Skip to content

fix(jans-bom): update libs #10154

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 14, 2024
Merged

fix(jans-bom): update libs #10154

merged 1 commit into from
Nov 14, 2024

Conversation

yurem
Copy link
Contributor

@yurem yurem commented Nov 14, 2024
edited by mo-auto
Loading

  • I confirm that there is no impact on the docs due to the code changes in this PR.

Closes #10155,

@yurem
fix(jans-bom): update libs
640b48a 
Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>
@yurem yurem requested review from yuriyz and yuriyzz as code owners November 14, 2024 19:51
@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

This pull request updates the versions of several dependencies in the project's Maven POM file, including the Jetty version and the commons-io version, to address security vulnerabilities and improve the overall stability and performance of the application.

Expand for full summary

Summary:

The code changes in this pull request focus on updating the versions of several dependencies in the project's Maven POM file. Specifically, the jetty.version property is being updated from 11.0.16 to 11.0.24, and the commons-io dependency version is being updated from 2.11.0 to 2.17.0. These updates are likely to address security vulnerabilities or improve the overall stability and performance of the application.

From an application security perspective, keeping dependencies up-to-date is a good practice to ensure that known vulnerabilities are patched. Outdated dependencies can introduce security risks, as they may contain unpatched vulnerabilities that could be exploited by attackers. The Jetty version update and the commons-io version update are both positive changes that can help improve the security posture of the application.

Files Changed:

  • jans-bom/pom.xml: This file is the Maven POM (Project Object Model) file, which is used to manage the project's dependencies and other configuration settings. The changes in this pull request update the jetty.version property from 11.0.16 to 11.0.24, and the commons-io dependency version from 2.11.0 to 2.17.0. These updates are likely to address security vulnerabilities or improve the overall stability and performance of the application.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@mo-auto
Copy link
Member

mo-auto commented Nov 14, 2024

Error: Hi @yurem, You did not reference an open issue in your PR. I attempted to create an issue for you.
Please update that issues' title and body and make sure I correctly referenced it in the above PRs body.

@mo-auto mo-auto mentioned this pull request Nov 14, 2024
Closed
@mo-auto mo-auto added comp-jans-bom Component affected by issue or PR kind-bug Issue or PR is a bug in existing functionality labels Nov 14, 2024
@yuriyz yuriyz enabled auto-merge (squash) November 14, 2024 19:53
@yuriyz yuriyz merged commit 8fe012c into main Nov 14, 2024
11 checks passed
@yuriyz yuriyz deleted the libs_updare branch November 14, 2024 19:55
@iromli iromli mentioned this pull request Nov 15, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuriyz yuriyz yuriyz approved these changes

@yuriyzz yuriyzz yuriyzz approved these changes

Assignees
No one assigned
Labels
comp-jans-bom Component affected by issue or PR kind-bug Issue or PR is a bug in existing functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

fix: fix(jans-bom): update libs -autocreated
4 participants
@yurem @mo-auto @yuriyz @yuriyzz