[
https://issues.apache.org/jira/browse/SLING-12492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17906564#comment-17906564
]
Eric Norman commented on SLING-12492:
-------------------------------------
[~rombert] I don't have the time to debug the dependabot troubles anytime soon.
In the mean time I created PR #4 to manually bump the dependency version to
accomplish the same goal.
> Apache Sling Scripting JavaScript 3.1.4 is affected by vulnerabilities
> CVE-2022-32549 and CVE-2021-29425.
> ---------------------------------------------------------------------------------------------------------
>
> Key: SLING-12492
> URL: https://issues.apache.org/jira/browse/SLING-12492
> Project: Sling
> Issue Type: Improvement
> Components: Scripting
> Affects Versions: Scripting JavaScript 3.1.4
> Reporter: Scott Yuan
> Assignee: Eric Norman
> Priority: Minor
> Fix For: Scripting JavaScript 3.1.6
>
>
> The MVN Repository reports that the latest release, Apache Sling Scripting
> JavaScript 3.1.4, is affected by vulnerabilities CVE-2022-32549 and
> CVE-2021-29425 due to outdated dependencies. For more details, visit MVN
> Repository.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
