Bump io.springfox.version from 2.9.2 to 3.0.0 in /src/backend #4

dependabot · 2021-02-08T19:27:15Z

Bumps io.springfox.version from 2.9.2 to 3.0.0.
Updates springfox-swagger2 from 2.9.2 to 3.0.0

Release notes

Sourced from springfox-swagger2's releases.

3.0.0

Release Notes

Picture Credit National Geographic

First and foremost a big thank you to the community for keeping me motivated to work on this project. There have been some really amazing contributions in this release in terms of code, comments, bug reports and it is humbling to see people jumping in to solve problems on the issue forum. It sure motivated me to get over the "hump" and start working on in earnest. What better way to lose the COVID blues!

Thank you! 🥳 🍾

Also please welcome the newest maintainer to the springfox team @MaksimOrlov. A lot of the great work you see in the model generation support is due to his efforts, collaborating tirelessly on weekends and not giving up while ensuring the model generation engine is performant 👏

NOTE: This is a breaking change release, I've tried to maintain backwards compatibility with earlier versions of springfox as much as possible. Deprecated APIs prior to 2.9 have been aggressively removed and new APIs that will go away in the near future have been marked. So please look out for those and do report anything that has been missed.

Highlights of this release include

Spring 5, Webflux support (only request mapping support, functional endpoints aren't supported yet)

Spring Integration support (feedback is much appreciated)

Spring Boot support springfox-boot-starter dependency (Zero Config, Autoconfiguration support)

Documented Configuration Properties with autocomplete

Better specification compatibility with 2.0

Support for OpenApi 3.0.3

Zero Dependency (almost, the only libraries needed are spring-plugin, pswagger-core](https://github.com/swagger-api/swagger-core)

Existing swagger2 annotations will continue to work and enrich open api 3.0 specification

Compatibility Notes

Requires Java 8

Requires Spring 5.x (not tested with earlier versions

Requires SpringBoot 2.2+ (not tested with earlier versions)

Contributions

Significant contributions that come to mind (and please remind me of others in this list cos' my memory is weak)

@MaksimOrlov for his work on better model generation (json view, validation groups, request/response models)

@dschulten for introducing spring integration support

@deblockt and @ligasgr for their work on webflux support

@ile for spring 5 support

@neil1hart for removing the guava dependencies

and @cbornet for the occasional nudges to working on this release :)

Pull Requests

3348 - Fixed model generation bugs (#3350) by @dilipkrish

Returning cache to life. (#3307) by @MaksimOrlov

Check to prevent NPE. #3303 (#3304) by @MaksimOrlov

Enhancement of merging algorithm. maintenance (#3298) by @MaksimOrlov

Issue 3255 (#3259) by @shouldnotappearcalm

Model enhancement bugfix (#3247) by @MaksimOrlov

Update swagger ui to version without css security issue (#3226) by @msbg

Jackson 2.10.1 (#3217) by @sullis

Issue 2932 (#3210) by @alienisty

#3189 - handle defaults in Spring placeholders (#3190) by @beliakou

... (truncated)

Commits

bc9d0ca Updated the documentation
d92928f Sorted the model properties by position and name
4f4aa54 Added anchors for section links.
9ffb648 Merge branch 'bug/3030-fix-base-path-with-plugins'
af99ca6 Added documentation about the avilability of the plugins
fb979a8 Added webmvc/webflux varaints of transformation filter plugins
dd47e4f Added two plugins to help customize the host/basePath
a9cf914 Added auto-startup property to the properties
a66b9a0 Fixed issue rendering file input as model attribute
6b34f42 Merge branch 'bug/3353-form-variables-are-not-visible'
Additional commits viewable in compare view

Updates springfox-swagger-ui from 2.9.2 to 3.0.0

Release notes

Sourced from springfox-swagger-ui's releases.

3.0.0

Release Notes

Picture Credit National Geographic

First and foremost a big thank you to the community for keeping me motivated to work on this project. There have been some really amazing contributions in this release in terms of code, comments, bug reports and it is humbling to see people jumping in to solve problems on the issue forum. It sure motivated me to get over the "hump" and start working on in earnest. What better way to lose the COVID blues!

