snowflake-kafka-connector icon indicating copy to clipboard operation
snowflake-kafka-connector copied to clipboard

Published 20 hours ago verified publisher icon snowflakedb

SNOW-506446: [Snyk] Security upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.2.1 to 2.13.4.2

Open sfc-gh-snyk-sca-sa opened this issue 2 years ago • 1 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • pom.xml

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Upgrade Breaking Change Exploit Maturity
medium severity 712/1000
Why? Currently trending on Twitter, Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.9		 Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426		 com.fasterxml.jackson.core:jackson-databind:
2.13.2.1 -> 2.13.4.2
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)

sfc-gh-snyk-sca-sa avatar Oct 17 '22 02:10 sfc-gh-snyk-sca-sa

Security Vulnerability Tickets of the Repo

Epic: SNOW-506446 Child: SNOW-679056

github-actions[bot] avatar Oct 17 '22 02:10 github-actions[bot]

Codecov Report

Merging #503 (1b5c978) into master (38d2cae) will increase coverage by 0.63%. The diff coverage is n/a.

@@            Coverage Diff             @@
##           master     #503      +/-   ##
==========================================
+ Coverage   87.11%   87.75%   +0.63%     
==========================================
  Files          47       47              
  Lines        3957     4131     +174     
  Branches      418      447      +29     
==========================================
+ Hits         3447     3625     +178     
+ Misses        348      337      -11     
- Partials      162      169       +7
Impacted Files Coverage Δ
...fka/connector/internal/SnowflakeInternalStage.java 68.75% <0.00%> (-5.00%) :arrow_down:
...main/java/com/snowflake/kafka/connector/Utils.java 93.67% <0.00%> (ø)
.../kafka/connector/SnowflakeSinkConnectorConfig.java 86.54% <0.00%> (ø)
...snowflake/kafka/connector/SchematizationUtils.java
...nector/internal/streaming/SchematizationUtils.java 65.85% <0.00%> (ø)
...a/connector/internal/streaming/StreamingUtils.java 93.67% <0.00%> (+0.24%) :arrow_up:
...nnector/internal/SnowflakeConnectionServiceV1.java 81.27% <0.00%> (+0.79%) :arrow_up:
...m/snowflake/kafka/connector/SnowflakeSinkTask.java 73.73% <0.00%> (+0.90%) :arrow_up:
...lake/kafka/connector/internal/SnowflakeErrors.java 98.01% <0.00%> (+1.11%) :arrow_up:
...ctor/internal/streaming/TopicPartitionChannel.java 91.76% <0.00%> (+1.76%) :arrow_up:
... and 4 more

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more

codecov-commenter avatar Nov 01 '22 00:11 codecov-commenter