Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump dependencies #999

Merged
merged 6 commits into from
Feb 19, 2025
Merged

Bump dependencies #999

merged 6 commits into from
Feb 19, 2025

Conversation

dupondje
Copy link
Member

Fix some security issues in our dependencies.

Are you the owner of the code you are sending in, or do you have permission of the owner?

[y]

@dupondje dupondje requested a review from mwperina as a code owner February 18, 2025 12:22
@JasperB-TeamBlue JasperB-TeamBlue added the dependencies Pull requests that update a dependency file label Feb 18, 2025
JasperB-TeamBlue
JasperB-TeamBlue approved these changes Feb 18, 2025
View reviewed changes
Copy link
Contributor

@JasperB-TeamBlue JasperB-TeamBlue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested locally, still builds and functions normally

@dupondje
pom: bump org.postgresql:postgresql to 42.7.5
61ec037 
This fixes CVE-2024-1597.

Signed-off-by: Jean-Louis Dupond <jean-louis@dupond.be>
@dupondje
pom: bump org.apache.sshd:sshd-common to 2.14.0
33fef2b 
This fixes CVE-2023-48795.

Signed-off-by: Jean-Louis Dupond <jean-louis@dupond.be>
@dupondje
pom: bump org.hibernate.validator:hibernate-validator to 6.2.5.Final
71b0f1c 
Fixes CVE-2023-1932 and CVE-2020-10693.

Signed-off-by: Jean-Louis Dupond <jean-louis@dupond.be>
@dupondje
pom: bump org.infinispan:infinispan-core to 14.0.34.Final
d234b8c 
This fixes CVE-2023-5384 and CVE-2020-25711.

Signed-off-by: Jean-Louis Dupond <jean-louis@dupond.be>
@dupondje
pom: bump org.springframework to 5.3.39
c849a76 
This fixes CVE-2024-38808 and CVE-2024-38820.

Signed-off-by: Jean-Louis Dupond <jean-louis@dupond.be>
@dupondje
pom: bump org.yaml:snakeyaml to 2.4
fdb6940 
This fixes CVE-2022-1471.

Signed-off-by: Jean-Louis Dupond <jean-louis@dupond.be>
@dupondje dupondje merged commit 6f65f34 into oVirt:master Feb 19, 2025
1 of 2 checks passed
@dupondje dupondje deleted the bump_postgresql branch February 19, 2025 07:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JasperB-TeamBlue JasperB-TeamBlue JasperB-TeamBlue approved these changes

@mwperina mwperina Awaiting requested review from mwperina mwperina is a code owner

Assignees

@dupondje dupondje

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dupondje @JasperB-TeamBlue