[Snyk] Upgrade: com.amazonaws:aws-java-sdk-core, com.esotericsoftware:kryo, redis.clients:jedis, io.github.resilience4j:resilience4j-ratelimiter, io.kamon:kamon-bundle_2.11, io.kamon:kamon-datadog_2.11, io.kamon:kamon-prometheus_2.11, org.elasticsearch.client:elasticsearch-rest-high-level-client, org.tmatesoft.sqljet:sqljet, org.xerial:sqlite-jdbc #851

GalKarpSF · 2024-09-13T00:53:18Z

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

com.amazonaws:aws-java-sdk-core
from 1.11.965 to 1.12.770 | 838 versions ahead of your current version | 23 days ago
on 2024-08-20
com.esotericsoftware:kryo
from 5.0.3 to 5.6.0 | 9 versions ahead of your current version | 8 months ago
on 2024-01-08
redis.clients:jedis
from 3.6.0 to 3.10.0 | 9 versions ahead of your current version | a year ago
on 2023-04-27
io.github.resilience4j:resilience4j-ratelimiter
from 1.7.0 to 1.7.1 | 1 version ahead of your current version | 3 years ago
on 2021-06-25
io.kamon:kamon-bundle_2.11
from 2.5.12 to 2.7.3 | 10 versions ahead of your current version | 3 months ago
on 2024-06-05
io.kamon:kamon-datadog_2.11
from 2.0.1 to 2.7.3 | 58 versions ahead of your current version | 3 months ago
on 2024-06-05
io.kamon:kamon-prometheus_2.11
from 2.5.12 to 2.7.3 | 10 versions ahead of your current version | 3 months ago
on 2024-06-05
org.elasticsearch.client:elasticsearch-rest-high-level-client
from 7.8.1 to 7.17.23 | 51 versions ahead of your current version | a month ago
on 2024-07-30
org.tmatesoft.sqljet:sqljet
from 1.1.13 to 1.1.15 | 2 versions ahead of your current version | 2 years ago
on 2022-11-08
org.xerial:sqlite-jdbc
from 3.15.1 to 3.46.1.0 | 52 versions ahead of your current version | 25 days ago
on 2024-08-19

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917	402	Mature
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617	402	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943	402	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980	402	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500	402	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407	402	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111	402	No Known Exploit
Arbitrary Code Execution SNYK-JAVA-ORGXERIAL-5596891	402	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-ORGYAML-2806360	402	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449	402	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450	402	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588	402	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414	402	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416	402	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417	402	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418	402	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419	402	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420	402	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421	402	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427	402	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931	402	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244	402	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043	402	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044	402	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538	402	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329	402	No Known Exploit
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JAVA-ORGELASTICSEARCH-6039899	402	No Known Exploit
Improper Handling of Exceptional Conditions SNYK-JAVA-ORGELASTICSEARCH-6083305	402	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-ORGYAML-6056527	402	No Known Exploit
Allocation of Resources Without Limits or Throttling SNYK-JAVA-SOFTWAREAMAZONION-6153869	402	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424	402	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425	402	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426	402	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207	402	Proof of Concept
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-31519	402	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-31520	402	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-ORGELASTICSEARCH-1324572	402	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424	402	Proof of Concept
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426	402	Proof of Concept
Denial of Service (DoS) SNYK-JAVA-COMSQUAREUPOKIO-5820002	402	Proof of Concept
Information Disclosure SNYK-JAVA-ORGELASTICSEARCH-1061930	402	No Known Exploit
Information Disclosure SNYK-JAVA-ORGELASTICSEARCH-1089258	402	No Known Exploit
Cross-site Scripting (XSS) SNYK-JAVA-ORGELASTICSEARCH-2431020	402	No Known Exploit
Stack-based Buffer Overflow SNYK-JAVA-ORGELASTICSEARCH-6038562	402	Mature
Insertion of Sensitive Information into Log File SNYK-JAVA-ORGELASTICSEARCH-6125580	402	No Known Exploit
Uncontrolled Recursion SNYK-JAVA-ORGELASTICSEARCH-6508260	402	No Known Exploit
Missing Encryption of Sensitive Data SNYK-JAVA-ORGELASTICSEARCH-7577201	402	No Known Exploit
Stack-based Buffer Overflow SNYK-JAVA-ORGYAML-3016891	402	Proof of Concept
Information Exposure SNYK-JAVA-COMMONSCODEC-561518	402	No Known Exploit
Information Exposure SNYK-JAVA-ORGELASTICSEARCH-1021613	402	No Known Exploit
Information Disclosure SNYK-JAVA-ORGELASTICSEARCH-1071900	402	No Known Exploit
Information Exposure SNYK-JAVA-ORGELASTICSEARCH-1083274	402	No Known Exploit
Information Disclosure SNYK-JAVA-ORGELASTICSEARCH-1089259	402	No Known Exploit
Missing Authorization SNYK-JAVA-ORGELASTICSEARCH-2431238	402	No Known Exploit
Stack-based Buffer Overflow SNYK-JAVA-ORGYAML-3016888	402	Proof of Concept
Stack-based Buffer Overflow SNYK-JAVA-ORGYAML-3016889	402	No Known Exploit
Stack-based Buffer Overflow SNYK-JAVA-ORGYAML-3113851	402	No Known Exploit