Thank you! 🥳 🍾

Also please welcome the newest maintainer to the springfox team @MaksimOrlov. A lot of the great work you see in the model generation support is due to his efforts, collaborating tirelessly on weekends and not giving up while ensuring the model generation engine is performant 👏

NOTE: This is a breaking change release, I've tried to maintain backwards compatibility with earlier versions of springfox as much as possible. Deprecated APIs prior to 2.9 have been aggressively removed and new APIs that will go away in the near future have been marked. So please look out for those and do report anything that has been missed.

Highlights of this release include

Spring 5, Webflux support (only request mapping support, functional endpoints aren't supported yet)

Spring Integration support (feedback is much appreciated)

Spring Boot support springfox-boot-starter dependency (Zero Config, Autoconfiguration support)

Documented Configuration Properties with autocomplete

Better specification compatibility with 2.0

Support for OpenApi 3.0.3

Zero Dependency (almost, the only libraries needed are spring-plugin, pswagger-core](https://github.com/swagger-api/swagger-core)

Existing swagger2 annotations will continue to work and enrich open api 3.0 specification

Compatibility Notes

Requires Java 8

Requires Spring 5.x (not tested with earlier versions

Requires SpringBoot 2.2+ (not tested with earlier versions)

Contributions

Significant contributions that come to mind (and please remind me of others in this list cos' my memory is weak)

@MaksimOrlov for his work on better model generation (json view, validation groups, request/response models)

@dschulten for introducing spring integration support

@deblockt and @ligasgr for their work on webflux support

@ile for spring 5 support

@neil1hart for removing the guava dependencies

and @cbornet for the occasional nudges to working on this release :)

Pull Requests

3348 - Fixed model generation bugs (#3350) by @dilipkrish

Returning cache to life. (#3307) by @MaksimOrlov

Check to prevent NPE. #3303 (#3304) by @MaksimOrlov

Enhancement of merging algorithm. maintenance (#3298) by @MaksimOrlov

Issue 3255 (#3259) by @shouldnotappearcalm

Model enhancement bugfix (#3247) by @MaksimOrlov

Update swagger ui to version without css security issue (#3226) by @msbg

Jackson 2.10.1 (#3217) by @sullis

Issue 2932 (#3210) by @alienisty

#3189 - handle defaults in Spring placeholders (#3190) by @beliakou

... (truncated)

Commits

bc9d0ca Updated the documentation
d92928f Sorted the model properties by position and name
4f4aa54 Added anchors for section links.
9ffb648 Merge branch 'bug/3030-fix-base-path-with-plugins'
af99ca6 Added documentation about the avilability of the plugins
fb979a8 Added webmvc/webflux varaints of transformation filter plugins
dd47e4f Added two plugins to help customize the host/basePath
a9cf914 Added auto-startup property to the properties
a66b9a0 Fixed issue rendering file input as model attribute
6b34f42 Merge branch 'bug/3353-form-variables-are-not-visible'
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps `io.springfox.version` from 2.9.2 to 3.0.0. Updates `springfox-swagger2` from 2.9.2 to 3.0.0 - [Release notes](https://github.com/springfox/springfox/releases) - [Changelog](https://github.com/springfox/springfox/blob/master/docs/release-notes.md) - [Commits](springfox/springfox@2.9.2...3.0.0) Updates `springfox-swagger-ui` from 2.9.2 to 3.0.0 - [Release notes](https://github.com/springfox/springfox/releases) - [Changelog](https://github.com/springfox/springfox/blob/master/docs/release-notes.md) - [Commits](springfox/springfox@2.9.2...3.0.0) Signed-off-by: dependabot[bot] <support@github.com>

mergebase-codegreen

Mergebase Code Green

Congrats! You removed some vulnerabilities.

