Skip to content

fix(deps): update dependencies to fix vulnerabilities #283

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mima0815 merged 3 commits into from
Sep 25, 2025
Merged

fix(deps): update dependencies to fix vulnerabilities #283

mima0815 merged 3 commits into from
Sep 25, 2025

Conversation

@mima0815
Copy link
Contributor

@mima0815 mima0815 commented Sep 24, 2025
edited
Loading

Description

  • Update dependencies
  • Bump version
  • Increase jreleaser timeouts

Checklist

Ensure the following things have been met before requesting a review:

  • Follows all project developer guide and coding standards.
  • Tests have been written for the change, when applicable.
  • Confidential information (credentials, auth tokens, etc...) is not included.

@mima0815 mima0815 requested a review from a team as a code owner September 24, 2025 08:31
@mima0815 mima0815 changed the title fix(jreleaser): increase timeouts before jrelease fails fix(jreleaser): increase timeouts before jreleaser fails Sep 25, 2025
@acleary-0
Copy link
Collaborator

acleary-0 commented Sep 25, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Details96bbbdd5-2fbf-40f8-af28-0b647842c763

New Issues (5)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
LOW Unpinned Actions Full Length Commit SHA /pr-checks.yml: 18
detailsPinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help...
ID: nbvde%2Fv4%2BRDlqk5tZp22hg3O428%3D
LOW Unpinned Actions Full Length Commit SHA /codeql-analysis.yml: 32
detailsPinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help...
ID: fRa7hSVmi165a0KbDv%2FtTthoeGE%3D
LOW Unpinned Actions Full Length Commit SHA /codeql-analysis.yml: 37
detailsPinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help...
ID: %2Bjf06qtFq%2FhiwToB0qWaTcnrWUs%3D
LOW Unpinned Actions Full Length Commit SHA /codeql-analysis.yml: 40
detailsPinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help...
ID: hghq8Fs7C%2Bgxpck6NX7jOZnmotE%3D
LOW Unpinned Actions Full Length Commit SHA /fortify.yml: 29
detailsPinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help...
ID: 4ponLjQ9YqM1Tqnjw%2BAGo5j2lcc%3D
Fixed Issues (7)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
HIGH CVE-2023-6378 Maven-ch.qos.logback:logback-core-1.2.11
HIGH CVE-2023-6378 Maven-ch.qos.logback:logback-classic-1.2.11
HIGH CVE-2023-6481 Maven-ch.qos.logback:logback-core-1.2.11
MEDIUM CVE-2023-41329 Maven-com.github.tomakehurst:wiremock-jre8-standalone-2.35.0
MEDIUM CVE-2024-12798 Maven-ch.qos.logback:logback-classic-1.2.11
MEDIUM CVE-2024-12798 Maven-ch.qos.logback:logback-core-1.2.11
LOW CVE-2024-12801 Maven-ch.qos.logback:logback-core-1.2.11

Use @Checkmarx to reach out to us for assistance.

Just send a PR comment with @Checkmarx followed by a natural language request.

Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR

@mima0815 mima0815 force-pushed the fix/jreleaser branch 2 times, most recently from 4d2da2b to 5c15c3a Compare September 25, 2025 11:30
@mima0815 mima0815 changed the title fix(jreleaser): increase timeouts before jreleaser fails fix(deps): update dependencies Sep 25, 2025
@mima0815 mima0815 changed the title fix(deps): update dependencies fix(deps): update dependencies to fix vulnerabilities Sep 25, 2025
@mima0815 mima0815 merged commit 4e3aa09 into main Sep 25, 2025
17 checks passed
@mima0815 mima0815 deleted the fix/jreleaser branch September 25, 2025 12:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eschmidtfds eschmidtfds eschmidtfds approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mima0815 @acleary-0 @eschmidtfds