Update dependency org.apache.logging.log4j:log4j-core to v2.12.2

scm-automation-project / maven-multi-module-project

GNU Lesser General Public License v2.1

0 stars 3 forks source link

Update dependency org.apache.logging.log4j:log4j-core to v2.12.2 #5

Closed dev-mend-for-github-com[bot] closed 2 years ago

dev-mend-for-github-com[bot] commented 2 years ago

This PR contains the following updates:

Package	Type	Update	Change
org.apache.logging.log4j:log4j-core (source)	runtime	minor	`2.6.2` -> `2.12.2`

By merging this PR, the issue #4 will be automatically resolved and closed:

Severity	CVSS Score	CVE
High	10.0	CVE-2021-44228
High	9.8	CVE-2017-5645
High	9.0	CVE-2021-45046
Low	3.7	CVE-2020-9488

[ ] If you want to rebase/retry this PR, click this checkbox.

dev-mend-for-github-com[bot] commented 2 years ago

Autoclosing Skipped

This PR has been flagged for autoclosing, however it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.