:3.9.8 introduces io.vertx:vertx-core:3.9.8 which has 1 vulnerabilities => [CVE-2023-4586] CWE-20: Improper Input Validation (see https://ossindex.sonatype.org/vuln/CVE-2023-4586) com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty:jetty-client:9.4.43.v20210629 which has 1 vulnerabilities => [CVE-2022-2047] CWE-20: Improper Input Validation (see https://ossindex.sonatype.org/vuln/CVE-2022-2047) com.github.tomakehurst:wiremock-jre8:2.30.1 introduces net.minidev:json-smart:2.4.7 which has 1 vulnerabilities => [CVE-2023-1370] CWE-674: Uncontrolled Recursion (see https://ossindex.sonatype.org/vuln/CVE-2023-1370) com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty:jetty-server:9.4.43.v20210629 which has 3 vulnerabilities => [CVE-2022-2047] CWE-20: Improper Input Validation (see https://ossindex.sonatype.org/vuln/CVE-2022-2047) => [CVE-2023-26048] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (see https://ossindex.sonatype.org/vuln/CVE-2023-26048) => [CVE-2023-26049] CWE-200: Information Exposure (see https://ossindex.sonatype.org/vuln/CVE-2023-26049) com.github.tomakehurst:wiremock-jre8:2.30.1 introduces com.jayway.jsonpath:json-path:2.6.0 which has 1 vulnerabilities => [CVE-2023-51074] CWE-Other (see https://ossindex.sonatype.org/vuln/CVE-2023-51074) org.jsoup:jsoup:1.14.2 introduces org.jsoup:jsoup:1.14.2 which has 1 vulnerabilities => [CVE-2022-36033] CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (see https://ossindex.sonatype.org/vuln/CVE-2022-36033) com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty:jetty-proxy:9.4.43.v20210629 which has 1 vulnerabilities => [CVE-2022-2047] CWE-20: Improper Input Validation (see https://ossindex.sonatype.org/vuln/CVE-2022-2047) io.knotx:knotx-launcher:2.3.2-SNAPSHOT introduces com.google.guava:guava:30.1.1-jre which has 2 vulnerabilities => [CVE-2023-2976] CWE-552: Files or Directories Accessible to External Parties (see https://ossindex.sonatype.org/vuln/CVE-2023-2976) => [CVE-2020-8908] CWE-379: Creation of Temporary File in Directory with Incorrect Permissions (see https://ossindex.sonatype.org/vuln/CVE-2020-8908) com.github.tomakehurst:wiremock-jre8:2.30.1 introduces commons-fileupload:commons-fileupload:1.4 which has 1 vulnerabilities => [CVE-2023-24998] CWE-770: Allocation of Resources Without Limits or Throttling (see https://ossindex.sonatype.org/vuln/CVE-2023-24998) io.knotx:knotx-launcher:2.3.2-SNAPSHOT introduces ch.qos.logback:logback-classic:1.2.3 which has 2 vulnerabilities => [CVE-2023-6378] CWE-502: Deserialization of Untrusted Data (see https://ossindex.sonatype.org/vuln/CVE-2023-6378) => [CVE-2021-42550] CWE-502: Deserialization of Untrusted Data (see https://ossindex.sonatype.org/vuln/CVE-2021-42550) com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty:jetty-util:9.4.43.v20210629 which has 1 vulnerabilities => [CVE-2023-26048] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (see https://ossindex.sonatype.org/vuln/CVE-2023-26048) com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty.http2:http2-server:9.4.43.v20210629 which has 1 vulnerabilities => [CVE-2022-2048] CWE-Other (see https://ossindex.sonatype.org/vuln/CVE-2022-2048) io.knotx:knotx-launcher:2.3.2-SNAPSHOT introduces ch.qos.logback:logback-core:1.2.3 which has 2 vulnerabilities => [CVE-2023-6378] CWE-502: Deserialization of Untrusted Data (see https://ossindex.sonatype.org/vuln/CVE-2023-6378) => [CVE-2021-42550] CWE-502: Deserialization of Untrusted Data (see https://ossindex.sonatype.org/vuln/CVE-2021-42550)

Screenshots (if appropriate)

Upgrade notes (if appropriate)

Types of changes

Checklist:

I hereby agree to the terms of the Knot.x Contributor License Agreement.