sonar-flutter icon indicating copy to clipboard operation
sonar-flutter copied to clipboard

Published 20 hours ago verified publisher icon insideapp-oss

Bump snakeyaml and jackson-databind to latest versions

Open dgrad opened this issue 1 year ago • 1 comments

Previous versions had known vulenerabilities.

Vulnerabilities
NAME              INSTALLED  FIXED-IN  TYPE          VULNERABILITY        SEVERITY
jackson-databind  2.13.4     2.13.4.2  java-archive  GHSA-jjjh-jjxp-wpff  High
snakeyaml         1.28       1.31      java-archive  GHSA-hhhw-99gj-p3c3  Medium
snakeyaml         1.28       2.0       java-archive  GHSA-mjmj-j48q-9wg2  High
snakeyaml         1.28       1.32      java-archive  GHSA-w37g-rhq8-7m4j  Medium
snakeyaml         1.28       1.31      java-archive  GHSA-3mc7-4q67-w48m  High
snakeyaml         1.28       1.31      java-archive  GHSA-98wm-3w3q-mw94  Medium
snakeyaml         1.28       1.32      java-archive  GHSA-9w3m-gqgf-c4p9  Medium
snakeyaml         1.28       1.31      java-archive  GHSA-c4r9-r8fh-9vj2  Medium

All tests passing and tested with local sonarqube instance.

dgrad avatar Dec 21 '23 21:12 dgrad

Thank you @dgrad ! I changed the PR target branch to develop

zippy1978 avatar Jan 10 '24 08:01 zippy1978