Important

Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"com.amazonaws:aws-java-sdk-core","from":"1.11.965","to":"1.12.770"},{"name":"com.esotericsoftware:kryo","from":"5.0.3","to":"5.6.0"},{"name":"redis.clients:jedis","from":"3.6.0","to":"3.10.0"},{"name":"io.github.resilience4j:resilience4j-ratelimiter","from":"1.7.0","to":"1.7.1"},{"name":"io.kamon:kamon-bundle_2.11","from":"2.5.12","to":"2.7.3"},{"name":"io.kamon:kamon-datadog_2.11","from":"2.0.1","to":"2.7.3"},{"name":"io.kamon:kamon-prometheus_2.11","from":"2.5.12","to":"2.7.3"},{"name":"org.elasticsearch.client:elasticsearch-rest-high-level-client","from":"7.8.1","to":"7.17.23"},{"name":"org.tmatesoft.sqljet:sqljet","from":"1.1.13","to":"1.1.15"},{"name":"org.xerial:sqlite-jdbc","from":"3.15.1","to":"3.46.1.0"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"mature","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917","priority_score":619,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGXERIAL-5596891","issue_id":"SNYK-JAVA-ORGXERIAL-5596891","priority_score":654,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGYAML-2806360","issue_id":"SNYK-JAVA-ORGYAML-2806360","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588","priority_score":512,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414","priority_score":416,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416","priority_score":512,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417","priority_score":416,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418","priority_score":512,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419","priority_score":416,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420","priority_score":512,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421","priority_score":512,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427","priority_score":512,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043","priority_score":512,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538","priority_score":649,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.7","score":435},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-6039899","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-6039899","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-6083305","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-6083305","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Handling of Exceptional Conditions"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGYAML-6056527","issue_id":"SNYK-JAVA-ORGYAML-6056527","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-SOFTWAREAMAZONION-6153869","issue_id":"SNYK-JAVA-SOFTWAREAMAZONION-6153869","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Allocation of Resources Without Limits or Throttling"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424","priority_score":416,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425","priority_score":416,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426","priority_score":512,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207","priority_score":402,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Deserialization of Untrusted Data"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-31519","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-31519","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-31520","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-31520","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1324572","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1324572","priority_score":520,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424","priority_score":402,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426","issue_id":"SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426","priority_score":402,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-COMSQUAREUPOKIO-5820002","issue_id":"SNYK-JAVA-COMSQUAREUPOKIO-5820002","priority_score":616,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1061930","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1061930","priority_score":440,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Disclosure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1089258","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1089258","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Disclosure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-2431020","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-2431020","priority_score":449,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.7","score":235},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"mature","id":"SNYK-JAVA-ORGELASTICSEARCH-6038562","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-6038562","priority_score":711,"priority_score_factors":[{"type":"exploit","label":"Functional","score":171},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Stack-based Buffer Overflow"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-6125580","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-6125580","priority_score":474,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.2","score":260},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Insertion of Sensitive Information into Log File"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-6508260","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-6508260","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Recursion"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-7577201","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-7577201","priority_score":559,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Encryption of Sensitive Data"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-ORGYAML-3016891","issue_id":"SNYK-JAVA-ORGYAML-3016891","priority_score":536,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Stack-based Buffer