Closed snyk-bot closed 2 years ago
github-actions[bot]
commented
2 years ago 2 files ±0 2 suites ±0 10s :stopwatch: ±0s 2 tests ±0 2 :heavy_check_mark: ±0 0 :zzz: ±0 0 :x: ±0
Results for commit 7d50a1e3. ± Comparison against base commit 0f602c5c.
github-actions[bot]
commented
2 years ago 2 files ±0 2 suites ±0 10s :stopwatch: ±0s 2 tests ±0 2 :heavy_check_mark: ±0 0 :zzz: ±0 0 :x: ±0
Results for commit 05fc56b8. ± Comparison against base commit 8373a2ab.
github-actions[bot]
commented
2 years ago 2 files ±0 2 suites ±0 10s :stopwatch: -2s 2 tests ±0 2 :heavy_check_mark: ±0 0 :zzz: ±0 0 :x: ±0
Results for commit 66a9a5bf. ± Comparison against base commit 8373a2ab.
Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Has a fix available, CVSS 5.5
SNYK-JAVA-COMGOOGLEGUAVA-1015415
com.google.guava:guava:29.0-jre -> 30.0-jreWhy? Has a fix available, CVSS 3.7
SNYK-JAVA-COMMONSCODEC-561518
commons-codec:commons-codec:1.12 -> 1.13Why? Mature exploit, Has a fix available, CVSS 5.3
SNYK-JAVA-COMMONSIO-1277109
commons-io:commons-io:2.6 -> 2.7Why? Has a fix available, CVSS 5.3
SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058
org.apache.httpcomponents:fluent-hc:4.5.9 -> 4.5.13(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic