SpringBoot-vue

SpringBoot-vue copied to clipboard

Bump moment from 2.18.1 to 2.29.4 in /frontend

[]

Bumps [moment](https://github.com/moment/moment) from 2.18.1 to 2.29.4. Changelog Sourced from moment's changelog. 2.29.4 Release Jul 6, 2022 #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex 2.29.3 Full changelog Release Apr 17, 2022...

dependabot[bot]

thanks for looking

[]

GodTianYe

Bump hibernate-core from 5.0.12.Final to 5.4.24.Final

[]

Bumps [hibernate-core](https://github.com/hibernate/hibernate-orm) from 5.0.12.Final to 5.4.24.Final. Release notes Sourced from hibernate-core's releases. Hibernate ORM 5.2.0 5.2.0 includes many improvements and bug-fixes. For a complete list of changes, see https://hibernate.atlassian.net/projects/HHH/versions/23150/tab/release-report-done. Many...

dependabot[bot]

Bump shelljs from 0.7.8 to 0.8.5 in /frontend

[]

Bumps [shelljs](https://github.com/shelljs/shelljs) from 0.7.8 to 0.8.5. Release notes Sourced from shelljs's releases. v0.8.5 This was a small security fix for #1058. v0.8.4 Small patch release to fix a circular dependency...

dependabot[bot]

Dependency org.apache.tomcat.embed:tomcat-embed-core, leading to CVE problem

[{"_id":"63531088cecf4e081a1b7f78","body":"@danielbarcellos \r\nCould please help me check this issue?\r\nMay I pull a request to fix it?\r\nThanks again.","issue_id":1660676728116,"origin_id":908062559,"user_origin_id":89496918,"create_time":1630304219,"update_time":1630304219,"id":1666388104713,"updated_at":"2022-10-21T21:35:04.713000Z","created_at":"2022-10-21T21:35:04.713000Z"}]

Hi, In **SpringBoot-vue**，there is a dependency **org.apache.tomcat.embed:tomcat-embed-core:8.5.15** that calls the risk method. [CVE-2019-10072](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10072) The scope of this CVE affected version is **[8.5.0, 8.5.40) || [9.0.0.M1, 9.0.20)** After further analysis, in...

CVEDetect

Bump lodash from 4.17.4 to 4.17.21 in /frontend

[]

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.4 to 4.17.21. Commits f299b52 Bump to v4.17.21 c4847eb Improve performance of toNumber, trim and trimEnd on large input strings 3469357 Prevent command injection through _.template's variable...

dependabot[bot]

Bump axios from 0.16.2 to 0.21.1 in /frontend

[]

Bumps [axios](https://github.com/axios/axios) from 0.16.2 to 0.21.1. Release notes Sourced from axios's releases. v0.21.1 0.21.1 (December 21, 2020) Fixes and Functionality: Hotfix: Prevent SSRF (#3410) Protocol not parsed when setting proxy...

dependabot[bot]

Can I upgrade to Java8?

[]

715353710

Update pom.xml

[]

Just for testing

atingupta2005

Bump eslint from 3.19.0 to 4.18.2 in /frontend

[]

Bumps [eslint](https://github.com/eslint/eslint) from 3.19.0 to 4.18.2. Release notes Sourced from eslint's releases. v4.18.2 6b71fd0 Fix: [email protected], because 4.0.3 needs "ajv": "^6.0.1" (#10022) (Mathieu Seiler) 3c697de Chore: fix incorrect comment about...

dependabot[bot]