Vulnerabilities removed

Vulnerability	Dependency	Source Path
CVE-2018-10237, GOOGLE-GUAVA-4011, CVE-2020-8908	com.google.guava/guava:20.0	src/backend/libs/efiling-bom/pom.xml
CVE-2016-5007	org.springframework/spring-aop:4.0.9.RELEASE	src/backend/libs/efiling-bom/pom.xml
CVE-2016-5007	org.springframework/spring-beans:4.0.9.RELEASE	src/backend/libs/efiling-bom/pom.xml
CVE-2016-5007	org.springframework/spring-context:4.0.9.RELEASE	src/backend/libs/efiling-bom/pom.xml
CVE-2018-1272, CVE-2016-5007	org.springframework/spring-core:4.0.9.RELEASE	src/backend/libs/efiling-bom/pom.xml
CVE-2016-5007	org.springframework/spring-expression:4.0.9.RELEASE	src/backend/libs/efiling-bom/pom.xml

Updated Vulnerability Report

The report below shows the state of the repository after the pull request.

Critical

Vulnerability	Dependency	Source Path
CVE-2020-15256	npm:object-path:0.11.4	src/frontend/efiling-demo/yarn.lock
CVE-2020-15256	npm:object-path:0.11.4	src/frontend/efiling-frontend/yarn.lock
NSWG-ECO-0433	npm:open:7.3.0	src/frontend/efiling-demo/yarn.lock
NSWG-ECO-0433	npm:open:7.3.0	src/frontend/efiling-frontend/yarn.lock
CVE-2019-12900	org.apache.commons/commons-compress:1.18	tests/pom.xml
CVE-2016-4464	org.apache.cxf/cxf-rt-bindings-soap:3.4.1	src/backend/libs/efiling-bom/pom.xml
CVE-2016-6809	org.apache.tika/tika-core:UNKNOWN.VERSION	src/backend/efiling-api/pom.xml

Extra High

Vulnerability	Dependency	Source Path
CVE-2021-20190, CVE-2020-36189, CVE-2020-36188, CVE-2020-36187, CVE-2020-36186, CVE-2020-36185, CVE-2020-36184, CVE-2020-36183, CVE-2020-36182, CVE-2020-36181, CVE-2020-36180, CVE-2020-36179, CVE-2020-35728, CVE-2020-35491, CVE-2020-35490, CVE-2020-24750	com.fasterxml.jackson.core/jackson-annotations:2.9.5	src/backend/libs/efiling-bom/pom.xml
CVE-2020-8265	npm:@types/node:14.11.5	src/frontend/efiling-demo/yarn.lock
CVE-2020-8265	npm:@types/node:14.14.0	src/frontend/efiling-frontend/yarn.lock
CVE-2017-7662, CVE-2017-7661, CVE-2017-12631	org.apache.cxf/cxf-rt-bindings-soap:3.4.1	src/backend/libs/efiling-bom/pom.xml
CVE-2018-1335	org.apache.tika/tika-core:UNKNOWN.VERSION	src/backend/efiling-api/pom.xml

