Closed xuqiu closed 5 months ago
It may be advisable to upgrade apollo-client to version 2.1.0, as the transitive gson version has been updated to 2.8.9 since the release of version 2.0.1. However, it's important to note that, beginning with the 2.0.0 release, apollo-client has ceased support for Java 1.7, constituting a significant change.
got it, working on it
upgraded apollo-client to version 2.1.0, gson gone up to 2.8.9 as well.
All modified lines are covered by tests :white_check_mark:
Comparison is base (
7e7f751
) 72.07% compared to head (ac5ed03
) 72.00%. Report is 6 commits behind head on master.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
修复由小程序云代码扫描报出的漏洞: 危害等级:高危 漏洞类型:反序列化漏洞 漏洞子类型:MPS-2022-12287_com.google.code.gson_gson 漏洞编号: MPS-2022-12287 CVE-2022-25647 漏洞状态: 漏洞提交 首次发现时间:2023-07-21 13:39:52 最近发现时间:2023-08-08 16:02:39 漏洞基因编码:b953014247a1a4716f6d56e1f7e51ad3 漏洞源文件:http://github.com/sofastack/sofa-rpc/blob/master/config/config-apollo/pom.xml 详细内容: { 间接依赖的组件是:
间接依赖链路如下: com.ctrip.framework.apollo:apollo-client:1.4.0->com.google.code.gson:gson:2.8.0
对应的修复版本为:
}