search

pentaho / pentaho-platform

Pentaho BA Server Core
http://www.pentaho.com
Other
473 stars 723 forks source link

[Snyk] Security upgrade org.springframework.security:spring-security-crypto from 5.8.12 to 5.8.16 #5790

Open smaring opened 1 week ago

smaring commented 1 week ago

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

Issue Score Upgrade
medium severity Authorization Bypass
SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-8399273		   104   org.springframework.security:spring-security-crypto:
5.8.12 -> 5.8.16
No Known Exploit

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report πŸ“œ Customise PR templates πŸ›  Adjust project settings πŸ“š Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

πŸ¦‰ Learn about vulnerability in an interactive lesson of Snyk Learn.

hitachivantarasonarqube[bot] commented 1 week ago

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

buildguy commented 1 week ago
[![πŸ‘ Frogbot scanned this pull request and did not find any new security issues.](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/noVulnerabilityBannerPR.png)](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)
Note: ---
**Frogbot** also supports **Contextual Analysis, Secret Detection, IaC and SAST Vulnerabilities Scanning**. This features are included as part of the [JFrog Advanced Security](https://jfrog.com/advanced-security) package, which isn't enabled on your system.
[🐸 JFrog Frogbot](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)
buildguy commented 1 week ago

:white_check_mark: Build finished in 20m 16s

Build command:

mvn clean verify -B -e -Daudit -Djs.no.sandbox -pl extensions

:ok_hand: All tests passed!

Tests run: 1564, Failures: 0, Skipped: 5    Test Results

:information_source: This is an automatic message