Fix multiple vulnerabilities:
com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty.http2:http2-common:9.4.43.v20210629 which has 1 vulnerabilities
=> [CVE-2023-44487] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (see https://ossindex.sonatype.org/vuln/CVE-2023-44487)
io.vertx:vertx-config:3.9.8 introduces com.fasterxml.jackson.core:jackson-databind:2.12.4 which has 4 vulnerabilities
=> [CVE-2020-36518] CWE-787: Out-of-bounds Write (see https://ossindex.sonatype.org/vuln/CVE-2020-36518)
=> [CVE-2022-42003] CWE-502: Deserialization of Untrusted Data (see https://ossindex.sonatype.org/vuln/CVE-2022-42003)
=> [CVE-2022-42004] CWE-502: Deserialization of Untrusted Data (see https://ossindex.sonatype.org/vuln/CVE-2022-42004)
=> [CVE-2021-46877] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (see https://ossindex.sonatype.org/vuln/CVE-2021-46877)
com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty:jetty-http:9.4.43.v20210629 which has 3 vulnerabilities
=> [CVE-2022-2047] CWE-20: Improper Input Validation (see https://ossindex.sonatype.org/vuln/CVE-2022-2047)
=> [CVE-2023-26048] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (see https://ossindex.sonatype.org/vuln/CVE-2023-26048)
=> [CVE-2023-40167] CWE-130: Improper Handling of Length Parameter Inconsistency (see https://ossindex.sonatype.org/vuln/CVE-2023-40167)
com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty:jetty-servlets:9.4.43.v20210629 which has 1 vulnerabilities
=> [CVE-2023-36479] CWE-149: Improper Neutralization of Quoting Syntax (see https://ossindex.sonatype.org/vuln/CVE-2023-36479)
io.vertx:vertx-config:3.9.8 introduces io.vertx:vertx-core:3.9.8 which has 1 vulnerabilities
=> [CVE-2023-4586] CWE-20: Improper Input Validation (see https://ossindex.sonatype.org/vuln/CVE-2023-4586)
com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty:jetty-client:9.4.43.v20210629 which has 1 vulnerabilities
=> [CVE-2022-2047] CWE-20: Improper Input Validation (see https://ossindex.sonatype.org/vuln/CVE-2022-2047)
com.github.tomakehurst:wiremock-jre8:2.30.1 introduces net.minidev:json-smart:2.4.7 which has 1 vulnerabilities
=> [CVE-2023-1370] CWE-674: Uncontrolled Recursion (see https://ossindex.sonatype.org/vuln/CVE-2023-1370)
com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty:jetty-server:9.4.43.v20210629 which has 3 vulnerabilities
=> [CVE-2022-2047] CWE-20: Improper Input Validation (see https://ossindex.sonatype.org/vuln/CVE-2022-2047)
=> [CVE-2023-26048] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (see https://ossindex.sonatype.org/vuln/CVE-2023-26048)
=> [CVE-2023-26049] CWE-200: Information Exposure (see https://ossindex.sonatype.org/vuln/CVE-2023-26049)
com.github.tomakehurst:wiremock-jre8:2.30.1 introduces com.jayway.jsonpath:json-path:2.6.0 which has 1 vulnerabilities
=> [CVE-2023-51074] CWE-Other (see https://ossindex.sonatype.org/vuln/CVE-2023-51074)
org.jsoup:jsoup:1.14.2 introduces org.jsoup:jsoup:1.14.2 which has 1 vulnerabilities
=> [CVE-2022-36033] CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (see https://ossindex.sonatype.org/vuln/CVE-2022-36033)
com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty:jetty-proxy:9.4.43.v20210629 which has 1 vulnerabilities
=> [CVE-2022-2047] CWE-20: Improper Input Validation (see https://ossindex.sonatype.org/vuln/CVE-2022-2047)
io.knotx:knotx-launcher:2.3.2-SNAPSHOT introduces com.google.guava:guava:30.1.1-jre which has 2 vulnerabilities
=> [CVE-2023-2976] CWE-552: Files or Directories Accessible to External Parties (see https://ossindex.sonatype.org/vuln/CVE-2023-2976)
