From d88fce9d3eda2afebfb5070b0410a7f8a9319d2e Mon Sep 17 00:00:00 2001 From: "whitesource-bolt-for-github[bot]" <42819689+whitesource-bolt-for-github[bot]@users.noreply.github.com> Date: Wed, 5 May 2021 13:04:07 +0000 Subject: [PATCH 1/9] Add .whitesource configuration file --- .whitesource | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .whitesource diff --git a/.whitesource b/.whitesource new file mode 100644 index 00000000..55b922e8 --- /dev/null +++ b/.whitesource @@ -0,0 +1,12 @@ +{ + "scanSettings": { + "baseBranches": [] + }, + "checkRunSettings": { + "vulnerableCheckRunConclusionLevel": "failure", + "displayMode": "diff" + }, + "issueSettings": { + "minSeverityLevel": "LOW" + } +} \ No newline at end of file From d8a02a15b33008a344255455c16ddbd388c58f95 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 5 May 2021 13:17:46 +0000 Subject: [PATCH 2/9] fix: demo/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMALIBABA-570967 - https://snyk.io/vuln/SNYK-JAVA-COMALIBABA-73578 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-174736 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-31507 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-31519 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-31573 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-467014 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-467015 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-467016 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-469674 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-469676 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-559106 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72445 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72446 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72447 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72448 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72449 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72450 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72451 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72882 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72883 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72884 - https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-173761 - https://snyk.io/vuln/SNYK-JAVA-JUNIT-1017047 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-30646 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-31517 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETHRIFT-1074898 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETHRIFT-451680 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETHRIFT-474610 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETHRIFT-564358 --- demo/pom.xml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/demo/pom.xml b/demo/pom.xml index 962f0c8e..4ee4276d 100644 --- a/demo/pom.xml +++ b/demo/pom.xml @@ -39,7 +39,7 @@ junit junit - 4.12 + 4.13.1 org.javassist @@ -64,12 +64,12 @@ com.fasterxml.jackson.core jackson-databind - 2.8.5 + 2.9.10.8 com.fasterxml.jackson.module jackson-module-afterburner - 2.8.5 + 2.10.0 com.dslplatform @@ -79,7 +79,7 @@ org.apache.thrift libthrift - 0.9.1 + 0.14.0 org.slf4j @@ -94,7 +94,7 @@ com.alibaba fastjson - 1.2.22 + 1.2.69 com.squareup.moshi @@ -104,7 +104,7 @@ com.google.protobuf protobuf-java - 3.2.0rc2 + 3.4.0 From 0d47687f90ba19571358b2b3c03e6031c760568b Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 5 May 2021 13:25:56 +0000 Subject: [PATCH 3/9] fix: pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-174736 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-467014 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-467015 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-467016 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-469674 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-469676 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-559106 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72445 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72447 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72448 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72449 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72450 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72451 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72882 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72883 - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72884 