Overflow"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-COMMONSCODEC-561518","issue_id":"SNYK-JAVA-COMMONSCODEC-561518","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1021613","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1021613","priority_score":369,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.1","score":155},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1071900","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1071900","priority_score":309,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"1.9","score":95},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Disclosure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1083274","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1083274","priority_score":344,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.6","score":130},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-1089259","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-1089259","priority_score":344,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.6","score":130},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Disclosure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGELASTICSEARCH-2431238","issue_id":"SNYK-JAVA-ORGELASTICSEARCH-2431238","priority_score":369,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.1","score":155},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Missing Authorization"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JAVA-ORGYAML-3016888","issue_id":"SNYK-JAVA-ORGYAML-3016888","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Stack-based Buffer Overflow"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGYAML-3016889","issue_id":"SNYK-JAVA-ORGYAML-3016889","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Stack-based Buffer Overflow"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JAVA-ORGYAML-3113851","issue_id":"SNYK-JAVA-ORGYAML-3113851","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Stack-based Buffer Overflow"}],"prId":"fd7bc58a-da97-4d7c-922c-22e8ee3b513f","prPublicId":"fd7bc58a-da97-4d7c-922c-22e8ee3b513f","packageManager":"maven","priorityScoreList":[619,405,405,405,405,405,405,654,589,405,405,512,416,512,416,512,416,512,512,512,405,375,512,405,649,589,589,589,589,589,416,416,512,402,265,265,520,402,402,616,440,429,449,711,474,429,559,536,399,369,309,344,344,369,506,399,399],"projectPublicId":"6f226390-d845-4198-821b-1ab29d3c180d","projectUrl":"https://app.snyk.io/org/dataroma/project/6f226390-d845-4198-821b-1ab29d3c180d?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917","SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617","SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943","SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980","SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500","SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407","SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111","SNYK-JAVA-ORGXERIAL-5596891","SNYK-JAVA-ORGYAML-2806360","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931","SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244","SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043","SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044","SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538","SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329","SNYK-JAVA-ORGELASTICSEARCH-6039899","SNYK-JAVA-ORGELASTICSEARCH-6083305","SNYK-JAVA-ORGYAML-6056527","SNYK-JAVA-SOFTWAREAMAZONION-6153869","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426","SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207","SNYK-JAVA-COMFASTERXMLJACKSONCORE-31519","SNYK-JAVA-COMFASTERXMLJACKSONCORE-31520","SNYK-JAVA-ORGELASTICSEARCH-1324572","SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424","SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426","SNYK-JAVA-COMSQUAREUPOKIO-5820002","SNYK-JAVA-ORGELASTICSEARCH-1061930","SNYK-JAVA-ORGELASTICSEARCH-1089258","SNYK-JAVA-ORGELASTICSEARCH-2431020","SNYK-JAVA-ORGELASTICSEARCH-6038562","SNYK-JAVA-ORGELASTICSEARCH-6125580","SNYK-JAVA-ORGELASTICSEARCH-6508260","SNYK-JAVA-ORGELASTICSEARCH-7577201","SNYK-JAVA-ORGYAML-3016891","SNYK-JAVA-COMMONSCODEC-561518","SNYK-JAVA-ORGELASTICSEARCH-1021613","SNYK-JAVA-ORGELASTICSEARCH-1071900","SNYK-JAVA-ORGELASTICSEARCH-1083274","SNYK-JAVA-ORGELASTICSEARCH-1089259","SNYK-JAVA-ORGELASTICSEARCH-2431238","SNYK-JAVA-ORGYAML-3016888","SNYK-JAVA-ORGYAML-3016889","SNYK-JAVA-ORGYAML-3113851"],"upgradeInfo":{"versionsDiff":838,"publishedDate":"2024-08-20T23:31:36.000Z"},"vulns":["SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917","SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617","SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943","SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980","SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500","SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407","SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111","SNYK-JAVA-ORGXERIAL-5596891","SNYK-JAVA-ORGYAML-2806360","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931","SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244","SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043","SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044","SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538","SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329","SNYK-JAVA-ORGELASTICSEARCH-6039899","SNYK-JAVA-ORGELASTICSEARCH-6083305","SNYK-JAVA-ORGYAML-6056527","SNYK-JAVA-SOFTWAREAMAZONION-6153869","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426","SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207","SNYK-JAVA-COMFASTERXMLJACKSONCORE-31519","SNYK-JAVA-COMFASTERXMLJACKSONCORE-31520","SNYK-JAVA-ORGELASTICSEARCH-1324572","SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424","SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426","SNYK-JAVA-COMSQUAREUPOKIO-5820002","SNYK-JAVA-ORGELASTICSEARCH-1061930","SNYK-JAVA-ORGELASTICSEARCH-1089258","SNYK-JAVA-ORGELASTICSEARCH-2431020","SNYK-JAVA-ORGELASTICSEARCH-6038562","SNYK-JAVA-ORGELASTICSEARCH-6125580","SNYK-JAVA-ORGELASTICSEARCH-6508260","SNYK-JAVA-ORGELASTICSEARCH-7577201","SNYK-JAVA-ORGYAML-3016891","SNYK-JAVA-COMMONSCODEC-561518","SNYK-JAVA-ORGELASTICSEARCH-1021613","SNYK-JAVA-ORGELASTICSEARCH-1071900","SNYK-JAVA-ORGELASTICSEARCH-1083274","SNYK-JAVA-ORGELASTICSEARCH-1089259","SNYK-JAVA-ORGELASTICSEARCH-2431238","SNYK-JAVA-ORGYAML-3016888","SNYK-JAVA-ORGYAML-3016889","SNYK-JAVA-ORGYAML-3113851"]}'

