search

arnaudroger / SimpleFlatMapper

Fast and Easy mapping from database and csv to POJO. A java micro ORM, lightweight alternative to iBatis and Hibernate. Fast Csv Parser and Csv Mapper
http://simpleflatmapper.org
MIT License
435 stars 76 forks source link

[Snyk] Fix for 2 vulnerabilities #822

Open arnaudroger opened 4 months ago

arnaudroger commented 4 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - sfm-test-kotlin/pom.xml #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Information Exposure
[SNYK-JAVA-COMH2DATABASE-3146851](https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-3146851) | `com.h2database:h2:`
`1.4.198 -> 2.2.220`
| Yes | Proof of Concept ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png "low severity") | **486/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 3.3 | Information Exposure
[SNYK-JAVA-ORGJETBRAINSKOTLIN-2393744](https://snyk.io/vuln/SNYK-JAVA-ORGJETBRAINSKOTLIN-2393744) | `org.jetbrains.kotlin:kotlin-reflect:`
`1.2.21 -> 1.9.23`
| No | Proof of Concept (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/arnaudroger/project/c9727faa-948b-40bc-a6a8-7f2bed0930af?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/arnaudroger/project/c9727faa-948b-40bc-a6a8-7f2bed0930af?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"77e706db-84d6-4786-a544-fb28122c69a5","prPublicId":"77e706db-84d6-4786-a544-fb28122c69a5","dependencies":[{"name":"com.h2database:h2","from":"1.4.198","to":"2.2.220"},{"name":"org.jetbrains.kotlin:kotlin-reflect","from":"1.2.21","to":"1.9.23"}],"packageManager":"maven","projectPublicId":"c9727faa-948b-40bc-a6a8-7f2bed0930af","projectUrl":"https://app.snyk.io/org/arnaudroger/project/c9727faa-948b-40bc-a6a8-7f2bed0930af?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JAVA-COMH2DATABASE-3146851","SNYK-JAVA-ORGJETBRAINSKOTLIN-2393744"],"upgrade":["SNYK-JAVA-COMH2DATABASE-3146851","SNYK-JAVA-ORGJETBRAINSKOTLIN-2393744"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[586,486],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Information Exposure](https://learn.snyk.io/lesson/insecure-temporary-file/?loc=fix-pr)