Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency commons-io:commons-io to v2 [SECURITY] #14

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency commons-io:commons-io to v2 [SECURITY] #14

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 24, 2022
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
commons-io:commons-io (source) 1.3.2 -> 2.7 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@codecov
Copy link

codecov bot commented Dec 24, 2022
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 51.88%. Comparing base (07c8f19) to head (ff16819).
Report is 4 commits behind head on master.

❗ Current head ff16819 differs from pull request most recent head ffa21f1. Consider uploading reports for the commit ffa21f1 to get more accurate results

Additional details and impacted files 
@@             Coverage Diff              @@
##             master      #14      +/-   ##
============================================
+ Coverage     51.72%   51.88%   +0.15%     
- Complexity      106      107       +1     
============================================
  Files            23       23              
  Lines           609      611       +2     
  Branches         38       39       +1     
============================================
+ Hits            315      317       +2     
  Misses          281      281              
  Partials         13       13

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@renovate renovate bot changed the title Update dependency commons-io:commons-io to v2 [SECURITY] Update dependency commons-io:commons-io to v2 [SECURITY] - autoclosed Dec 30, 2022
@renovate renovate bot closed this Dec 30, 2022
@renovate renovate bot deleted the renovate/maven-commons-io-commons-io-vulnerability branch December 30, 2022 20:24
@renovate renovate bot restored the renovate/maven-commons-io-commons-io-vulnerability branch December 30, 2022 23:43
@renovate renovate bot changed the title Update dependency commons-io:commons-io to v2 [SECURITY] - autoclosed Update dependency commons-io:commons-io to v2 [SECURITY] Dec 30, 2022
@renovate renovate bot reopened this Dec 30, 2022
@renovate renovate bot changed the title Update dependency commons-io:commons-io to v2 [SECURITY] Update dependency commons-io:commons-io to v2 [SECURITY] - autoclosed Jan 3, 2023
@renovate renovate bot closed this Jan 3, 2023
@renovate renovate bot deleted the renovate/maven-commons-io-commons-io-vulnerability branch January 3, 2023 03:46
@renovate renovate bot changed the title Update dependency commons-io:commons-io to v2 [SECURITY] - autoclosed Update dependency commons-io:commons-io to v2 [SECURITY] Jan 3, 2023
@renovate renovate bot restored the renovate/maven-commons-io-commons-io-vulnerability branch January 3, 2023 06:50
@renovate renovate bot reopened this Jan 3, 2023
@renovate renovate bot changed the title Update dependency commons-io:commons-io to v2 [SECURITY] Update dependency commons-io:commons-io to v2 [SECURITY] - autoclosed Jan 4, 2023
@renovate renovate bot closed this Jan 4, 2023
@renovate renovate bot deleted the renovate/maven-commons-io-commons-io-vulnerability branch January 4, 2023 21:09
@renovate renovate bot changed the title Update dependency commons-io:commons-io to v2 [SECURITY] - autoclosed Update dependency commons-io:commons-io to v2 [SECURITY] Jan 5, 2023
@renovate renovate bot reopened this Jan 5, 2023
@renovate renovate bot restored the renovate/maven-commons-io-commons-io-vulnerability branch January 5, 2023 00:25
@renovate renovate bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from 5f384bc to 8355b0f Compare August 18, 2023 11:10
@renovate renovate bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from 8355b0f to a439fe3 Compare October 10, 2023 17:09
@renovate renovate bot requested a review from a team as a code owner October 10, 2023 17:09
@renovate renovate bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from a439fe3 to ff16819 Compare October 12, 2023 10:30
@renovate renovate bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from ff16819 to ffa21f1 Compare May 1, 2024 08:33
@renovate renovate bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from ffa21f1 to 8d98ee0 Compare August 7, 2024 13:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants