fusionauth-issues icon indicating copy to clipboard operation
fusionauth-issues copied to clipboard

Update deps for 1.52.0

Open andrewpai opened this issue 1 year ago • 1 comments

Update deps for 1.52.0

Description

Update any 3rd party dependencies that have updates or security updates.

package old-version -> new-version package old-version -> new-version package old-version -> new-version etc.

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

andrewpai avatar Apr 24 '24 18:04 andrewpai

Review transitive dep for org.xerial.snappy/snappy-java 1.1.10+5. trivy does not show this result, but Docker Scout does.

Update, we have the correct version, but Docker Scout is confused and doesn't know that 1.1.10+5 is really 1.1.10.5.

robotdan avatar Jul 04 '24 03:07 robotdan

Internal:

  • https://github.com/FusionAuth/fusionauth-app/pull/477
  • https://github.com/FusionAuth/fusionauth-app/pull/493
  • https://github.com/FusionAuth/fusionauth-containers/pull/103
  • https://github.com/FusionAuth/fusionauth-containers/pull/104
  • https://github.com/FusionAuth/fusionauth-app/pull/494
  • https://github.com/FusionAuth/fusionauth-app/pull/495

robotdan avatar Jul 10 '24 18:07 robotdan

We should plan to upgrade the version of Handlebars we are using. There is a reported CVE, and while this primarily relates to running JavaScript on the server side, which we do not do - we should upgrade anyway to avoid getting un-necessary attention by security researches.

CVE-2021-23369

We currently are using version 4.7.6 and version 4.7.8 is now available.

  • https://handlebarsjs.com/installation/#downloading-handlebars

robotdan avatar Jul 23 '24 20:07 robotdan