Skip to content

Remove vulnerabilities #321

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 28, 2025
Merged

Remove vulnerabilities #321

merged 1 commit into from
Aug 28, 2025
+12 −0

Conversation

@san-zrl
Copy link
Contributor

@san-zrl san-zrl commented Aug 27, 2025

Dependabot reported vulnerabilities from transitive dependencies

  • org.apache.tomcat.embed:tomcat-embed-core 9.0.106 update to 9.0.108
  • ch.qos.logback:logback-classic 1.2.9 update first to 1.2.13, then to to 1.3.15

The general strategy to fix these problems in either to exclude the offending packages (if they are unnecessary) or to explicitly upgrade them to the required version.

This PR

  • Excludes org.apache.tomcat.embed:* since we don't need any tomact.embed packages
  • Explicitly bumps ch.qos.logback:logback-classic to 1.3.15

@san-zrl
Remove vulerabilities
fb4ac25 
Signed-off-by: san-zrl <san@zurich.ibm.com>
@san-zrl san-zrl requested review from a team and n1ckl0sk0rtge and removed request for n1ckl0sk0rtge August 27, 2025 12:27
@san-zrl san-zrl merged commit e086a4b into main Aug 28, 2025
3 checks passed
@san-zrl san-zrl deleted the chore/manage-vulnerabilities branch August 28, 2025 10:12
@san-zrl san-zrl restored the chore/manage-vulnerabilities branch August 28, 2025 10:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@san-zrl