Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge "scylla-apiclient: update several Java dependencies" from Piotr…
… Grabowski This PR updates several dependencies which were flagged by security scanners. In particular: 1. Jackson dependencies: com.fasterxml.jackson.core:jackson-databind used in the project was vulnerable to CVE-2022-42003 and CVE-2022-42004 ("HIGH" severity) 2. snakeyaml dependency: org.yaml:snakeyaml used in the project was vulnerable to CVE-2022-1471 ("CRITICAL" severity), CVE-2022-25857, CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-38752, CVE-2022-41854 3. Guava dependency: com.google.guava used in the project was vulnerable to CVE-2023-2976 ("HIGH" severity) and CVE-2020-8908 Please note that at the moment there is no reason to believe that those dependency issues could have affected scylla-jmx itself. This version of JMX was successfully tested through ScyllaDB CI: scylladb/scylladb#15783 (comment) Fixes #221 Fixes #222 Fixes #223 Closes: #220 * github.com:scylladb/scylla-jmx: scylla-apiclient: update Guava dependency scylla-apiclient: update snakeyaml dependency scylla-apiclient: update Jackson dependencies (cherry picked from commit 05bb7b6)
- Loading branch information