Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE] Increase version of library as soon as it is available #463

Closed
ds-psosnowski opened this issue Mar 4, 2024 · 4 comments
Closed

[CVE] Increase version of library as soon as it is available #463

ds-psosnowski opened this issue Mar 4, 2024 · 4 comments
Assignees
@jzbmw @ds-jhartmann
Labels
dependencies Pull requests that update a dependency file

Comments

@ds-psosnowski
Copy link
Contributor

ds-psosnowski commented Mar 4, 2024
edited by mkanal
Loading

Description

https://github.com/catenax-ng/tx-item-relationship-service/security/code-scanning/715
Issue should be resolved as soon as there is library version available.

Link

Update to https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/2.23.1 +
@ds-psosnowski ds-psosnowski added this to IRS Mar 4, 2024
@github-project-automation github-project-automation bot moved this to inbox in IRS Mar 4, 2024
@jzbmw jzbmw added the dependencies Pull requests that update a dependency file label Mar 13, 2024
@mkanal mkanal changed the title Increase version of library as soon as it is available [CVE] Increase version of library as soon as it is available Mar 13, 2024
@mkanal mkanal moved this from inbox to backlog in IRS Mar 13, 2024
@dsmf
Copy link
Contributor

dsmf commented Mar 22, 2024
edited
Loading

Note: Next Spring minor update would require more work due to deprecated classes, see #380

Alternative would be to update to commons-compress from 1.24.0 to 1.26.0 by overriding the transient dependency version.

@jzbmw jzbmw moved this from backlog to next in IRS Apr 2, 2024
@ds-jhartmann ds-jhartmann self-assigned this Apr 10, 2024
@ds-jhartmann ds-jhartmann moved this from next to wip in IRS Apr 10, 2024
@ds-jhartmann
Copy link
Contributor

Fixed vulnerabilities in catenax-ng#860

This was referenced Apr 10, 2024
Merged
Merged
@ds-jhartmann
Copy link
Contributor

Closes #340

@ds-jhartmann ds-jhartmann mentioned this issue Apr 10, 2024
Closed
1 task
@ds-jhartmann ds-jhartmann moved this from wip to test in IRS Apr 10, 2024
@ds-jhartmann
Copy link
Contributor

OWASP Vulnerabilites are fixed https://github.com/catenax-ng/tx-item-relationship-service/actions/runs/8631620319/job/23660415281
ready for PO acceptance

@ds-jhartmann ds-jhartmann moved this from test to review in IRS Apr 12, 2024
@jzbmw jzbmw moved this from review to done in IRS Apr 15, 2024
@jzbmw jzbmw closed this as completed Apr 15, 2024
ds-jhartmann added a commit that referenced this issue Apr 15, 2024
@ds-jhartmann
chore(deps):[#463] Bump io.minio:minio to 8.5.9
f6d1eeb
ds-jhartmann added a commit that referenced this issue Apr 15, 2024
@ds-jhartmann
chore(deps):[#463] Manually update org.apache.commons:commons-compres…
513b00b 
…s to 1.26.1
ds-jhartmann added a commit that referenced this issue Apr 15, 2024
@ds-jhartmann
chore(deps):[#463] Update dependencies
ae60c03
ds-jhartmann added a commit that referenced this issue Apr 15, 2024
@ds-jhartmann
chore(deps):[#463] Revert dependency update
0a24a51
ds-jhartmann added a commit that referenced this issue Apr 15, 2024
@ds-jhartmann
chore(deps):[#463] Manually update nimbus-jose-jwt to fix CVE
736b8e6
ds-jhartmann added a commit that referenced this issue Apr 15, 2024
@ds-jhartmann
chore(ci):[#463] Fix quality check scan issue
d601490
ds-jhartmann added a commit that referenced this issue Apr 15, 2024
@ds-jhartmann
chore(workflows):[#463] Cleanup trivyignore
e55f33e
ds-jhartmann added a commit that referenced this issue Apr 15, 2024
@ds-jhartmann
chore(workflows):[#463] Cleanup trivyignore
7f748b8
ds-jhartmann added a commit that referenced this issue Apr 15, 2024
@ds-jhartmann
chore(workflows):[#463] Cleanup trivyignore
969dbaf
ds-jhartmann added a commit that referenced this issue Apr 15, 2024
@ds-jhartmann
chore(workflows):[#463] Cleanup trivyignore
d4977cd
ds-jhartmann added a commit that referenced this issue Apr 15, 2024
@ds-jhartmann
Merge pull request #860 from catenax-ng/chore/#463-update-dependencies
aff4fff 
Chore/#463 update dependencies
ds-jhartmann added a commit to ds-jhartmann/item-relationship-service that referenced this issue Jun 13, 2024
@ds-jhartmann
Merge pull request eclipse-tractusx#463 from catenax-ng/fix/TRI-1460-…
b21d549 
…ess-missing-bpn

fix(ess):[TRI-1460] Add BPN to IRS job requests started by ESS
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzbmw jzbmw

@ds-jhartmann ds-jhartmann

Labels
dependencies Pull requests that update a dependency file
Projects
IRS
Status: done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dsmf @jzbmw @ds-jhartmann @ds-psosnowski