-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix/security finding #277
Fix/security finding #277
Conversation
Sync/upstream 2024 03 29
@thackerronak Hi, we cannot merge a PR which includes "restricted" dependencies. You also mentioned that this has to do with the SSI lib. Can you elaborate? |
Quality Gate passedIssues Measures |
@borisrizov-zf I have updated the DEPENDENCIES file and found that all dependencies are showing approved. |
Quality Gate passedIssues Measures |
@thackerronak Please rebase and re-generate DEPENDENCIES |
@thackerronak please rebase and re-generate DEPENDENCIES Also, change target branch to develop |
Description
Spring boot and cloud lib version was updated to mitigate GHSA-f3jh-qvm4-mg39
Note:
Below are two dependencies showing restricted which need to be fixed in ssi-lib.
maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.9.23, None, restricted, #14188
maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.9.23, None, restricted, #14185
Pre-review checks
Please ensure to do as many of the following checks as possible, before asking for committer review: