This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:-------------------------
| 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5 | Denial of Service (DoS)
SNYK-JAVA-COMGOOGLEPROTOBUF-3167772 | com.google.protobuf:protobuf-java:
3.18.2 -> 3.19.6
| No | No Known Exploit
| 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 | Denial of Service (DoS)
SNYK-JAVA-ORGCODEHAUSJETTISON-3168085 | | No | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
Vulnerabilities that could not be fixed
- Upgrade:
- Could not upgrade
org.springframework.boot:[email protected]
to org.springframework.boot:[email protected]
; Reason could not apply upgrade, dependency is managed externally
; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.7.0/spring-boot-dependencies-2.7.0.pom
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Denial of Service (DoS)
🦉 Denial of Service (DoS)
Extra Small