application-engine
application-engine copied to clipboard
netgrif
[Snyk] Fix for 1 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- pom.xml
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity |
|---|---|---|---|---|---|
 |
688/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.9 |
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424 |
com.fasterxml.jackson.core:jackson-databind: 2.13.2.2 -> 2.13.4 com.fasterxml.jackson.dataformat:jackson-dataformat-xml: 2.13.2 -> 2.13.4 com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider: 2.13.2 -> 2.13.4 com.fasterxml.jackson.module:jackson-module-jsonSchema: 2.13.2 -> 2.13.4 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Vulnerabilities that could not be fixed
- Upgrade:
- Could not upgrade
org.springframework.boot:[email protected]toorg.springframework.boot:[email protected]; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.7.0/spring-boot-dependencies-2.7.0.pom - Could not upgrade
org.springframework.boot:[email protected]toorg.springframework.boot:[email protected]; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.7.0/spring-boot-dependencies-2.7.0.pom - Could not upgrade
org.springframework.boot:[email protected]toorg.springframework.boot:[email protected]; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.7.0/spring-boot-dependencies-2.7.0.pom
- Could not upgrade
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
This PR has 8 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!
Quantification details
Label : Extra Small
Size : +4 -4
Percentile : 3.2%
Total files changed: 1
Change summary by file extension:
.xml : +4 -4
Change counts above are quantified counts, based on the PullRequestQuantifier customizations.
Why proper sizing of changes matters
Optimal pull request sizes drive a better predictable PR flow as they strike a balance between between PR complexity and PR review overhead. PRs within the optimal size (typical small, or medium sized PRs) mean:
- Fast and predictable releases to production:
- Optimal size changes are more likely to be reviewed faster with fewer iterations.
- Similarity in low PR complexity drives similar review times.
- Review quality is likely higher as complexity is lower:
- Bugs are more likely to be detected.
- Code inconsistencies are more likely to be detected.
- Knowledge sharing is improved within the participants:
- Small portions can be assimilated better.
- Better engineering practices are exercised:
- Solving big problems by dividing them in well contained, smaller problems.
- Exercising separation of concerns within the code changes.
What can I do to optimize my changes
- Use the PullRequestQuantifier to quantify your PR accurately
- Create a context profile for your repo using the context generator
- Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the
Excludedsection from yourprquantifier.yamlcontext profile. - Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your
prquantifier.yamlcontext profile. - Only use the labels that matter to you, see context specification to customize your
prquantifier.yamlcontext profile.
- Change your engineering behaviors
- For PRs that fall outside of the desired spectrum, review the details and check if:
- Your PR could be split in smaller, self-contained PRs instead
- Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).
- For PRs that fall outside of the desired spectrum, review the details and check if:
How to interpret the change counts in git diff output
- One line was added:
+1 -0 - One line was deleted:
+0 -1 - One line was modified:
+1 -1(git diff doesn't know about modified, it will interpret that line like one addition plus one deletion) - Change percentiles: Change characteristics (addition, deletion, modification) of this PR in relation to all other PRs within the repository.
Was this comment helpful? :thumbsup: :ok_hand: :thumbsdown: (Email) Customize PullRequestQuantifier for this repository.
![pull-request-quantifier-deprecated[bot] avatar](https://avatars.githubusercontent.com/in/93966?v=4 "Published by a pub.dev verified publisher"){kind=small}
Kudos, SonarCloud Quality Gate passed! 
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
0.0% Duplication
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}