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index b3f817c0..7d1c078a 100644 --- a/pom.xml +++ b/pom.xml @@ -58,7 +58,7 @@ com.fasterxml.jackson.core jackson-databind - 2.9.5 + 2.9.10.8 true @@ -113,7 +113,7 @@ html xml - + From 941463d9e029dd3c28f19318bdeb23543c43778f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 5 May 2021 22:10:49 +0000 Subject: [PATCH 4/9] fix: upgrade com.fasterxml.jackson.core:jackson-annotations from 2.9.5 to 2.12.3 Snyk has created this PR to upgrade com.fasterxml.jackson.core:jackson-annotations from 2.9.5 to 2.12.3. See this package in Maven Repository: https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-annotations/ See this project in Snyk: https://app.snyk.io/org/oribach-add/project/5e8957b6-4c3e-480f-adac-dd61771012d7?utm_source=github&utm_medium=upgrade-pr --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 7d1c078a..2667cb01 100644 --- a/pom.xml +++ b/pom.xml @@ -52,7 +52,7 @@ com.fasterxml.jackson.core jackson-annotations - 2.9.5 + 2.12.3 true From f5509586e8fa7d559c35503c90b74a5626a76748 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 5 May 2021 22:10:52 +0000 Subject: [PATCH 5/9] fix: upgrade com.fasterxml.jackson.core:jackson-databind from 2.9.10.8 to 2.12.3 Snyk has created this PR to upgrade com.fasterxml.jackson.core:jackson-databind from 2.9.10.8 to 2.12.3. See this package in Maven Repository: https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/ See this project in Snyk: https://app.snyk.io/org/oribach-add/project/5e8957b6-4c3e-480f-adac-dd61771012d7?utm_source=github&utm_medium=upgrade-pr --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 7d1c078a..0aad6d46 100644 --- a/pom.xml +++ b/pom.xml @@ -58,7 +58,7 @@ com.fasterxml.jackson.core jackson-databind - 2.9.10.8 + 2.12.3 true From 3b06b52313ab15703ba1e0c2450132c4b6fb3b9f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 5 May 2021 22:10:55 +0000 Subject: [PATCH 6/9] fix: upgrade org.javassist:javassist from 3.22.0-GA to 3.27.0-GA Snyk has created this PR to upgrade org.javassist:javassist from 3.22.0-GA to 3.27.0-GA. See this package in Maven Repository: https://mvnrepository.com/artifact/org.javassist/javassist/ See this project in Snyk: https://app.snyk.io/org/oribach-add/project/5e8957b6-4c3e-480f-adac-dd61771012d7?utm_source=github&utm_medium=upgrade-pr --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 7d1c078a..b070f6bb 100644 --- a/pom.xml +++ b/pom.xml @@ -46,7 +46,7 @@ org.javassist javassist - 3.22.0-GA + 3.27.0-GA true From 0e2a3ee1bc5f4d08343c43d92a20aca6c3fa2ac1 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 5 May 2021 22:10:58 +0000 Subject: [PATCH 7/9] fix: upgrade com.google.code.gson:gson from 2.8.3 to 2.8.6 Snyk has created this PR to upgrade com.google.code.gson:gson from 2.8.3 to 2.8.6. See this package in Maven Repository: https://mvnrepository.com/artifact/com.google.code.gson/gson/ See this project in Snyk: https://app.snyk.io/org/oribach-add/project/5e8957b6-4c3e-480f-adac-dd61771012d7?utm_source=github&utm_medium=upgrade-pr --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 7d1c078a..f5b42f1f 100644 --- a/pom.xml +++ b/pom.xml @@ -64,7 +64,7 @@ com.google.code.gson gson - 2.8.3 + 2.8.6 true From fbcf7ae792de252d2ad823537f35596e7985197e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 6 May 2021 07:32:03 +0000 Subject: [PATCH 8/9] fix: upgrade com.google.protobuf:protobuf-java from 3.4.0 to 3.15.8 Snyk has created this PR to upgrade com.google.protobuf:protobuf-java from 3.4.0 to 3.15.8. See this package in Maven Repository: https://mvnrepository.com/artifact/com.google.protobuf/protobuf-java/ See this project in Snyk: https://app.snyk.io/org/oribach-add/project/c6a67144-0611-43af-9d9f-91f724512f20?utm_source=github&utm_medium=upgrade-pr --- demo/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demo/pom.xml b/demo/pom.xml index 4ee4276d..18caee5f 100644 --- a/demo/pom.xml +++ b/demo/pom.xml @@ -104,7 +104,7 @@ com.google.protobuf protobuf-java - 3.4.0 + 3.15.8 From 92a68d4901c9593c3ab9c95931ac99d134107555 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 13 Mar 2022 12:47:01 +0000 Subject: [PATCH 9/9] chore(deps): add renovate.json --- renovate.json | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 renovate.json diff --git a/renovate.json b/renovate.json new file mode 100644 index 00000000..f45d8f11 --- /dev/null +++ b/renovate.json @@ -0,0 +1,5 @@ +{ + "extends": [ + "config:base" + ] +}