one-time icon indicating copy to clipboard operation
one-time copied to clipboard
verified publisher icon suvash

HIGH vulnerabilities

Open ClemRz opened this issue 1 year ago • 1 comments

Hi,

It seems that nvd-clojure detects quite a few HIGH vulnerabilities due to the Batik dependencies version used in on-time:

  • batik-css-1.15.jar: CVE-2022-44729, CVE-2022-42890, CVE-2022-41704, CVE-2022-44730
  • batik-i18n-1.15.jar: CVE-2022-44729, CVE-2022-44730

~It seems that this is for front-end purposes. Why are they actually needed?~ <- probably for QR rendering.

Is there any plan to upgrade these dependencies please?

ClemRz avatar Aug 02 '24 19:08 ClemRz

Actually, PR #24 from @daviddurand should solve these vulnerabilities.

ClemRz avatar Aug 02 '24 19:08 ClemRz

@ClemRz Thanks for opening the issue. Since the PR is now merged, I'll also close this one. Please feel free to open a new one if needed.

I'd also appreciate if you'd like to submit a PR for automated tests/reports using nvd-clojure.

Thanks again!

suvash avatar Jan 16 '25 18:01 suvash