DMC/scipro
7
0
Fork 0
Code Issues 28 Pull Requests 6 Actions Projects 1 Wiki Activity

Fix CVE-2024-57699 by override transitive dependency version #116

Merged
niat8586 merged 1 commits from update-json-smart into develop 2025-02-20 14:32:01 +01:00
Conversation 2 Commits 1 Files Changed 1 +20
ansv7779 commented 2025-02-20 14:16:21 +01:00
Owner
Copy Link

The overriding should be removed once Spring Security updates its dependencies.

Fixes #104

How to test

  1. Run mvnw install org.owasp:dependency-check-maven:12.1.0:check --fail-at-end -DnvdApiDelay=60000 -DskipTests -DfailBuildOnCVSS=7
  2. Wait a very long time (can be sped up be requesting an NVD API key and adding -DnvdApiKey=<key>
  3. Check the build succeeds
The overriding should be removed once Spring Security updates its dependencies. Fixes #104 ## How to test 1. Run `mvnw install org.owasp:dependency-check-maven:12.1.0:check --fail-at-end -DnvdApiDelay=60000 -DskipTests -DfailBuildOnCVSS=7` 2. Wait a very long time (can be sped up be [requesting an NVD API key](https://nvd.nist.gov/developers/request-an-api-key) and adding `-DnvdApiKey=<key>` 3. Check the build succeeds
ansv7779 added 1 commit 2025-02-20 14:16:22 +01:00
Fix CVE-2024-57699 by override transitive dependency version
All checks were successful
Deploy to branch.dsv.su.se / deploy (pull_request) Successful in 3m38s
Details
Build and test / build-and-test (push) Successful in 17m10s
Details
Remove branch deployment from branch.dsv.su.se / cleanup (pull_request) Successful in 6s
Details
f4d2fdaadd 
The overriding should be removed once Spring Security updates its dependencies.
gitea-actions commented 2025-02-20 14:20:00 +01:00
First-time contributor
Copy Link

Deployed to https://scipro-update-json-smart.branch.dsv.su.se

Deployed to https://scipro-update-json-smart.branch.dsv.su.se
niat8586 approved these changes 2025-02-20 14:24:53 +01:00
niat8586 left a comment
Owner
Copy Link

👍

👍
niat8586 merged commit b7cf87d6d3 into develop 2025-02-20 14:32:01 +01:00
niat8586 deleted branch update-json-smart 2025-02-20 14:32:01 +01:00
Sign in to join this conversation.
Reviewers
No Reviewers
niat8586
Labels
Clear labels
bug
Something is not working
discussion
duplicate
This issue or pull request already exists
enhancement
New feature
frozen
The issue is not solved, but it will be investigated in the future it the issue arises again
help wanted
Need some help
invalid
Something is wrong
new
To be discussed at the next meeting
po
approved
po
changes
PO has requested changes
po
needed
question
More information is needed
size
1
size
2
size
3
wontfix
This won't be fixed
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: DMC/scipro#116
No description provided.
Delete Branch "update-json-smart"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?