-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix CVE on this plugin itself #7156
Labels
Comments
nhumblot
added a commit
that referenced
this issue
Dec 15, 2024
jeremylong
pushed a commit
that referenced
this issue
Dec 16, 2024
marcelstoer
pushed a commit
to marcelstoer/DependencyCheck
that referenced
this issue
Dec 19, 2024
marcelstoer
pushed a commit
to marcelstoer/DependencyCheck
that referenced
this issue
Dec 19, 2024
marcelstoer
pushed a commit
to marcelstoer/DependencyCheck
that referenced
this issue
Dec 19, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
We use your great plugin on our projects with following configuration:
So,
dependency-check-maven
reports some CVE including CVE fromdependency-check-maven
itself.Version of dependency-check used
The problem occurs using version 11.1.0 of the maven plugin
Log file
To Reproduce
Steps to reproduce the behavior:
target/
repository to see reportExpected behavior
Upgrade dependencies to fix issue (
javax.json
can be replaced withorg.glassfish:jakarta.json:2.0.1
).The text was updated successfully, but these errors were encountered: