7174229416
OWASP now fails builds on three HIGH CVEs in transitive deps. bom 1.0.7 takes the upstream patches (no suppressions): postgresql 42.7.11 -> 42.7.13 CVE-2026-54291 (CVSS4 8.2) — channelBinding downgrade / MITM httpcore5 5.3.6 -> 5.4.3 CVE-2026-54399 (7.5), CVE-2026-54428 (7.5) — DoS httpcore5 is transitive via httpclient5; Apache ships them as a matched pair, so bom 1.0.7 bumps httpclient5 5.5.2 -> 5.6.2 which pulls the fixed core. Verified locally: builds and tests pass on 1.0.7. Refs bom#6 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
106 lines
3.6 KiB
XML
106 lines
3.6 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
|
<modelVersion>4.0.0</modelVersion>
|
|
|
|
<groupId>com.hiveops</groupId>
|
|
<artifactId>hiveops-guide</artifactId>
|
|
<version>1.0.0</version>
|
|
<packaging>jar</packaging>
|
|
|
|
<description>HiveOps Guide Service — in-app contextual help content API</description>
|
|
|
|
<parent>
|
|
<groupId>com.hiveops</groupId>
|
|
<artifactId>hiveops-bom</artifactId>
|
|
<version>1.0.7</version>
|
|
<relativePath/>
|
|
</parent>
|
|
|
|
<properties>
|
|
<java.version>21</java.version>
|
|
<maven.compiler.source>21</maven.compiler.source>
|
|
<maven.compiler.target>21</maven.compiler.target>
|
|
</properties>
|
|
|
|
<dependencies>
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-web</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-security</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-validation</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-actuator</artifactId>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>com.hiveops</groupId>
|
|
<artifactId>hiveops-security-common</artifactId>
|
|
<version>1.0.1</version>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.projectlombok</groupId>
|
|
<artifactId>lombok</artifactId>
|
|
<version>1.18.40</version>
|
|
<scope>provided</scope>
|
|
</dependency>
|
|
|
|
<dependency>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-test</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
</dependencies>
|
|
|
|
<build>
|
|
<plugins>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-compiler-plugin</artifactId>
|
|
<version>3.14.0</version>
|
|
<configuration>
|
|
<source>${java.version}</source>
|
|
<target>${java.version}</target>
|
|
<annotationProcessorPaths>
|
|
<path>
|
|
<groupId>org.projectlombok</groupId>
|
|
<artifactId>lombok</artifactId>
|
|
<version>1.18.40</version>
|
|
</path>
|
|
</annotationProcessorPaths>
|
|
</configuration>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-maven-plugin</artifactId>
|
|
<configuration>
|
|
<excludes>
|
|
<exclude>
|
|
<groupId>org.projectlombok</groupId>
|
|
<artifactId>lombok</artifactId>
|
|
</exclude>
|
|
</excludes>
|
|
</configuration>
|
|
</plugin>
|
|
</plugins>
|
|
</build>
|
|
|
|
<repositories>
|
|
<repository>
|
|
<id>gitea</id>
|
|
<url>https://hiveiq-gitea.directlx.dev/api/packages/hiveops/maven</url>
|
|
</repository>
|
|
</repositories>
|
|
|
|
</project>
|