search

carbynestack / castor

Carbyne Stack tuple store for secure multiparty computation
https://carbynestack.io
Apache License 2.0
7 stars 4 forks source link

[Snyk] Security upgrade com.fasterxml.jackson.core:jackson-databind from 2.12.6 to 2.12.7.1 #42

Closed strieflin closed 1 year ago

strieflin commented 2 years ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - castor-common/pom.xml #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **712/1000**
**Why?** Currently trending on Twitter, Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.9 | Denial of Service (DoS)
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426) | `com.fasterxml.jackson.core:jackson-databind:`
`2.12.6 -> 2.12.7.1`
| No | Proof of Concept (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/carbyne-stack/project/29a60cbe-0848-418b-9bbf-4a75703081b4?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/carbyne-stack/project/29a60cbe-0848-418b-9bbf-4a75703081b4?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"4939adb4-c9dc-46d0-9542-ae283d5d6449","prPublicId":"4939adb4-c9dc-46d0-9542-ae283d5d6449","dependencies":[{"name":"com.fasterxml.jackson.core:jackson-databind","from":"2.12.6","to":"2.12.7.1"}],"packageManager":"maven","projectPublicId":"29a60cbe-0848-418b-9bbf-4a75703081b4","projectUrl":"https://app.snyk.io/org/carbyne-stack/project/29a60cbe-0848-418b-9bbf-4a75703081b4?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426"],"upgrade":["SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[712]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Denial of Service (DoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr)
codecov[bot] commented 2 years ago

Codecov Report

Merging #42 (443a2d3) into master (79c4e23) will not change coverage. The diff coverage is n/a.

Additional details and impacted files [![Impacted file tree graph](https://codecov.io/gh/carbynestack/castor/pull/42/graphs/tree.svg?width=650&height=150&src=pr&token=JWqyS02Uok&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=carbynestack)](https://codecov.io/gh/carbynestack/castor/pull/42?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=carbynestack) ```diff @@ Coverage Diff @@ ## master #42 +/- ## ========================================= Coverage 85.88% 85.88% Complexity 349 349 ========================================= Files 61 61 Lines 1275 1275 Branches 81 81 ========================================= Hits 1095 1095 Misses 144 144 Partials 36 36 ``` ------ [Continue to review full report at Codecov](https://codecov.io/gh/carbynestack/castor/pull/42?src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=carbynestack). > **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=carbynestack) > `Δ = absolute (impact)`, `ø = not affected`, `? = missing data` > Powered by [Codecov](https://codecov.io/gh/carbynestack/castor/pull/42?src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=carbynestack). Last update [79c4e23...443a2d3](https://codecov.io/gh/carbynestack/castor/pull/42?src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=carbynestack). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=carbynestack).
sbckr commented 1 year ago

Superseded by #47