tsaekao / verademo-java

The Veracode demo application. A simple Java Web App built using Spring MVC.
0 stars 0 forks source link

Veracode SCA: fixes for vulnerable libraries #64

Closed tsaekao closed 5 months ago

tsaekao commented 8 months ago

This pull request was generated by Veracode SCA to upgrade the following vulnerable libraries:

Type Library From To Breaking
MAVEN org.springframework:spring-web 3.2.15.RELEASE 6.0.18 No
MAVEN org.springframework:spring-core 3.2.15.RELEASE 5.2.18.RELEASE No
MAVEN commons-fileupload:commons-fileupload 1.3.2 1.5 No
MAVEN org.springframework:spring-webmvc 3.2.15.RELEASE 4.3.20.RELEASE No
MAVEN org.springframework:spring-context 3.2.15.RELEASE 5.2.21.RELEASE Yes
MAVEN com.fasterxml.jackson.core:jackson-databind 2.4.2 2.13.4.1 No
MAVEN com.fasterxml.jackson.core:jackson-core 2.4.2 2.8.6 No
MAVEN mysql:mysql-connector-java 5.1.35 8.0.28 Yes

Note that we only upgrade libraries which have versions without any known vulnerabilities. For more information, please see the corresponding Veracode SCA report.

The Breaking column states the likelihood that updating to the recommended library version will cause breaking changes in your code. Please verify that the changes here won't cause issues with your project before merging.

To learn more about this feature, please visit our Help Center for documentation.

Note: this pull request was generated because you or someone else with access to this repository granted Veracode SCA access to submit pull requests.

github-actions[bot] commented 8 months ago



Veracode SCA Scan finished with exit code: 0. Please review created and linked issues

tsaekao commented 5 months ago

Breaking updates are too risky.