update pom.xml to address cve CVE-2024-25710, CVE-2024-26308 and CVE-2023-5072

cch0 commented 3 months ago

A few CVEs were found from the Trivy scan result and this PR intends to upgrade the library version for the following libraries

org.apache.commons:commons-compress

Found CVEs
- CVE-2024-25710
- CVE-2024-26308
Fixed version: 1.26.0

org.json:json

Found CVEs
- CVE-2023-5072
Fixed version: 20231013

cch0 commented 3 months ago

@sangkeon would you be able to take a look? thank you.

sangkeon commented 3 months ago

Sorry for the late reply.

I'll check it.

2024년 4월 9일 (화) 오전 7:33, Chih-Chieh @.***>님이 작성:

@sangkeon https://github.com/sangkeon would you be able to take a look? thank you.

— Reply to this email directly, view it on GitHub https://github.com/sangkeon/java-opa-wasm/pull/12#issuecomment-2043749260, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABEKGOD7KXTJT2Y4P6MC6Q3Y4MLMZAVCNFSM6AAAAABFT44OEOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANBTG42DSMRWGA . You are receiving this because you were mentioned.Message ID: @.***>

sangkeon / java-opa-wasm

update pom.xml to address cve CVE-2024-25710, CVE-2024-26308 and CVE-2023-5072 #12