ZachChuba
ZachChuba
@eddumelendez Can you enable the tests CI flows so we can confirm this does not break and review?
Let me know when that version is published and I'll add it to the build
@yeikel Pushed the changes, in this PR
@yeikel @Rene2000k I've been waiting as well, v2.0.1 is now released and shows 0 vulns on sonatype.
Yes version 2.0 and above remediate it, upgrading to 2.2 would work
Don't forget the other false positive -- test containers is only properly used in testing, so even if it were exploitable it would have trivial impact. Unfortunately, though, tools like...
Sonatype is a useful tool for identifying the potentiality of vulnerabilities in a project, but it is horrible because enterprises typically equate the potentiality of a vulnerability with the exploitability...
I am working on a PR to upgrade snakeyaml and jackson to the latest versions. @codefish1 the dependencies were previously shaded in to hard enforce backwards compatibility for certain containers,...