New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVEs fixes, October 22 #2711
Comments
Can I work on this and raise a PR ? |
Hey, sure.
|
@royca If you don't mind I would like to work on this since there has been no PR or any discussion for 12 days |
A fix for Fixes for: Snake yaml CVEs: are false positives. Others have been fixed within #2926 |
@Haarolean I could see snakeyaml CVEs are false positive. Is it? I could see the issues created Here is an example So, is it possible to provide snakeyaml version 1.33 in 2.7.x version? |
@Subrhamanya yes they are according to this thread. |
Does that mean 2.7.6 version of spring-boot will have snakeyaml version 1.33? |
AFAIK, yes. |
https://github.com/provectus/kafka-ui/actions/runs/3058781951/jobs/4935377778
Bump snakeyaml deps
The text was updated successfully, but these errors were encountered: