fix(security): upgrade spring-boot-starter-web to 4.0.0 #9
snyk test
snyk test was a success with exit code 0 (to enable debug mode re-run the check).
Details
Running: snyk test --all-projects --json --org=nwb-backend-shared --configuration-matching=^runtimeClasspath$ --severity-threshold=high --fail-on=all -- --build-cache
Procesing snyk test --json output
Processing: simple-spring
New issues introduced !
Security Vulnerabilities:
1/2: SNYK-JAVA-TOOLSJACKSONCORE-15365915:Allocation of Resources Without Limits or Throttling [High Severity][cvssScore: 8.7]
Via: org.springframework.boot:spring-boot-starter-web@4.0.3 => org.springframework.boot:spring-boot-starter-jackson@4.0.3 => org.springframework.boot:spring-boot-jackson@4.0.3 => tools.jackson.core:jackson-databind@3.0.4 => tools.jackson.core:jackson-core@3.0.4
Fixed in: tools.jackson.core:jackson-core 3.1.0
2/2: SNYK-JAVA-TOOLSJACKSONCORE-15371178:Allocation of Resources Without Limits or Throttling [High Severity][cvssScore: 7.1]
Via: org.springframework.boot:spring-boot-starter-web@4.0.3 => org.springframework.boot:spring-boot-starter-jackson@4.0.3 => org.springframework.boot:spring-boot-jackson@4.0.3 => tools.jackson.core:jackson-databind@3.0.4 => tools.jackson.core:jackson-core@3.0.4
Fixed in: tools.jackson.core:jackson-core 3.1.0
Finished processing
Project: simple-spring | Exit code: 0
Overall exit code for snyk-delta-all-projects.sh: 0