Skip to content

Remove vulnerabilities#321

Merged
san-zrl merged 1 commit into
mainfrom
chore/manage-vulnerabilities
Aug 28, 2025
Merged

Remove vulnerabilities#321
san-zrl merged 1 commit into
mainfrom
chore/manage-vulnerabilities

Conversation

@san-zrl

@san-zrl san-zrl commented Aug 27, 2025

Copy link
Copy Markdown
Contributor

Dependabot reported vulnerabilities from transitive dependencies

  • org.apache.tomcat.embed:tomcat-embed-core 9.0.106 update to 9.0.108
  • ch.qos.logback:logback-classic 1.2.9 update first to 1.2.13, then to to 1.3.15

The general strategy to fix these problems in either to exclude the offending packages (if they are unnecessary) or to explicitly upgrade them to the required version.

This PR

  • Excludes org.apache.tomcat.embed:* since we don't need any tomact.embed packages
  • Explicitly bumps ch.qos.logback:logback-classic to 1.3.15

Signed-off-by: san-zrl <san@zurich.ibm.com>
@san-zrl san-zrl requested review from a team and n1ckl0sk0rtge and removed request for n1ckl0sk0rtge August 27, 2025 12:27
@san-zrl san-zrl merged commit e086a4b into main Aug 28, 2025
3 checks passed
@san-zrl san-zrl deleted the chore/manage-vulnerabilities branch August 28, 2025 10:12
@san-zrl san-zrl restored the chore/manage-vulnerabilities branch August 28, 2025 10:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant