Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update dependency com.fasterxml.jackson.dataformat:jackson-dataformat-yaml to v2.13.0 #279

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

chore(deps): update dependency com.fasterxml.jackson.dataformat:jacks…

5b81b1f
Select commit
Loading
Failed to load commit list.
Open

chore(deps): update dependency com.fasterxml.jackson.dataformat:jackson-dataformat-yaml to v2.13.0 #279

chore(deps): update dependency com.fasterxml.jackson.dataformat:jacks…
5b81b1f
Select commit
Loading
Failed to load commit list.
Mend for github.com / WhiteSource Security Check failed Jun 22, 2024 in 6m 6s

Security Report

You have successfully remediated 10 vulnerabilities, but introduced 8 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2022-1471

Path to dependency file: /runtime/loader/pom.xml

Path to vulnerable library: /runtime/loader/pom.xml,/docker-images/agent/pom.xml,/server/impl/pom.xml,/cli/pom.xml,/runtime/v2/model/pom.xml,/runtime/v2/sdk/pom.xml,/policy-engine/pom.xml,/runtime/v1/impl/pom.xml,/runtime/v2/runner/pom.xml,/server/dist/pom.xml,/server/plugins/noderoster/impl/pom.xml,/k8s/agent-operator/pom.xml

Dependency Hierarchy:

-> kubernetes-client-4.8.0.jar (Root Library)

   -> jackson-dataformat-yaml-2.13.0.jar

     -> ❌ snakeyaml-1.28.jar (Vulnerable Library)

Critical 9.8 snakeyaml-1.28.jar Upgrade to version: org.yaml:snakeyaml:2.0 #162
CVE-2021-3918

Path to dependency file: /console2/package.json

Path to vulnerable library: /console2/node_modules/json-schema/package.json

Dependency Hierarchy:

-> react-scripts-3.4.3.tgz (Root Library)

   -> jest-environment-jsdom-fourteen-1.0.1.tgz

     -> jsdom-14.1.0.tgz

       -> request-2.88.2.tgz

         -> http-signature-1.2.0.tgz

           -> jsprim-1.4.1.tgz

             -> ❌ json-schema-0.2.3.tgz (Vulnerable Library)

Critical 9.8 json-schema-0.2.3.tgz Upgrade to version: json-schema - 0.4.0 #163
CVE-2022-25857

Path to dependency file: /runtime/loader/pom.xml

Path to vulnerable library: /runtime/loader/pom.xml,/docker-images/agent/pom.xml,/server/impl/pom.xml,/cli/pom.xml,/runtime/v2/model/pom.xml,/runtime/v2/sdk/pom.xml,/policy-engine/pom.xml,/runtime/v1/impl/pom.xml,/runtime/v2/runner/pom.xml,/server/dist/pom.xml,/server/plugins/noderoster/impl/pom.xml,/k8s/agent-operator/pom.xml

Dependency Hierarchy:

-> kubernetes-client-4.8.0.jar (Root Library)

   -> jackson-dataformat-yaml-2.13.0.jar

     -> ❌ snakeyaml-1.28.jar (Vulnerable Library)

High 7.5 snakeyaml-1.28.jar Upgrade to version: org.yaml:snakeyaml:1.31 #141
CVE-2022-41854

Path to dependency file: /runtime/loader/pom.xml

Path to vulnerable library: /runtime/loader/pom.xml,/docker-images/agent/pom.xml,/server/impl/pom.xml,/cli/pom.xml,/runtime/v2/model/pom.xml,/runtime/v2/sdk/pom.xml,/policy-engine/pom.xml,/runtime/v1/impl/pom.xml,/runtime/v2/runner/pom.xml,/server/dist/pom.xml,/server/plugins/noderoster/impl/pom.xml,/k8s/agent-operator/pom.xml

Dependency Hierarchy:

-> kubernetes-client-4.8.0.jar (Root Library)

   -> jackson-dataformat-yaml-2.13.0.jar

     -> ❌ snakeyaml-1.28.jar (Vulnerable Library)

Medium 6.5 snakeyaml-1.28.jar Upgrade to version: org.yaml:snakeyaml:1.32 #158
CVE-2022-38752

