You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To give a bit more context on this, CVE-2022-1471 actually requires org.yaml_sankeyaml@2.
A couple of new vulnerabilities are also shown when running Trivy on it, CVE-2023-20861 and CVE-2023-20863. These 2 are related to Spring core and should be fixed updating it to 5.3.27.
Could you give more information on whether these vulnerabilities affect the CLI and if there is a plan to address them?
Current Behavior
Hi,
There are dependencies imported with High to Critical severity vulnerabilities. Wouldn't you mind bumping its versions?
org.yaml_sankeyaml
@1.30org.yaml_sankeyaml
@1.30com.fasterxml.jackson.core_jackson-databind
@2.13.4Expected Behavior
Recommended versions:
org.yaml_sankeyaml
@1.31com.fasterxml.jackson.core_jackson-databind
@2.14.0Steps To Reproduce
No response
Environment
Anything else?
No response
The text was updated successfully, but these errors were encountered: