-
|
Is there any plan to upgrade libraries across different components to get rid of alerts from Checkmarx ?
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Hello, thank you for asking and running the check. We use snyk for scanning vulnerabilities and have no plans to change it to something else unless there is a clear reason. That being said, there are several changes pending to be appliend, in particular there is an update of jmeter dependency which is the main dependency that includes all such potentially vulnerable packages, but updating to such version requires several changes. We will review what is the best course of action, I think updating JMeter should be the way to go even though it may require more effort than just updating vulnerable dependencies. Regarding plan: we don't have a fixed date for solving the mentioned issue, but if you (or anyone) is willing to help with some PR that solves the issue, we would be very pleased to review it and merge it. |
Beta Was this translation helpful? Give feedback.
Hello, thank you for asking and running the check.
We use snyk for scanning vulnerabilities and have no plans to change it to something else unless there is a clear reason. That being said, there are several changes pending to be appliend, in particular there is an update of jmeter dependency which is the main dependency that includes all such potentially vulnerable packages, but updating to such version requires several changes.
We will review what is the best course of action, I think updating JMeter should be the way to go even though it may require more effort than just updating vulnerable dependencies.
Regarding plan: we don't have a fixed date for solving the mentioned issue, but if…