sbt-native-packager icon indicating copy to clipboard operation
sbt-native-packager copied to clipboard

Published 20 hours ago verified publisher icon sbt

Upgrade commons-compress version

Open headiron opened this issue 1 year ago • 5 comments

Hello All.

Recently, our company ran security scanning for our app which use sbt-native-packager and inform us to update commons-compress library from 1.20 to 1.21.

According to them, it has security vulnerability ( CVE-2021-35515 ).

Could you upgrade commons-compress to 1.21 ?

Best Regards

headiron avatar Aug 05 '22 18:08 headiron

Hi @headiron

Thanks for the hint. Could open a pull request for it?. I'll merge and release next well 🥰

muuki88 avatar Aug 06 '22 05:08 muuki88

Thanks @muuki88

It is a first time for me to create PR on github so I don't know whether it is correct but I create a PR like below.

https://github.com/headiron/sbt-native-packager/pull/1

If I did wrong, could you guide me how to create a PR on github ?

Regards Ducheol

headiron avatar Aug 08 '22 14:08 headiron

Thanks for trying 😊🤘

You came close. You created a PR on your own fork instead of this repository.

If you repeat the same steps and instead choose sbt/sbt-native-packager as the target repository then it should work 👍

muuki88 avatar Aug 08 '22 15:08 muuki88

Thanks @muuki88 . I see the PR is merged.

Just curios, when the new version will be released ?

headiron avatar Aug 09 '22 21:08 headiron

I try this week 😁

muuki88 avatar Aug 10 '22 04:08 muuki88