Path to dependency file: /runtime/loader/pom.xml

Path to vulnerable library: /runtime/loader/pom.xml,/docker-images/agent/pom.xml,/server/impl/pom.xml,/cli/pom.xml,/runtime/v2/model/pom.xml,/runtime/v2/sdk/pom.xml,/policy-engine/pom.xml,/runtime/v1/impl/pom.xml,/runtime/v2/runner/pom.xml,/server/dist/pom.xml,/server/plugins/noderoster/impl/pom.xml,/k8s/agent-operator/pom.xml

Dependency Hierarchy:

-> kubernetes-client-4.8.0.jar (Root Library)

   -> jackson-dataformat-yaml-2.13.0.jar

     -> ❌ snakeyaml-1.28.jar (Vulnerable Library)

Medium 6.5 snakeyaml-1.28.jar Upgrade to version: org.yaml:snakeyaml:1.32 #142
CVE-2022-38751

Path to dependency file: /runtime/loader/pom.xml

Path to vulnerable library: /runtime/loader/pom.xml,/docker-images/agent/pom.xml,/server/impl/pom.xml,/cli/pom.xml,/runtime/v2/model/pom.xml,/runtime/v2/sdk/pom.xml,/policy-engine/pom.xml,/runtime/v1/impl/pom.xml,/runtime/v2/runner/pom.xml,/server/dist/pom.xml,/server/plugins/noderoster/impl/pom.xml,/k8s/agent-operator/pom.xml

Dependency Hierarchy:

-> kubernetes-client-4.8.0.jar (Root Library)

   -> jackson-dataformat-yaml-2.13.0.jar

     -> ❌ snakeyaml-1.28.jar (Vulnerable Library)

Medium 6.5 snakeyaml-1.28.jar Upgrade to version: org.yaml:snakeyaml:1.31 #143
CVE-2022-38749

Path to dependency file: /runtime/loader/pom.xml

Path to vulnerable library: /runtime/loader/pom.xml,/docker-images/agent/pom.xml,/server/impl/pom.xml,/cli/pom.xml,/runtime/v2/model/pom.xml,/runtime/v2/sdk/pom.xml,/policy-engine/pom.xml,/runtime/v1/impl/pom.xml,/runtime/v2/runner/pom.xml,/server/dist/pom.xml,/server/plugins/noderoster/impl/pom.xml,/k8s/agent-operator/pom.xml

Dependency Hierarchy:

-> kubernetes-client-4.8.0.jar (Root Library)

   -> jackson-dataformat-yaml-2.13.0.jar

     -> ❌ snakeyaml-1.28.jar (Vulnerable Library)

Medium 6.5 snakeyaml-1.28.jar Upgrade to version: org.yaml:snakeyaml:1.31 #145
CVE-2022-38750

Path to dependency file: /runtime/loader/pom.xml

Path to vulnerable library: /runtime/loader/pom.xml,/docker-images/agent/pom.xml,/server/impl/pom.xml,/cli/pom.xml,/runtime/v2/model/pom.xml,/runtime/v2/sdk/pom.xml,/policy-engine/pom.xml,/runtime/v1/impl/pom.xml,/runtime/v2/runner/pom.xml,/server/dist/pom.xml,/server/plugins/noderoster/impl/pom.xml,/k8s/agent-operator/pom.xml

Dependency Hierarchy:

-> kubernetes-client-4.8.0.jar (Root Library)

   -> jackson-dataformat-yaml-2.13.0.jar

     -> ❌ snakeyaml-1.28.jar (Vulnerable Library)

Medium 5.5 snakeyaml-1.28.jar Upgrade to version: org.yaml:snakeyaml:1.31 #144

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2022-41854 snakeyaml-1.24.jar
CVE-2022-38751 snakeyaml-1.24.jar
CVE-2022-38749 snakeyaml-1.24.jar
CVE-2022-38750 snakeyaml-1.24.jar
CVE-2017-18640 snakeyaml-1.24.jar
CVE-2023-46750 shiro-web-1.5.1.jar
CVE-2023-46749 shiro-web-1.5.1.jar
CVE-2022-38752 snakeyaml-1.24.jar
CVE-2022-25857 snakeyaml-1.24.jar
CVE-2022-1471 snakeyaml-1.24.jar

Base branch total remaining vulnerabilities: 236
Base branch commit: 5478aeeda738bb625d7a100be550b55df120b611


Total libraries scanned: 1789

Scan token: 8bb5d98ada614304a4f3cb7b767078ff

View more details on Mend for github.com