=> [CVE-2020-8908] CWE-379: Creation of Temporary File in Directory with Incorrect Permissions (see https://ossindex.sonatype.org/vuln/CVE-2020-8908)
com.github.tomakehurst:wiremock-jre8:2.30.1 introduces commons-fileupload:commons-fileupload:1.4 which has 1 vulnerabilities
=> [CVE-2023-24998] CWE-770: Allocation of Resources Without Limits or Throttling (see https://ossindex.sonatype.org/vuln/CVE-2023-24998)
io.knotx:knotx-launcher:2.3.2-SNAPSHOT introduces ch.qos.logback:logback-classic:1.2.3 which has 2 vulnerabilities
=> [CVE-2023-6378] CWE-502: Deserialization of Untrusted Data (see https://ossindex.sonatype.org/vuln/CVE-2023-6378)
=> [CVE-2021-42550] CWE-502: Deserialization of Untrusted Data (see https://ossindex.sonatype.org/vuln/CVE-2021-42550)
com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty:jetty-util:9.4.43.v20210629 which has 1 vulnerabilities
=> [CVE-2023-26048] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (see https://ossindex.sonatype.org/vuln/CVE-2023-26048)
com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty.http2:http2-server:9.4.43.v20210629 which has 1 vulnerabilities
=> [CVE-2022-2048] CWE-Other (see https://ossindex.sonatype.org/vuln/CVE-2022-2048)
io.knotx:knotx-launcher:2.3.2-SNAPSHOT introduces ch.qos.logback:logback-core:1.2.3 which has 2 vulnerabilities
=> [CVE-2023-6378] CWE-502: Deserialization of Untrusted Data (see https://ossindex.sonatype.org/vuln/CVE-2023-6378)
=> [CVE-2021-42550] CWE-502: Deserialization of Untrusted Data (see https://ossindex.sonatype.org/vuln/CVE-2021-42550)
Screenshots (if appropriate)
Upgrade notes (if appropriate)
Types of changes
[ ] Bug fix (non-breaking change which fixes an issue)
[ ] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
Upgrade Gradle to 7.6.3.
Description
Distribution with openjdk 11 and Vert.x 3.9.16.
Motivation and Context
Fix multiple vulnerabilities: com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty.http2:http2-common:9.4.43.v20210629 which has 1 vulnerabilities => [CVE-2023-44487] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (see https://ossindex.sonatype.org/vuln/CVE-2023-44487) io.vertx:vertx-config:3.9.8 introduces com.fasterxml.jackson.core:jackson-databind:2.12.4 which has 4 vulnerabilities => [CVE-2020-36518] CWE-787: Out-of-bounds Write (see https://ossindex.sonatype.org/vuln/CVE-2020-36518) => [CVE-2022-42003] CWE-502: Deserialization of Untrusted Data (see https://ossindex.sonatype.org/vuln/CVE-2022-42003) => [CVE-2022-42004] CWE-502: Deserialization of Untrusted Data (see https://ossindex.sonatype.org/vuln/CVE-2022-42004) => [CVE-2021-46877] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (see https://ossindex.sonatype.org/vuln/CVE-2021-46877) com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty:jetty-http:9.4.43.v20210629 which has 3 vulnerabilities => [CVE-2022-2047] CWE-20: Improper Input Validation (see https://ossindex.sonatype.org/vuln/CVE-2022-2047) => [CVE-2023-26048] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (see https://ossindex.sonatype.org/vuln/CVE-2023-26048) => [CVE-2023-40167] CWE-130: Improper Handling of Length Parameter Inconsistency (see https://ossindex.sonatype.org/vuln/CVE-2023-40167) com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty:jetty-servlets:9.4.43.v20210629 which has 1 vulnerabilities => [CVE-2023-36479] CWE-149: Improper Neutralization of Quoting Syntax (see https://ossindex.sonatype.org/vuln/CVE-2023-36479) io.vertx:vertx-config:3.9.8 introduces io.vertx:vertx-core:3.9.8 which has 1 vulnerabilities => [CVE-2023-4586] CWE-20: Improper Input