Skip to content

[Snyk] Upgrade: ant:ant, cglib:cglib-nodep, com.thoughtworks.xstream:xstream, org.apache.commons:commons-exec, org.springframework.boot:spring-boot-starter-validation, org.projectlombok:lombok#74

Open
dstecholution wants to merge 1 commit intodevelopfrom
snyk-upgrade-c3e81860299e21d58aad7ca821587bc3
Open

Conversation

@dstecholution
Copy link
Copy Markdown
Owner

@dstecholution dstecholution commented Sep 8, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

ant:ant
from 1.6.5 to 1.7.0 | 1 version ahead of your current version | 17 years ago
on 2008-01-21
cglib:cglib-nodep
from 2.2 to 2.2.2 | 1 version ahead of your current version | 13 years ago
on 2011-05-10
com.thoughtworks.xstream:xstream
from 1.4.5 to 1.4.20 | 22 versions ahead of your current version | 2 years ago
on 2022-12-23
org.apache.commons:commons-exec
from 1.3 to 1.4.0 | 1 version ahead of your current version | 8 months ago
on 2024-01-01
org.springframework.boot:spring-boot-starter-validation
from 2.6.1 to 2.7.18 | 33 versions ahead of your current version | 10 months ago
on 2023-11-23
org.projectlombok:lombok
from 1.18.22 to 1.18.34 | 6 versions ahead of your current version | 2 months ago
on 2024-06-28

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458		 591 Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177		 591 Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178		 591 Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179		 591 Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180		 591 Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181		 591 Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182		 591 Proof of Concept
high severity Remote Code Execution (RCE)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183		 591 Mature
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185		 591 Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186		 591 Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187		 591 Proof of Concept
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337		 591 Proof of Concept
high severity Arbitrary Code Execution
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176		 591 Proof of Concept
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190		 591 Proof of Concept
high severity Server-Side Request Forgery (SSRF)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191		 591 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-2388977		 591 No Known Exploit
high severity XML External Entity (XXE) Injection
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-30385		 591 No Known Exploit
high severity Denial of Service (DoS)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-31394		 591 No Known Exploit
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331		 591 Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332		 591 Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333		 591 Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334		 591 Proof of Concept
medium severity Arbitrary File Deletion
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966		 591 Proof of Concept
medium severity Server-Side Request Forgery (SSRF)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967		 591 Mature
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328		 591 Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329		 591 Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330		 591 Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335		 591 Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336		 591 Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338		 591 Proof of Concept
medium severity Deserialization of Untrusted Data
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1294540		 591 Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569189		 591 Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3091180		 591 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3182897		 591 Proof of Concept
medium severity Insecure XML deserialization
SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-460764		 591 Mature

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade multiple dependencies with Snyk
1ae046d 
Snyk has created this PR to upgrade:
  - ant:ant from 1.6.5 to 1.7.0.
    See this package in maven: https://mvnrepository.com/artifact/ant/ant/
  - cglib:cglib-nodep from 2.2 to 2.2.2.
    See this package in maven: https://mvnrepository.com/artifact/cglib/cglib-nodep/
  - com.thoughtworks.xstream:xstream from 1.4.5 to 1.4.20.
    See this package in maven: https://mvnrepository.com/artifact/com.thoughtworks.xstream/xstream/
  - org.apache.commons:commons-exec from 1.3 to 1.4.0.
    See this package in maven: https://mvnrepository.com/artifact/org.apache.commons/commons-exec/
  - org.springframework.boot:spring-boot-starter-validation from 2.6.1 to 2.7.18.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-validation/
  - org.projectlombok:lombok from 1.18.22 to 1.18.34.
    See this package in maven: https://mvnrepository.com/artifact/org.projectlombok/lombok/

See this project in Snyk:
https://app.snyk.io/org/dstechnolution/project/7d0e126a-215d-4276-b707-19cb3bede3c2?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dstecholution @snyk-bot