[Snyk] Fix for 4 vulnerabilities - Githubissues

navikt / data-catalog-backend

MIT License

2 stars 2 forks source link

[Snyk] Fix for 4 vulnerabilities #100

Open snyk-bot opened 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Upgrade	Breaking Change	Exploit Maturity
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762	`net.logstash.logback:logstash-logback-encoder:` `6.2 -> 6.3`	No	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766	`net.logstash.logback:logstash-logback-encoder:` `6.2 -> 6.3`	No	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362	`net.logstash.logback:logstash-logback-encoder:` `6.2 -> 6.3`	No	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373	`net.logstash.logback:logstash-logback-encoder:` `6.2 -> 6.3`	No	No Known Exploit

Vulnerabilities that could not be fixed

Upgrade:
- Could not upgrade com.fasterxml.jackson.core:jackson-databind@2.9.9.3 to com.fasterxml.jackson.core:jackson-databind@2.10.0; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/repos/central/data/net/logstash/logback/logstash-logback-encoder/6.2/logstash-logback-encoder-6.2.pom

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic