From 451782f1aff531eedd9b4fadb27e1c791b530d95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Brunner?= Date: Mon, 23 Oct 2023 12:37:50 +0200 Subject: [PATCH] Fix CVE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Upgrade com.github.spotbugs:spotbugs@4.5.3 to com.github.spotbugs:spotbugs@4.8.0 to fix ✗ Out-of-bounds Write [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEBCEL-3106013] in org.apache.bcel:bcel@6.5.0 introduced by com.github.spotbugs:spotbugs@4.5.3 > org.apache.bcel:bcel@6.5.0 Upgrade io.sentry:sentry-logback@6.0.0 to io.sentry:sentry-logback@6.25.2 to fix Upgrade org.hibernate:hibernate-core@5.4.33 to org.hibernate:hibernate-core@6.0.0.Final to fix Upgrade org.json:json@20230227 to org.json:json@20231013 to fix ✗ Allocation of Resources Without Limits or Throttling (new) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5962464] in org.json:json@20230227 introduced by org.json:json@20230227 --- core/build.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/build.gradle b/core/build.gradle index 30845b64c5..a12e84d514 100644 --- a/core/build.gradle +++ b/core/build.gradle @@ -168,7 +168,7 @@ dependencies { "org.slf4j:jul-to-slf4j:2.0.9", "ch.qos.logback:logback-classic:1.3.11", "ch.qos.logback:logback-access:1.3.11", - 'org.json:json:20230227', + 'org.json:json:20231013', 'org.yaml:snakeyaml:2.0', 'com.github.spullara.cli-parser:cli-parser:1.1.6', 'org.apache.httpcomponents:httpclient:4.5.14', @@ -196,7 +196,7 @@ dependencies { ) providedCompile('javax.servlet:javax.servlet-api:4.0.1') - compileOnly "com.github.spotbugs:spotbugs-annotations:4.7.3" + compileOnly "com.github.spotbugs:spotbugs-annotations:4.8.0" testCompile group: 'de.saly', name: 'javamail-mock2-fullmock', version: '0.5-beta4' }