Fix couple of CVEs before releasing 2024.0.1 (#625)
* Updates Spring Boot to 3.3.8 and Spring Cloud to 2023.0.5 * Update Groovy to 3.0.23 This updates `org.codehaus.groovy:groovy-all` used by the `stream-applications-release-train` module to `3.0.23` to fix `CVE-2022-4065` from transitive depepdency `org.testng:testng`. * Add CVEs to .trivyignore due to `debezium-supplier` transitive dependencies.
This commit is contained in:
@@ -3,6 +3,8 @@
|
||||
################################
|
||||
CVE-2023-1428
|
||||
CVE-2023-32731
|
||||
CVE-2024-41909
|
||||
CVE-2024-7254
|
||||
|
||||
################################
|
||||
# Snakeyaml 1.3.3
|
||||
|
||||
@@ -20,7 +20,7 @@
|
||||
<dependency>
|
||||
<groupId>org.codehaus.groovy</groupId>
|
||||
<artifactId>groovy-all</artifactId>
|
||||
<version>3.0.17</version>
|
||||
<version>3.0.23</version>
|
||||
<type>pom</type>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
@@ -52,7 +52,7 @@
|
||||
<dependency>
|
||||
<groupId>org.codehaus.groovy</groupId>
|
||||
<artifactId>groovy-all</artifactId>
|
||||
<version>3.0.17</version>
|
||||
<version>3.0.23</version>
|
||||
<type>pom</type>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
Reference in New Issue
Block a user