High

Vulnerability	Dependency	Source Path
CVE-2020-8277	npm:@types/node:14.11.5	src/frontend/efiling-demo/yarn.lock
CVE-2020-8277	npm:@types/node:14.14.0	src/frontend/efiling-frontend/yarn.lock
CVE-2020-7788	npm:ini:1.3.5	src/frontend/efiling-demo/yarn.lock
CVE-2020-7788	npm:ini:1.3.5	src/frontend/efiling-frontend/yarn.lock
CVE-2019-20149	npm:kind-of:2.0.1	src/frontend/efiling-demo/yarn.lock
CVE-2019-20149	npm:kind-of:2.0.1	src/frontend/efiling-frontend/yarn.lock
CVE-2019-20149	npm:kind-of:3.2.2	src/frontend/efiling-demo/yarn.lock
CVE-2019-20149	npm:kind-of:3.2.2	src/frontend/efiling-frontend/yarn.lock
CVE-2019-20149	npm:kind-of:4.0.0	src/frontend/efiling-demo/yarn.lock
CVE-2019-20149	npm:kind-of:4.0.0	src/frontend/efiling-frontend/yarn.lock
CVE-2019-20149	npm:kind-of:5.1.0	src/frontend/efiling-demo/yarn.lock
CVE-2019-20149	npm:kind-of:5.1.0	src/frontend/efiling-frontend/yarn.lock
CVE-2019-20149	npm:kind-of:6.0.3	src/frontend/efiling-demo/yarn.lock
CVE-2019-20149	npm:kind-of:6.0.3	src/frontend/efiling-frontend/yarn.lock
NSWG-ECO-0516	npm:lodash._reinterpolate:3.0.0	src/frontend/efiling-demo/yarn.lock
NSWG-ECO-0516	npm:lodash._reinterpolate:3.0.0	src/frontend/efiling-frontend/yarn.lock
NSWG-ECO-0516	npm:lodash.escape:4.0.1	src/frontend/efiling-demo/yarn.lock
NSWG-ECO-0516	npm:lodash.escape:4.0.1	src/frontend/efiling-frontend/yarn.lock
NSWG-ECO-0516	npm:lodash.flattendeep:4.4.0	src/frontend/efiling-demo/yarn.lock
NSWG-ECO-0516	npm:lodash.flattendeep:4.4.0	src/frontend/efiling-frontend/yarn.lock
NSWG-ECO-0516	npm:lodash.includes:4.3.0	src/frontend/efiling-demo/yarn.lock
NSWG-ECO-0516	npm:lodash.includes:4.3.0	src/frontend/efiling-frontend/yarn.lock
NSWG-ECO-0516	npm:lodash.isboolean:3.0.3	src/frontend/efiling-demo/yarn.lock
NSWG-ECO-0516	npm:lodash.isboolean:3.0.3	src/frontend/efiling-frontend/yarn.lock
NSWG-ECO-0516	npm:lodash.isequal:4.5.0	src/frontend/efiling-demo/yarn.lock
NSWG-ECO-0516	npm:lodash.isequal:4.5.0	src/frontend/efiling-frontend/yarn.lock
NSWG-ECO-0516	npm:lodash.isinteger:4.0.4	src/frontend/efiling-demo/yarn.lock
NSWG-ECO-0516	npm:lodash.isinteger:4.0.4	src/frontend/efiling-frontend/yarn.lock
NSWG-ECO-0516	npm:lodash.isnumber:3.0.3	src/frontend/efiling-demo/yarn.lock
NSWG-ECO-0516	npm:lodash.isnumber:3.0.3	src/frontend/efiling-frontend/yarn.lock
NSWG-ECO-0516	npm:lodash.isplainobject:4.0.6	src/frontend/efiling-demo/yarn.lock
NSWG-ECO-0516	npm:lodash.isplainobject:4.0.6	src/frontend/efiling-frontend/yarn.lock
NSWG-ECO-0516	npm:lodash.isstring:4.0.1	src/frontend/efiling-demo/yarn.lock
NSWG-ECO-0516	npm:lodash.isstring:4.0.1	src/frontend/efiling-frontend/yarn.lock
NSWG-ECO-0516	npm:lodash.memoize:4.1.2	src/frontend/efiling-demo/yarn.lock
NSWG-ECO-0516	npm:lodash.memoize:4.1.2	src/frontend/efiling-frontend/yarn.lock
NSWG-ECO-0516	npm:lodash.once:4.1.1	src/frontend/efiling-demo/yarn.lock
NSWG-ECO-0516	npm:lodash.once:4.1.1	src/frontend/efiling-frontend/yarn.lock
NSWG-ECO-0516	npm:lodash.sortby:4.7.0	src/frontend/efiling-demo/yarn.lock
NSWG-ECO-0516	npm:lodash.sortby:4.7.0	src/frontend/efiling-frontend/yarn.lock
NSWG-ECO-0516	npm:lodash.template:4.5.0	src/frontend/efiling-demo/yarn.lock
NSWG-ECO-0516	npm:lodash.template:4.5.0	src/frontend/efiling-frontend/yarn.lock
NSWG-ECO-0516	npm:lodash.templatesettings:4.2.0	src/frontend/efiling-demo/yarn.lock
NSWG-ECO-0516	npm:lodash.templatesettings:4.2.0	src/frontend/efiling-frontend/yarn.lock
NSWG-ECO-0516	npm:lodash.uniq:4.5.0	src/frontend/efiling-demo/yarn.lock
NSWG-ECO-0516	npm:lodash.uniq:4.5.0	src/frontend/efiling-frontend/yarn.lock
CVE-2020-15138	npm:prismjs:1.17.1	src/frontend/efiling-demo/yarn.lock
CVE-2020-15138	npm:prismjs:1.17.1	src/frontend/efiling-frontend/yarn.lock
CVE-2020-7774	npm:y18n:4.0.0	src/frontend/efiling-demo/yarn.lock
CVE-2020-7774	npm:y18n:4.0.0	src/frontend/efiling-frontend/yarn.lock
CVE-2019-12402	org.apache.commons/commons-compress:1.18	tests/pom.xml
CVE-2018-8038, CVE-2015-5175	org.apache.cxf/cxf-rt-bindings-soap:3.4.1	src/backend/libs/efiling-bom/pom.xml
CVE-2016-4434	org.apache.tika/tika-core:UNKNOWN.VERSION	src/backend/efiling-api/pom.xml
CVE-2020-17527	org.apache.tomcat.embed/tomcat-embed-core:9.0.39	src/backend/efiling-api/pom.xml
CVE-2020-17527	org.apache.tomcat.embed/tomcat-embed-core:9.0.39	src/backend/libs/efiling-bambora-api-client/pom.xml
CVE-2020-17527	org.apache.tomcat.embed/tomcat-embed-core:9.0.39	src/backend/libs/efiling-ceis-api-client/pom.xml
CVE-2020-17527	org.apache.tomcat.embed/tomcat-embed-core:9.0.39	src/backend/libs/efiling-diligen-client/pom.xml
CVE-2020-17527	org.apache.tomcat.embed/tomcat-embed-core:9.0.39	tests/pom.xml

