This is an automated email from the ASF dual-hosted git repository.
slachiewicz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven-dependency-plugin.git
The following commit(s) were added to refs/heads/master by this push:
new 309fee0 Update transitive dependency to non-vulnerable version
309fee0 is described below
commit 309fee0c36699518e6feac3685d35e0e9e0b0b5e
Author: Apoorva Srivastava <[email protected]>
AuthorDate: Thu Dec 9 11:33:01 2021 -0500
Update transitive dependency to non-vulnerable version
The current transitive dependency `commons-beanutils-1.7.0` is vulnerable:
https://www.cve.org/CVERecord?id=CVE-2014-0114.
---
pom.xml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/pom.xml b/pom.xml
index 22907b9..e0fe1b1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -370,6 +370,12 @@ under the License.
<version>${slf4j.version}</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>commons-beanutils</groupId>
+ <artifactId>commons-beanutils</artifactId>
+ <version>1.9.4</version>
+ </dependency>
+
</dependencies>
<build>
