Commit 370cf9bc authored by Dmitrii Gerashchenko's avatar Dmitrii Gerashchenko Committed by David Diederich
Browse files

Upgrade vulnerable dependencies according to WhiteSource alerts

(cherry picked from commit 0cd70a2c)
parent f10340fe
Pipeline #81821 failed with stages
in 5 minutes and 8 seconds
......@@ -35,6 +35,7 @@
<netty-bom.version>4.1.63.Final</netty-bom.version>
<snakeyaml.version>1.26</snakeyaml.version>
<commons-codec.version>1.14</commons-codec.version>
<log4j2.version>2.15.0</log4j2.version>
</properties>
<licenses>
......@@ -61,6 +62,17 @@
<type>pom</type>
<scope>import</scope>
</dependency>
<!--<editor-fold desc="Overriding spring-boot-dependencies. Fix: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228">-->
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-bom</artifactId>
<version>${log4j2.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<!--</editor-fold>-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment