File tree Expand file tree Collapse file tree
refactor-first-maven-plugin Expand file tree Collapse file tree Original file line number Diff line number Diff line change 3434 <groupId >org.slf4j</groupId >
3535 <artifactId >slf4j-simple</artifactId >
3636 </dependency >
37- <!-- Needed to suppress CVE-2023-2976 in maven-core:3.9.9 -->
38- <dependency >
39- <groupId >com.google.guava</groupId >
40- <artifactId >guava</artifactId >
41- </dependency >
4237 <dependency >
4338 <groupId >org.apache.maven</groupId >
4439 <artifactId >maven-core</artifactId >
Original file line number Diff line number Diff line change 3434 <groupId >org.jgrapht</groupId >
3535 <artifactId >jgrapht-core</artifactId >
3636 </dependency >
37+
38+ <!-- Addresses CVE-2026-40984 introduced through rewrite-core 8.86.0 -->
39+ <dependency >
40+ <groupId >io.micrometer</groupId >
41+ <artifactId >micrometer-core</artifactId >
42+ <version >1.10.0</version >
43+ </dependency >
3744 <dependency >
3845 <groupId >org.openrewrite</groupId >
3946 <artifactId >rewrite-java-21</artifactId >
Original file line number Diff line number Diff line change 1919 <artifactId >codebase-graph-builder</artifactId >
2020 </dependency >
2121
22+ <!-- commons-lang3 needed to address CVE-2025-48924
23+ introduced through pmd-java 7.0.0-rc4-->
24+ <dependency >
25+ <groupId >org.apache.commons</groupId >
26+ <artifactId >commons-lang3</artifactId >
27+ <version >3.18.0</version >
28+ </dependency >
2229 <dependency >
2330 <groupId >net.sourceforge.pmd</groupId >
2431 <artifactId >pmd-java</artifactId >
Original file line number Diff line number Diff line change 3434 <dependency >
3535 <groupId >com.google.guava</groupId >
3636 <artifactId >guava</artifactId >
37- <version >33.4.8-jre</version >
3837 </dependency >
3938 </dependencies >
4039
Original file line number Diff line number Diff line change 189189 <version >2.18.8</version >
190190 </dependency >
191191
192- <!-- Needed to suppress CVE-2023-2976-->
193- <!-- Guava 33.2.1-jre is used by maven-core -->
194192 <dependency >
195193 <groupId >com.google.guava</groupId >
196194 <artifactId >guava</artifactId >
197- <version >33.4 .0-jre</version >
195+ <version >33.6 .0-jre</version >
198196 </dependency >
199197
200198 <dependency >
449447 <plugin >
450448 <groupId >org.owasp</groupId >
451449 <artifactId >dependency-check-maven</artifactId >
452- <version >12.1.0 </version >
450+ <version >12.2.2 </version >
453451 <configuration >
454452 <failBuildOnCVSS >8.0</failBuildOnCVSS >
455453 </configuration >
Original file line number Diff line number Diff line change 2626 </dependency >
2727
2828 <!-- Maven Reporting -->
29- <!-- Needed to suppress CVE-2023-2976 in maven-core-->
30- <dependency >
31- <groupId >com.google.guava</groupId >
32- <artifactId >guava</artifactId >
33- </dependency >
3429 <!-- Needed to suppress CVE-2024-36124 in maven-core-->
3530 <dependency >
3631 <groupId >org.iq80.snappy</groupId >
4237 <artifactId >maven-core</artifactId >
4338 </dependency >
4439
40+ <!-- commons-beanutils needed to suppress CVE-2025-48734
41+ introduced through maven-reporting-impl 4.0.0-->
42+ <dependency >
43+ <groupId >commons-beanutils</groupId >
44+ <artifactId >commons-beanutils</artifactId >
45+ <version >1.11.0</version >
46+ </dependency >
47+
48+ <!-- commons-lang3 needed to suppress CVE-2025-48924
49+ introduced through maven-reporting-impl 4.0.0-->
50+ <dependency >
51+ <groupId >org.apache.commons</groupId >
52+ <artifactId >commons-lang3</artifactId >
53+ <version >3.18.0</version >
54+ </dependency >
4555 <dependency >
4656 <groupId >org.apache.maven.reporting</groupId >
4757 <artifactId >maven-reporting-impl</artifactId >
You can’t perform that action at this time.
0 commit comments