Snyk has created this PR to upgrade: - com.amazonaws:aws-java-sdk-core from 1.11.965 to 1.12.770. See this package in maven: https://mvnrepository.com/artifact/com.amazonaws/aws-java-sdk-core/ - com.esotericsoftware:kryo from 5.0.3 to 5.6.0. See this package in maven: https://mvnrepository.com/artifact/com.esotericsoftware/kryo/ - redis.clients:jedis from 3.6.0 to 3.10.0. See this package in maven: https://mvnrepository.com/artifact/redis.clients/jedis/ - io.github.resilience4j:resilience4j-ratelimiter from 1.7.0 to 1.7.1. See this package in maven: https://mvnrepository.com/artifact/io.github.resilience4j/resilience4j-ratelimiter/ - io.kamon:kamon-bundle_2.11 from 2.5.12 to 2.7.3. See this package in maven: https://mvnrepository.com/artifact/io.kamon/kamon-bundle_2.11/ - io.kamon:kamon-datadog_2.11 from 2.0.1 to 2.7.3. See this package in maven: https://mvnrepository.com/artifact/io.kamon/kamon-datadog_2.11/ - io.kamon:kamon-prometheus_2.11 from 2.5.12 to 2.7.3. See this package in maven: https://mvnrepository.com/artifact/io.kamon/kamon-prometheus_2.11/ - org.elasticsearch.client:elasticsearch-rest-high-level-client from 7.8.1 to 7.17.23. See this package in maven: https://mvnrepository.com/artifact/org.elasticsearch.client/elasticsearch-rest-high-level-client/ - org.tmatesoft.sqljet:sqljet from 1.1.13 to 1.1.15. See this package in maven: https://mvnrepository.com/artifact/org.tmatesoft.sqljet/sqljet/ - org.xerial:sqlite-jdbc from 3.15.1 to 3.46.1.0. See this package in maven: https://mvnrepository.com/artifact/org.xerial/sqlite-jdbc/ See this project in Snyk: https://app.snyk.io/org/dataroma/project/6f226390-d845-4198-821b-1ab29d3c180d?utm_source=github&utm_medium=referral&page=upgrade-pr

salesforce-cla bot added the cla:signed label Sep 13, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GalKarpSF commented Sep 13, 2024

Are you sure you want to change the base?

Conversation

GalKarpSF commented Sep 13, 2024

Snyk has created this PR to upgrade multiple dependencies.

Issues fixed by the recommended upgrade: