[Snyk] Security upgrade com.fasterxml.jackson.core:jackson-databind from 2.10.3 to 2.10.5.1

kakawait / cas-security-spring-boot-starter

Spring boot starter for Apereo CAS client fully integrated with Spring security

MIT License

153 stars 45 forks source link

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- cas-security-spring-boot-sample/pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
	696/1000 Why? Recently disclosed, Has a fix available, CVSS 8.2	Improper Restriction of XML External Entity Reference SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302	`com.fasterxml.jackson.core:jackson-databind:` `2.10.3 -> 2.10.5.1`	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

Codecov Report

Merging #151 (f80976e) into master (682642b) will not change coverage. The diff coverage is n/a.

@@ Coverage Diff @@ ## master #151 +/- ## ========================================= Coverage 83.36% 83.36% Complexity 122 122 ========================================= Files 23 23 Lines 625 625 Branches 78 78 ========================================= Hits 521 521 Misses 79 79 Partials 25 25

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 682642b...f80976e. Read the comment docs.

kakawait / cas-security-spring-boot-starter