[Snyk] Fix for 1 vulnerabilities by snyk-bot · Pull Request #2 · ozkansari/spring-boot-restapi-samples

snyk-bot · 2021-05-26T19:10:14Z

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- simplyecomm/simplyecomm-api/pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
	506/1000 Why? Recently disclosed, Has a fix available, CVSS 4.4	Privilege Escalation SNYK-JAVA-ORGSPRINGFRAMEWORK-1296829	`org.springdoc:springdoc-openapi-data-rest:` `1.5.8 -> 1.5.9` `org.springdoc:springdoc-openapi-hateoas:` `1.5.8 -> 1.5.9`	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Vulnerabilities that could not be fixed

Upgrade:
- Could not upgrade org.springframework.boot:spring-boot-starter-web@2.4.4 to org.springframework.boot:spring-boot-starter-web@2.4.6; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.4.4/spring-boot-dependencies-2.4.4.pom

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-1296829

codecov · 2021-05-26T19:13:02Z

Codecov Report

Merging #2 (1a0d409) into master (d21c3f3) will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master       #2   +/-   ##
=========================================
  Coverage     89.62%   89.62%           
  Complexity       50       50           
=========================================
  Files            10       10           
  Lines           106      106           
  Branches          4        4           
=========================================
  Hits             95       95           
  Misses            7        7           
  Partials          4        4

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d21c3f3...1a0d409. Read the comment docs.

fix: simplyecomm/simplyecomm-api/pom.xml to reduce vulnerabilities

1a0d409

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-1296829

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 1 vulnerabilities#2

[Snyk] Fix for 1 vulnerabilities#2
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-cfece47a67a36ee627ee5004af2eb4b6

snyk-bot commented May 26, 2021

Uh oh!

codecov bot commented May 26, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

snyk-bot commented May 26, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Vulnerabilities that could not be fixed

Uh oh!

codecov bot commented May 26, 2021

Codecov Report

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant