[
https://issues.apache.org/jira/browse/SLING-12492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17904718#comment-17904718
]
Stefan Seifert commented on SLING-12492:
----------------------------------------
bq. It looks like dependabot didn't create a PR to automatically update the
org.apache.sling.api dependency? Do you know if there is some trick to get the
dependabot to rescan?
that's normally the case when in the past a dependabot PR for this dependency
was closed with "ignore this dependency". you have to find this PR in closed
PRs and reopen and reprocess it, to inform dependabot to revoke the ignore
setting.
> Apache Sling Scripting JavaScript 3.1.4 is affected by vulnerabilities
> CVE-2022-32549 and CVE-2021-29425.
> ---------------------------------------------------------------------------------------------------------
>
> Key: SLING-12492
> URL: https://issues.apache.org/jira/browse/SLING-12492
> Project: Sling
> Issue Type: Improvement
> Components: Scripting
> Affects Versions: Scripting JavaScript 3.1.4
> Reporter: Scott Yuan
> Assignee: Eric Norman
> Priority: Minor
> Fix For: Scripting JavaScript 3.1.6
>
>
> The MVN Repository reports that the latest release, Apache Sling Scripting
> JavaScript 3.1.4, is affected by vulnerabilities CVE-2022-32549 and
> CVE-2021-29425 due to outdated dependencies. For more details, visit MVN
> Repository.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
