Skip to content

Commit

Permalink
update dependencies for identified CVEs (#461)
Browse files Browse the repository at this point in the history
  • Loading branch information
bradh authored Mar 11, 2024
1 parent 55efe5e commit cec1a9e
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 26 deletions.
5 changes: 5 additions & 0 deletions dependency-check-suppression.xml
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,9 @@
<suppressions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"
xsi:schemaLocation="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-(cipher|classworlds|component-annotations|interpolation|sec-dispatcher)@.*$</packageUrl>
<cve>CVE-2022-4244</cve>
<cve>CVE-2022-4245</cve>
</suppress>
</suppressions>
26 changes: 3 additions & 23 deletions miml-maven-plugin/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
<antlr4.version>4.9.1</antlr4.version>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<maven.core.version>3.8.6</maven.core.version>
<maven.core.version>3.9.6</maven.core.version>
<maven.version>3.3.9</maven.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
Expand All @@ -32,19 +32,13 @@
<dependency>
<groupId>org.freemarker</groupId>
<artifactId>freemarker</artifactId>
<version>2.3.30</version>
<version>2.3.32</version>
</dependency>
<dependency>
<groupId>org.antlr</groupId>
<artifactId>antlr4-runtime</artifactId>
<version>${antlr4.version}</version>
</dependency>
<dependency>
<!-- Override for CVE 2021-29425 -->
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.8.0</version>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-plugin-api</artifactId>
Expand All @@ -57,20 +51,6 @@
<version>${maven.core.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<!-- Override for OSSINDEX-d89d-15b4-33be -->
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
<version>3.3.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<!-- Override for CVE 2020-8908 -->
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>32.0.0-android</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-artifact</artifactId>
Expand All @@ -80,7 +60,7 @@
<dependency>
<groupId>org.apache.maven.plugin-tools</groupId>
<artifactId>maven-plugin-annotations</artifactId>
<version>3.6.0</version>
<version>3.6.4</version>
<scope>provided</scope>
</dependency>
<dependency>
Expand Down
6 changes: 3 additions & 3 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@
<properties>
<coveralls.version>4.3.0</coveralls.version>
<cyclonedx.schema.version>1.3</cyclonedx.schema.version>
<cyclonedx.version>2.5.1</cyclonedx.version>
<cyclonedx.version>2.5.3</cyclonedx.version>
<failsafe.version>3.0.0-M5</failsafe.version>
<googleformatter.maven.plugin.version>1.7.5</googleformatter.maven.plugin.version>
<jackson.version>2.13.2.2</jackson.version>
Expand All @@ -71,7 +71,7 @@
<jqf.plugin.version>1.7</jqf.plugin.version>
<jqf.version>1.7</jqf.version>
<maven.assembly.plugin.version>3.3.0</maven.assembly.plugin.version>
<owasp.version>8.0.1</owasp.version>
<owasp.version>8.4.3</owasp.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<slf4j.version>1.7.32</slf4j.version>
<sortpom.version>3.0.0</sortpom.version>
Expand Down Expand Up @@ -102,7 +102,7 @@
<dependency>
<groupId>org.bytedeco</groupId>
<artifactId>ffmpeg-platform</artifactId>
<version>5.1.2-1.5.8</version>
<version>6.1.1-1.5.10</version>
</dependency>
</dependencies>
</dependencyManagement>
Expand Down

0 comments on commit cec1a9e

Please sign in to comment.