Snyk failed from openapi pom.xml

[Orapan-LP]

Snyk failed from openapi pom.xml

Description

Got Snyk Failed when building a project using openapi and failure details are as follows:

Issues to fix by upgrading:
  Upgrade org.springframework:spring-web@6.0.3 to org.springframework:spring-web@6.0.18 to fix
  ✗ Open Redirect (new) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-6444790] in org.springframework:spring-web@6.0.3
    introduced by org.springframework:spring-web@6.0.3
Organization:      xxx
Package manager:   maven
Target file:       target/generated-sources/openapi/pom.xml
Project name:      org.openapitools:openapi-java-client
Open source:       no
Project path:      /var/lib/buildkite-agent/builds/bk-arts-dev-i-07f36b9a746fc761c/littlepay/service-dot-passes
Licenses:          enabled

openapi-generator version

org.openapitools

    <artifactId>openapi-generator-maven-plugin</artifactId>

6.6.0

I tried upgrading to one of your 7.x but still got the same failure.

OpenAPI declaration file content or url

Command line used for generation

Steps to reproduce

Related issues/PRs

Suggest a fix/enhancement

Snyk suggested to upgrade org.springframework:spring-web@6.0.3 to org.springframework:spring-web@6.0.18

[wing328]

can you try the latest snapshot version (mentioned in project's readme)?

i did update these to newer version recently: https://github.com/OpenAPITools/openapi-generator/pull/18266

[Orapan-LP]

When I specified the version you mentioned in pom.xml

<groupId>org.openapitools</groupId>
<artifactId>openapi-generator-maven-plugin</artifactId>
<version>7.5.0-SNAPSHOT</version>

I got [ERROR] Plugin org.openapitools:openapi-generator-maven-plugin:7.5.0-SNAPSHOT or one of its dependencies could not be resolved: The following artifacts could not be resolved: org.openapitools:openapi-generator-maven-plugin:jar:7.5.0-SNAPSHOT (absent): org.openapitools:openapi-generator-maven-plugin:jar:7.5.0-SNAPSHOT was not found