[Snyk] Security upgrade org.springdoc:springdoc-openapi-ui from 1.5.6 to 1.5.8 #102

snyk-bot · 2021-04-27T23:33:34Z

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Directory Traversal SNYK-JAVA-COMMONSIO-1277109	`org.springdoc:springdoc-openapi-ui:` `1.5.6 -> 1.5.8`	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109

* Update dependency org.springframework.security:spring-security-crypto to v5.4.6 (#109) Co-authored-by: Renovate Bot <bot@renovateapp.com> * Update dependency org.jacoco:jacoco-maven-plugin to v0.8.7 (#104) Co-authored-by: Renovate Bot <bot@renovateapp.com> * Update dependency org.sonarsource.scanner.maven:sonar-maven-plugin to v3.9.0.2155 (#103) Co-authored-by: Renovate Bot <bot@renovateapp.com> * fix: pom.xml to reduce vulnerabilities (#102) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109 * Update spring boot to v2.4.5 (#101) Co-authored-by: Renovate Bot <bot@renovateapp.com> * Update cucumber.version to v6.10.4 (#99) Co-authored-by: Renovate Bot <bot@renovateapp.com> * Update dependency org.springdoc:springdoc-openapi-ui to v1.5.8 (#96) Co-authored-by: Renovate Bot <bot@renovateapp.com> * Update actions/setup-java action to v2 (#95) * Update actions/setup-java action to v2 * added distribution key to workflows Co-authored-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: open-schnick <jonathan.burst@gmx.de> * Update dependency org.mockito:mockito-inline to v3.10.0 (#88) Co-authored-by: Renovate Bot <bot@renovateapp.com> * Update dependency org.mockito:mockito-core to v3.10.0 (#87) Co-authored-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Snyk bot <github+bot@snyk.io>

fix: pom.xml to reduce vulnerabilities

70da3c6

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109

open-schnick changed the base branch from master to updateDeps May 17, 2021 08:07

open-schnick merged commit 20f1717 into updateDeps May 17, 2021

open-schnick deleted the snyk-fix-22647f66c9815ce08ef1ecb77b4c254d branch May 17, 2021 08:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Security upgrade org.springdoc:springdoc-openapi-ui from 1.5.6 to 1.5.8 #102

[Snyk] Security upgrade org.springdoc:springdoc-openapi-ui from 1.5.6 to 1.5.8 #102

Uh oh!

snyk-bot commented Apr 27, 2021

Uh oh!

Uh oh!

[Snyk] Security upgrade org.springdoc:springdoc-openapi-ui from 1.5.6 to 1.5.8 #102

[Snyk] Security upgrade org.springdoc:springdoc-openapi-ui from 1.5.6 to 1.5.8 #102

Uh oh!

Conversation

snyk-bot commented Apr 27, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Uh oh!

Uh oh!