Skip to content

[Snyk] Upgrade: net.datafaker:datafaker, org.springframework.boot:spring-boot-devtools, org.springframework.boot:spring-boot-starter-data-jpa, org.springframework.boot:spring-boot-starter-log4j2, org.springframework.boot:spring-boot-starter-security, org.springframework.boot:spring-boot-starter-thymeleaf, org.springframework.boot:spring-boot-starter-web, org.thymeleaf.extras:thymeleaf-extras-springsecurity5, org.webjars:jquery, org.webjars:bootstrap#36

Open
bmvermeer wants to merge 1 commit intomasterfrom
snyk-upgrade-1fb0596f429b5a0b2c3d5a75d19843d3
Open

Conversation

@bmvermeer
Copy link
Owner

@bmvermeer bmvermeer commented Sep 10, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

net.datafaker:datafaker
from 1.7.0 to 1.9.0 | 3 versions ahead of your current version | a year ago
on 2023-04-18
org.springframework.boot:spring-boot-devtools
from 2.6.0 to 2.7.18 | 34 versions ahead of your current version | 10 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter-data-jpa
from 2.6.0 to 2.7.18 | 34 versions ahead of your current version | 10 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter-log4j2
from 2.6.0 to 2.7.18 | 34 versions ahead of your current version | 10 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter-security
from 2.6.0 to 2.7.18 | 34 versions ahead of your current version | 10 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter-thymeleaf
from 2.6.0 to 2.7.18 | 34 versions ahead of your current version | 10 months ago
on 2023-11-23
org.springframework.boot:spring-boot-starter-web
from 2.6.0 to 2.7.18 | 34 versions ahead of your current version | 10 months ago
on 2023-11-23
org.thymeleaf.extras:thymeleaf-extras-springsecurity5
from 3.0.4.RELEASE to 3.1.2.RELEASE | 7 versions ahead of your current version | a year ago
on 2023-07-30
org.webjars:jquery
from 2.1.4 to 2.2.4 | 5 versions ahead of your current version | 8 years ago
on 2016-05-21
org.webjars:bootstrap
from 3.3.4 to 3.4.1 | 6 versions ahead of your current version | 6 years ago
on 2019-02-19

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Cross-site Scripting (XSS)
SNYK-JAVA-ORGWEBJARS-451160		 539 No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JAVA-ORGWEBJARS-451162		 539 No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JAVA-ORGWEBJARS-451164		 539 No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JAVA-ORGWEBJARS-451168		 539 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JAVA-ORGWEBJARS-479505		 539 No Known Exploit

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • Snyk has automatically assigned this pull request, set who gets assigned.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade multiple dependencies with Snyk
b2b574c 
Snyk has created this PR to upgrade:
  - net.datafaker:datafaker from 1.7.0 to 1.9.0.
    See this package in maven: https://mvnrepository.com/artifact/net.datafaker/datafaker/
  - org.springframework.boot:spring-boot-devtools from 2.6.0 to 2.7.18.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-devtools/
  - org.springframework.boot:spring-boot-starter-data-jpa from 2.6.0 to 2.7.18.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-data-jpa/
  - org.springframework.boot:spring-boot-starter-log4j2 from 2.6.0 to 2.7.18.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-log4j2/
  - org.springframework.boot:spring-boot-starter-security from 2.6.0 to 2.7.18.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-security/
  - org.springframework.boot:spring-boot-starter-thymeleaf from 2.6.0 to 2.7.18.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-thymeleaf/
  - org.springframework.boot:spring-boot-starter-web from 2.6.0 to 2.7.18.
    See this package in maven: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-web/
  - org.thymeleaf.extras:thymeleaf-extras-springsecurity5 from 3.0.4.RELEASE to 3.1.2.RELEASE.
    See this package in maven: https://mvnrepository.com/artifact/org.thymeleaf.extras/thymeleaf-extras-springsecurity5/
  - org.webjars:jquery from 2.1.4 to 2.2.4.
    See this package in maven: https://mvnrepository.com/artifact/org.webjars/jquery/
  - org.webjars:bootstrap from 3.3.4 to 3.4.1.
    See this package in maven: https://mvnrepository.com/artifact/org.webjars/bootstrap/

See this project in Snyk:
https://app.snyk.io/org/admirals95/project/aabd74e6-e271-4beb-81f8-4afd81abc593?utm_source=github&utm_medium=referral&page=upgrade-pr
@bmvermeer bmvermeer self-assigned this Sep 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@bmvermeer bmvermeer

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bmvermeer @snyk-bot