Medium

Vulnerability	Dependency	Source Path
CVE-2019-10247	com.fasterxml.jackson.core/jackson-annotations:2.11.3	src/backend/efiling-api/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-annotations:2.11.3	src/backend/libs/efiling-bambora-api-client/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-annotations:2.11.3	src/backend/libs/efiling-ceis-api-client/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-annotations:2.11.3	src/backend/libs/efiling-commons/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-annotations:2.11.3	src/backend/libs/efiling-cso-starter/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-annotations:2.11.3	src/backend/libs/efiling-diligen-client/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-annotations:2.11.3	tests/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-annotations:2.11.4	src/backend/efiling-reviewer-api/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-annotations:2.12.1	src/backend/libs/efiling-bom/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-annotations:2.9.5	src/backend/libs/efiling-bom/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-core:2.11.3	src/backend/efiling-api/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-core:2.11.3	src/backend/libs/efiling-bambora-api-client/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-core:2.11.3	src/backend/libs/efiling-ceis-api-client/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-core:2.11.3	src/backend/libs/efiling-commons/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-core:2.11.3	src/backend/libs/efiling-cso-starter/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-core:2.11.3	src/backend/libs/efiling-diligen-client/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-core:2.11.3	tests/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-core:2.11.4	src/backend/efiling-reviewer-api/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-databind:2.11.3	src/backend/efiling-api/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-databind:2.11.3	src/backend/libs/efiling-bambora-api-client/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-databind:2.11.3	src/backend/libs/efiling-ceis-api-client/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-databind:2.11.3	src/backend/libs/efiling-commons/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-databind:2.11.3	src/backend/libs/efiling-cso-starter/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-databind:2.11.3	src/backend/libs/efiling-diligen-client/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-databind:2.11.3	tests/pom.xml
CVE-2019-10247	com.fasterxml.jackson.core/jackson-databind:2.11.4	src/backend/efiling-reviewer-api/pom.xml
CVE-2019-10247	com.fasterxml.jackson.datatype/jackson-datatype-joda:2.11.3	src/backend/libs/efiling-bambora-api-client/pom.xml
CVE-2019-10247	com.fasterxml.jackson.datatype/jackson-datatype-joda:2.11.3	src/backend/libs/efiling-ceis-api-client/pom.xml
CVE-2019-10247	com.fasterxml.jackson.datatype/jackson-datatype-joda:2.11.3	src/backend/libs/efiling-diligen-client/pom.xml
CVE-2019-10247	com.fasterxml.jackson.jaxrs/jackson-jaxrs-base:2.11.3	src/backend/libs/efiling-bambora-api-client/pom.xml
CVE-2019-10247	com.fasterxml.jackson.jaxrs/jackson-jaxrs-base:2.11.3	src/backend/libs/efiling-ceis-api-client/pom.xml
CVE-2019-10247	com.fasterxml.jackson.jaxrs/jackson-jaxrs-base:2.11.3	src/backend/libs/efiling-diligen-client/pom.xml
CVE-2019-10247	com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider:2.11.3	src/backend/libs/efiling-bambora-api-client/pom.xml
CVE-2019-10247	com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider:2.11.3	src/backend/libs/efiling-ceis-api-client/pom.xml
CVE-2019-10247	com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider:2.11.3	src/backend/libs/efiling-diligen-client/pom.xml
CVE-2019-10247	com.fasterxml.jackson.module/jackson-module-jaxb-annotations:2.10.1	src/backend/libs/efiling-bambora-api-client/pom.xml
