Downstream dependency netty contains CVSS 9.1 vulnarability - Githubissues

jenkinsci / leapwork-plugin

Leapwork Integration with Jenkins

https://www.leapwork.com/services/learning-center/integrations

MIT License

0 stars 7 forks source link

Downstream dependency netty contains CVSS 9.1 vulnarability #35

Open FlemmingMertz opened 5 months ago

FlemmingMertz commented 5 months ago

Jenkins and plugins versions report

Environment

```text Paste the output here ```

What Operating System are you using (both controller, and any agents involved in the problem)?

Ubuntu 22 LTS (not that it matters in this regard)

Reproduction steps

Run scan of dependency, in our case Sonarqube.

Expected Results

Plugins passing vulnarability scan

Actual Results

Plugins failing Sonarqube vulnarability scan, with a blocker on netty vulnarability

Anything else?

No response

Are you interested in contributing a fix?

No response

MarkEWaite commented 2 months ago

The report at https://mvnrepository.com/artifact/com.ning/async-http-client says that com.ning.async-http-client has moved to org.asynchttpclient. There is a3.0.0 release of that artifact that was delivered in 2024.