Validation (see https://ossindex.sonatype.org/vuln/CVE-2023-4586) com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty:jetty-client:9.4.43.v20210629 which has 1 vulnerabilities => [CVE-2022-2047] CWE-20: Improper Input Validation (see https://ossindex.sonatype.org/vuln/CVE-2022-2047) com.github.tomakehurst:wiremock-jre8:2.30.1 introduces net.minidev:json-smart:2.4.7 which has 1 vulnerabilities => [CVE-2023-1370] CWE-674: Uncontrolled Recursion (see https://ossindex.sonatype.org/vuln/CVE-2023-1370) com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty:jetty-server:9.4.43.v20210629 which has 3 vulnerabilities => [CVE-2022-2047] CWE-20: Improper Input Validation (see https://ossindex.sonatype.org/vuln/CVE-2022-2047) => [CVE-2023-26048] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (see https://ossindex.sonatype.org/vuln/CVE-2023-26048) => [CVE-2023-26049] CWE-200: Information Exposure (see https://ossindex.sonatype.org/vuln/CVE-2023-26049) com.github.tomakehurst:wiremock-jre8:2.30.1 introduces com.jayway.jsonpath:json-path:2.6.0 which has 1 vulnerabilities => [CVE-2023-51074] CWE-Other (see https://ossindex.sonatype.org/vuln/CVE-2023-51074) org.jsoup:jsoup:1.14.2 introduces org.jsoup:jsoup:1.14.2 which has 1 vulnerabilities => [CVE-2022-36033] CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (see https://ossindex.sonatype.org/vuln/CVE-2022-36033) com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty:jetty-proxy:9.4.43.v20210629 which has 1 vulnerabilities => [CVE-2022-2047] CWE-20: Improper Input Validation (see https://ossindex.sonatype.org/vuln/CVE-2022-2047) io.knotx:knotx-launcher:2.3.2-SNAPSHOT introduces com.google.guava:guava:30.1.1-jre which has 2 vulnerabilities => [CVE-2023-2976] CWE-552: Files or Directories Accessible to External Parties (see https://ossindex.sonatype.org/vuln/CVE-2023-2976) => [CVE-2020-8908] CWE-379: Creation of Temporary File in Directory with Incorrect Permissions (see https://ossindex.sonatype.org/vuln/CVE-2020-8908) com.github.tomakehurst:wiremock-jre8:2.30.1 introduces commons-fileupload:commons-fileupload:1.4 which has 1 vulnerabilities => [CVE-2023-24998] CWE-770: Allocation of Resources Without Limits or Throttling (see https://ossindex.sonatype.org/vuln/CVE-2023-24998) io.knotx:knotx-launcher:2.3.2-SNAPSHOT introduces ch.qos.logback:logback-classic:1.2.3 which has 2 vulnerabilities => [CVE-2023-6378] CWE-502: Deserialization of Untrusted Data (see https://ossindex.sonatype.org/vuln/CVE-2023-6378) => [CVE-2021-42550] CWE-502: Deserialization of Untrusted Data (see https://ossindex.sonatype.org/vuln/CVE-2021-42550) com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty:jetty-util:9.4.43.v20210629 which has 1 vulnerabilities => [CVE-2023-26048] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') (see https://ossindex.sonatype.org/vuln/CVE-2023-26048) com.github.tomakehurst:wiremock-jre8:2.30.1 introduces org.eclipse.jetty.http2:http2-server:9.4.43.v20210629 which has 1 vulnerabilities => [CVE-2022-2048] CWE-Other (see https://ossindex.sonatype.org/vuln/CVE-2022-2048) io.knotx:knotx-launcher:2.3.2-SNAPSHOT introduces ch.qos.logback:logback-core:1.2.3 which has 2 vulnerabilities => [CVE-2023-6378] CWE-502: Deserialization of Untrusted Data (see https://ossindex.sonatype.org/vuln/CVE-2023-6378) => [CVE-2021-42550] CWE-502: Deserialization of Untrusted Data (see https://ossindex.sonatype.org/vuln/CVE-2021-42550)
Screenshots (if appropriate)
Upgrade notes (if appropriate)
Types of changes
Checklist:
I hereby agree to the terms of the Knot.x Contributor License Agreement.