CVE-2019-10247	com.fasterxml.jackson.module/jackson-module-jaxb-annotations:2.10.1	src/backend/libs/efiling-ceis-api-client/pom.xml
CVE-2019-10247	com.fasterxml.jackson.module/jackson-module-jaxb-annotations:2.10.1	src/backend/libs/efiling-diligen-client/pom.xml
CVE-2019-10247	com.fasterxml.woodstox/woodstox-core:6.2.1	src/backend/libs/efiling-bom/pom.xml
GOOGLE-GUAVA-4011	com.google.guava/guava:25.0-jre	tests/pom.xml
CVE-2020-15250	junit/junit:4.13	tests/pom.xml
CVE-2020-8287	npm:@types/node:14.11.5	src/frontend/efiling-demo/yarn.lock
CVE-2020-8287	npm:@types/node:14.14.0	src/frontend/efiling-frontend/yarn.lock
CVE-2018-6341	npm:@types/prop-types:15.7.3	src/frontend/efiling-demo/yarn.lock
CVE-2018-6341	npm:@types/prop-types:15.7.3	src/frontend/efiling-frontend/yarn.lock
CVE-2018-6341	npm:@types/react-test-renderer:16.9.3	src/frontend/efiling-demo/yarn.lock
CVE-2018-6341	npm:@types/react-test-renderer:16.9.3	src/frontend/efiling-frontend/yarn.lock
CVE-2018-6341	npm:@types/react:16.9.51	src/frontend/efiling-demo/yarn.lock
CVE-2018-6341	npm:@types/react:16.9.53	src/frontend/efiling-frontend/yarn.lock
CVE-2020-7608	npm:@types/yargs-parser:15.0.0	src/frontend/efiling-demo/yarn.lock
CVE-2020-7608	npm:@types/yargs-parser:15.0.0	src/frontend/efiling-frontend/yarn.lock
CVE-2018-6341	npm:eslint-plugin-react-hooks:1.7.0	src/frontend/efiling-demo/yarn.lock
CVE-2018-6341	npm:eslint-plugin-react-hooks:1.7.0	src/frontend/efiling-frontend/yarn.lock
CVE-2018-6341	npm:eslint-plugin-react-hooks:4.1.2	src/frontend/efiling-demo/yarn.lock
CVE-2018-6341	npm:eslint-plugin-react-hooks:4.2.0	src/frontend/efiling-frontend/yarn.lock
CVE-2020-26237	npm:highlight.js:9.15.10	src/frontend/efiling-demo/yarn.lock
CVE-2020-26237	npm:highlight.js:9.15.10	src/frontend/efiling-frontend/yarn.lock
CVE-2018-6341	npm:prop-types:15.7.2	src/frontend/efiling-demo/yarn.lock
CVE-2018-6341	npm:prop-types:15.7.2	src/frontend/efiling-frontend/yarn.lock
CVE-2018-6341	npm:react-dom:16.13.1	src/frontend/efiling-demo/yarn.lock
CVE-2018-6341	npm:react-dom:16.14.0	src/frontend/efiling-frontend/yarn.lock
CVE-2018-6341	npm:react-is:16.13.1	src/frontend/efiling-demo/yarn.lock
CVE-2018-6341	npm:react-is:16.13.1	src/frontend/efiling-frontend/yarn.lock
CVE-2018-6341	npm:react-refresh:0.8.3	src/frontend/efiling-demo/yarn.lock
CVE-2018-6341	npm:react-test-renderer:16.13.1	src/frontend/efiling-demo/yarn.lock
CVE-2018-6341	npm:react-test-renderer:16.14.0	src/frontend/efiling-frontend/yarn.lock
CVE-2018-6341	npm:react:16.13.1	src/frontend/efiling-demo/yarn.lock
CVE-2018-6341	npm:react:16.14.0	src/frontend/efiling-frontend/yarn.lock
CVE-2018-6341	npm:scheduler:0.19.1	src/frontend/efiling-demo/yarn.lock
CVE-2018-6341	npm:scheduler:0.19.1	src/frontend/efiling-frontend/yarn.lock
CVE-2020-13956	org.apache.httpcomponents/httpclient:4.5.3	tests/pom.xml
CVE-2020-9489, CVE-2018-1339, CVE-2018-1338, CVE-2015-3271	org.apache.tika/tika-core:UNKNOWN.VERSION	src/backend/efiling-api/pom.xml
CVE-2020-17521	org.codehaus.groovy/groovy:2.4.15	tests/pom.xml
CVE-2019-10247	org.codehaus.woodstox/stax2-api:4.2.1	src/backend/libs/efiling-bom/pom.xml
CVE-2019-10247	org.codehaus.woodstox/woodstox-core-asl:4.4.1	src/backend/libs/efiling-bom/pom.xml
CVE-2020-27218, CVE-2009-3555	org.eclipse.jetty/jetty-continuation:9.4.33.v20201020	src/backend/libs/efiling-bom/pom.xml
CVE-2020-27218, CVE-2009-3555	org.eclipse.jetty/jetty-http:9.4.33.v20201020	src/backend/libs/efiling-bom/pom.xml
CVE-2020-27218, CVE-2009-3555	org.eclipse.jetty/jetty-io:9.4.33.v20201020	src/backend/libs/efiling-bom/pom.xml
CVE-2020-27218, CVE-2009-3555	org.eclipse.jetty/jetty-security:9.4.33.v20201020	src/backend/libs/efiling-bom/pom.xml
CVE-2020-27218, CVE-2009-3555	org.eclipse.jetty/jetty-server:9.4.33.v20201020	src/backend/libs/efiling-bom/pom.xml
CVE-2020-27218, CVE-2009-3555	org.eclipse.jetty/jetty-util:9.4.33.v20201020	src/backend/libs/efiling-bom/pom.xml

