Closed seancorfield closed 2 years ago
In light of the log4j CVE, I've been running NVD checks against my projects and against some things I depend on. It showed quite a few issues in deps-deploy which are mostly (but not completely) mitigated by bumping the dependencies:
deps-deploy
diff --git a/deps.edn b/deps.edn index f131021..824fd12 100644 --- a/deps.edn +++ b/deps.edn @@ -1,17 +1,17 @@ {:paths ["src"] :deps {org.clojure/clojure {:mvn/version "RELEASE"} clj-commons/pomegranate {:mvn/version "1.2.1"} - s3-wagon-private/s3-wagon-private {:mvn/version "1.3.4"} + s3-wagon-private/s3-wagon-private {:mvn/version "1.3.5"} org.clojure/data.xml {:mvn/version "0.2.0-alpha6"} - org.clojure/tools.deps.alpha {:mvn/version "0.12.1036"} - org.apache.maven/maven-settings {:mvn/version "3.8.2"} - org.apache.maven/maven-settings-builder {:mvn/version "3.8.2"} + org.clojure/tools.deps.alpha {:mvn/version "0.12.1090"} + org.apache.maven/maven-settings {:mvn/version "3.8.4"} + org.apache.maven/maven-settings-builder {:mvn/version "3.8.4"} org.slf4j/slf4j-nop {:mvn/version "RELEASE"} org.sonatype.plexus/plexus-sec-dispatcher {:mvn/version "1.4"}} :aliases {:test {:extra-deps {com.cognitect/test-runner {:git/url "https://github.com/cognitect-labs/test-runner" - :sha "dd6da11611eeb87f08780a30ac8ea6012d4c05ce"}} + :sha "cc75980b43011773162b485f46f939dc5fba91e4"}} :extra-paths ["test"] :exec-fn cognitect.test-runner.api/test}
Those were versions that https://github.com/liquidz/antq identified as outdated.
In light of the log4j CVE, I've been running NVD checks against my projects and against some things I depend on. It showed quite a few issues in
deps-deploy
which are mostly (but not completely) mitigated by bumping the dependencies:Those were versions that https://github.com/liquidz/antq identified as outdated.