Fix couple of CVEs before releasing 2024.0.1 (#625)

* Updates Spring Boot to 3.3.8 and Spring Cloud to 2023.0.5

* Update Groovy to 3.0.23

This updates `org.codehaus.groovy:groovy-all` used by the
`stream-applications-release-train` module to `3.0.23` to
fix `CVE-2022-4065` from transitive depepdency
`org.testng:testng`.

* Add CVEs to .trivyignore due to `debezium-supplier`
transitive dependencies.
This commit is contained in:
Chris Bono
2025-02-01 18:31:19 -06:00
committed by GitHub
parent 48a16dcdd1
commit 22970be5ff
2 changed files with 4 additions and 2 deletions

View File

@@ -3,6 +3,8 @@
################################
CVE-2023-1428
CVE-2023-32731
CVE-2024-41909
CVE-2024-7254
################################
# Snakeyaml 1.3.3

View File

@@ -20,7 +20,7 @@
<dependency>
<groupId>org.codehaus.groovy</groupId>
<artifactId>groovy-all</artifactId>
<version>3.0.17</version>
<version>3.0.23</version>
<type>pom</type>
<scope>compile</scope>
</dependency>
@@ -52,7 +52,7 @@
<dependency>
<groupId>org.codehaus.groovy</groupId>
<artifactId>groovy-all</artifactId>
<version>3.0.17</version>
<version>3.0.23</version>
<type>pom</type>
</dependency>
</dependencies>