Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions cli/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -34,11 +34,6 @@
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
</dependency>
<!-- Needed to suppress CVE-2023-2976 in maven-core:3.9.9 -->
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-core</artifactId>
Expand Down
7 changes: 7 additions & 0 deletions codebase-graph-builder/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,13 @@
<groupId>org.jgrapht</groupId>
<artifactId>jgrapht-core</artifactId>
</dependency>

<!-- Addresses CVE-2026-40984 introduced through rewrite-core 8.86.0 -->
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-core</artifactId>
<version>1.10.0</version>
</dependency>
<dependency>
<groupId>org.openrewrite</groupId>
<artifactId>rewrite-java-21</artifactId>
Expand Down
7 changes: 7 additions & 0 deletions effort-ranker/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,13 @@
<artifactId>codebase-graph-builder</artifactId>
</dependency>

<!-- commons-lang3 needed to address CVE-2025-48924
introduced through pmd-java 7.0.0-rc4-->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.18.0</version>
</dependency>
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-java</artifactId>
Expand Down
1 change: 0 additions & 1 deletion graph-algorithms/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>33.4.8-jre</version>
</dependency>
</dependencies>

Expand Down
6 changes: 2 additions & 4 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -189,12 +189,10 @@
<version>2.18.8</version>
</dependency>

<!-- Needed to suppress CVE-2023-2976-->
<!-- Guava 33.2.1-jre is used by maven-core -->
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>33.4.0-jre</version>
<version>33.6.0-jre</version>
</dependency>

<dependency>
Expand Down Expand Up @@ -449,7 +447,7 @@
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>12.1.0</version>
<version>12.2.2</version>
<configuration>
<failBuildOnCVSS>8.0</failBuildOnCVSS>
</configuration>
Expand Down
20 changes: 15 additions & 5 deletions refactor-first-maven-plugin/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,6 @@
</dependency>

<!-- Maven Reporting -->
<!-- Needed to suppress CVE-2023-2976 in maven-core-->
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</dependency>
<!-- Needed to suppress CVE-2024-36124 in maven-core-->
<dependency>
<groupId>org.iq80.snappy</groupId>
Expand All @@ -42,6 +37,21 @@
<artifactId>maven-core</artifactId>
</dependency>

<!-- commons-beanutils needed to suppress CVE-2025-48734
introduced through maven-reporting-impl 4.0.0-->
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
<version>1.11.0</version>
</dependency>

<!-- commons-lang3 needed to suppress CVE-2025-48924
introduced through maven-reporting-impl 4.0.0-->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.18.0</version>
</dependency>
<dependency>
<groupId>org.apache.maven.reporting</groupId>
<artifactId>maven-reporting-impl</artifactId>
Expand Down
Loading