Low

Vulnerability	Dependency	Source Path
CVE-2020-8908	com.google.guava/guava:25.0-jre	tests/pom.xml
CVE-2020-10707	io.netty/netty-buffer:4.1.53.Final	src/backend/efiling-api/pom.xml
CVE-2020-10707	io.netty/netty-buffer:4.1.53.Final	src/backend/libs/efiling-demo-starter/pom.xml
CVE-2020-10707	io.netty/netty-codec:4.1.53.Final	src/backend/efiling-api/pom.xml
CVE-2020-10707	io.netty/netty-codec:4.1.53.Final	src/backend/libs/efiling-demo-starter/pom.xml
CVE-2020-10707	io.netty/netty-common:4.1.53.Final	src/backend/efiling-api/pom.xml
CVE-2020-10707	io.netty/netty-common:4.1.53.Final	src/backend/libs/efiling-demo-starter/pom.xml
CVE-2020-10707	io.netty/netty-handler:4.1.53.Final	src/backend/efiling-api/pom.xml
CVE-2020-10707	io.netty/netty-handler:4.1.53.Final	src/backend/libs/efiling-demo-starter/pom.xml
CVE-2020-10707	io.netty/netty-resolver:4.1.53.Final	src/backend/efiling-api/pom.xml
CVE-2020-10707	io.netty/netty-resolver:4.1.53.Final	src/backend/libs/efiling-demo-starter/pom.xml
CVE-2020-10707	io.netty/netty-transport:4.1.53.Final	src/backend/efiling-api/pom.xml
CVE-2020-10707	io.netty/netty-transport:4.1.53.Final	src/backend/libs/efiling-demo-starter/pom.xml
CVE-2013-7035	npm:@types/prop-types:15.7.3	src/frontend/efiling-demo/yarn.lock
CVE-2013-7035	npm:@types/prop-types:15.7.3	src/frontend/efiling-frontend/yarn.lock
CVE-2013-7035	npm:@types/react-test-renderer:16.9.3	src/frontend/efiling-demo/yarn.lock
CVE-2013-7035	npm:@types/react-test-renderer:16.9.3	src/frontend/efiling-frontend/yarn.lock
CVE-2013-7035	npm:@types/react:16.9.51	src/frontend/efiling-demo/yarn.lock
CVE-2013-7035	npm:@types/react:16.9.53	src/frontend/efiling-frontend/yarn.lock
CVE-2013-7035	npm:eslint-plugin-react-hooks:1.7.0	src/frontend/efiling-demo/yarn.lock
CVE-2013-7035	npm:eslint-plugin-react-hooks:1.7.0	src/frontend/efiling-frontend/yarn.lock
CVE-2013-7035	npm:eslint-plugin-react-hooks:4.1.2	src/frontend/efiling-demo/yarn.lock
CVE-2013-7035	npm:eslint-plugin-react-hooks:4.2.0	src/frontend/efiling-frontend/yarn.lock
CVE-2013-7035	npm:prop-types:15.7.2	src/frontend/efiling-demo/yarn.lock
CVE-2013-7035	npm:prop-types:15.7.2	src/frontend/efiling-frontend/yarn.lock
CVE-2013-7035	npm:react-dom:16.13.1	src/frontend/efiling-demo/yarn.lock
CVE-2013-7035	npm:react-dom:16.14.0	src/frontend/efiling-frontend/yarn.lock
CVE-2013-7035	npm:react-is:16.13.1	src/frontend/efiling-demo/yarn.lock
CVE-2013-7035	npm:react-is:16.13.1	src/frontend/efiling-frontend/yarn.lock
CVE-2013-7035	npm:react-refresh:0.8.3	src/frontend/efiling-demo/yarn.lock
CVE-2013-7035	npm:react-test-renderer:16.13.1	src/frontend/efiling-demo/yarn.lock
CVE-2013-7035	npm:react-test-renderer:16.14.0	src/frontend/efiling-frontend/yarn.lock
CVE-2013-7035	npm:react:16.13.1	src/frontend/efiling-demo/yarn.lock
CVE-2013-7035	npm:react:16.14.0	src/frontend/efiling-frontend/yarn.lock
CVE-2013-7035	npm:scheduler:0.19.1	src/frontend/efiling-demo/yarn.lock
CVE-2013-7035	npm:scheduler:0.19.1	src/frontend/efiling-frontend/yarn.lock

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Feb 8, 2021

mergebase-codegreen bot approved these changes Feb 8, 2021

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump io.springfox.version from 2.9.2 to 3.0.0 in /src/backend #4

Bump io.springfox.version from 2.9.2 to 3.0.0 in /src/backend #4

dependabot bot commented on behalf of github Feb 8, 2021

mergebase-codegreen bot left a comment

Bump io.springfox.version from 2.9.2 to 3.0.0 in /src/backend #4

Are you sure you want to change the base?

Bump io.springfox.version from 2.9.2 to 3.0.0 in /src/backend #4

Conversation

dependabot bot commented on behalf of github Feb 8, 2021

3.0.0

Release Notes

Compatibility Notes

Contributions

Pull Requests

3.0.0

Release Notes

Compatibility Notes

Contributions

Pull Requests

mergebase-codegreen bot left a comment

Choose a reason for hiding this comment

Mergebase Code Green

Vulnerabilities removed

Updated Vulnerability Report

Critical

Extra High

High

Medium

Low