Upgrade mapdb and dependency manage kerby #5035

hmottestad · 2024-06-18T09:38:09Z

Currently mapdb 3.0.9 has the following dependency vulnerability: https://devhub.checkmarx.com/cve-details/CVE-2022-24329/

We should upgrade to 3.0.10 or 3.1.0. Since 3.1.0 is already harvested and cleared by ClearlyDefined then we should try that version first.

There is also a licensing issue with the transitive dependency kerby which is used by solr. We should try to bump this to the next version without licensing issues.

…since this one has good enough license info for ClearlyDefined

…since this one has good enough license info for ClearlyDefined (#5036)

hmottestad added the dependencies Pull requests that update a dependency file label Jun 18, 2024

hmottestad added this to the 5.0.0 milestone Jun 18, 2024

hmottestad self-assigned this Jun 18, 2024

hmottestad added a commit that referenced this issue Jun 18, 2024

GH-5035 update version of mapdb and dependency manage kerby to 1.1.1 …

9aaaf91

…since this one has good enough license info for ClearlyDefined

hmottestad mentioned this issue Jun 18, 2024

GH-5035 update version of mapdb and dependency manage kerby to 1.1.1 since this one has good enough license info for ClearlyDefined #5036

Merged

5 tasks

hmottestad added a commit that referenced this issue Jun 18, 2024

GH-5035 update version of mapdb and dependency manage kerby to 1.1.1 …

414ad36

…since this one has good enough license info for ClearlyDefined (#5036)

hmottestad closed this as completed in #5036 Jun 18, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade mapdb and dependency manage kerby #5035

Upgrade mapdb and dependency manage kerby #5035

hmottestad commented Jun 18, 2024

Upgrade mapdb and dependency manage kerby #5035

Upgrade mapdb and dependency manage kerby #5035

Comments

hmottestad commented Jun 18, 2024