[Snyk] Security upgrade org.apache.maven:maven-core from 3.8.2 to 3.9.2 - Githubissues

refactorfirst / RefactorFirst

Identifies and prioritizes God Classes Highly Coupled classes, and Class Cycles in Java codebases you should refactor first.

Apache License 2.0

457 stars 42 forks source link

[Snyk] Security upgrade org.apache.maven:maven-core from 3.8.2 to 3.9.2 #57

Closed snyk-bot closed 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
	651/1000 Why? Mature exploit, Has a fix available, CVSS 5.3	Directory Traversal SNYK-JAVA-COMMONSIO-1277109	`org.apache.maven:maven-core:` `3.8.2 -> 3.9.2`	No	Mature

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal

ghost commented 1 year ago

👇 Click on the image for a new way to code review

#### [![Review these changes using an interactive CodeSee Map](https://s3.us-east-2.amazonaws.com/maps.codesee.io/images/github/jimbethancourt/RefactorFirst/57/c77c0ea4/3b14430b3bed5e29cd9fd6d9241145da7bf3c6a4.svg)](https://app.codesee.io/r/reviews?pr=57&src=https%3A%2F%2Fgithub.com%2Fjimbethancourt%2FRefactorFirst) #### Legend CodeSee Map legend

CodeSee Map legend