Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade io.jsonwebtoken:jjwt-jackson from 0.10.5 to 0.11.5 #13

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade io.jsonwebtoken:jjwt-jackson from 0.10.5 to 0.11.5 #13

wants to merge 1 commit into from

Conversation

Lingom-KSR
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade io.jsonwebtoken:jjwt-jackson from 0.10.5 to 0.11.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 9 versions ahead of your current version.
  • The recommended version was released 3 months ago, on 2022-04-28.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@vijay1984
Copy link
Collaborator

⚠️ Securin has found 281 issues in your pull request

Summary
  • Critical : 25
  • High : 35
  • Medium : 155
  • Low : 46
  • Info : 20
Details

Critical issues that need immediate attention

Title Securin Score Remediation
CVE-2021-44228 9.98 View
CWE-89 9.9 View
CWE-89 9.9 View
CWE-89 9.9 View
CWE-78 9.84 View
CWE-78 9.84 View
CWE-78 9.84 View
CVE-2020-1938 9.4 View
CVE-2020-1938 9.4 View
CVE-2022-22965 9.38 View
CVE-2022-22965 9.38 View
CVE-2022-22965 9.38 View
CVE-2019-0232 8.57 View
CVE-2019-0232 8.57 View
CVE-2019-0221 8.31 View
CVE-2019-0221 8.31 View
CVE-2021-45046 7.7 View
CVE-2021-45105 7.38 View
CVE-2021-44832 7.0 View
Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 NA View
Ensure all data stored in the S3 bucket have versioning enabled NA View
Container should not be privileged NA View
S3 Bucket has an ACL defined which allows public WRITE access. NA View
Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 NA View
Ensure S3 bucket does not allow an action with any Principal NA View
S3 Bucket has an ACL defined which allows public READ access. NA View
Ensure that the --service-account-lookup argument is set to true NA View
Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate NA View
Ensure all data stored in the S3 bucket is securely encrypted at rest NA View
Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate NA View
Ensure all data stored in the Launch configuration EBS is securely encrypted NA View
Ensure no hard coded AWS access key and secret key exists in provider NA View
Do not use the CAP_SYS_ADMIN linux capability NA View
Ensure all data stored in the S3 bucket have versioning enabled NA View
Ensure that the --use-service-account-credentials argument is set to true NA View
Ensure that the --bind-address argument is set to 127.0.0.1 NA View
Ensure that the --etcd-ca-file argument is set as appropriate NA View
EC2 instance should not have public IP. NA View
Ensure that the --rotate-certificates argument is not set to false NA View
Ensure that encryption providers are appropriately configured NA View
Ensure S3 bucket does not allow an action with any Principal NA View
Ensure that the --auto-tls argument is not set to true NA View
Ensure that the --cert-file and --key-file arguments are set as appropriate NA View
Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate NA View
Ensure all data stored in the S3 bucket is securely encrypted at rest NA View
Ensure that the --bind-address argument is set to 127.0.0.1 NA View
Ensure no hard-coded secrets exist in EC2 user data NA View
Ensure that the API Server only makes use of Strong Cryptographic Ciphers NA View
Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate NA View
Ensure that the --insecure-bind-address argument is not set NA View
Ensure VPC flow logging is enabled in all VPCs NA View
Ensure that the --kubelet-certificate-authority argument is set as appropriate NA View
Ensure that the --kubelet-https argument is set to true NA View
S3 Bucket has an ACL defined which allows public WRITE access. NA View
Ensure no hard coded AWS access key and secret key exists in provider NA View
Ensure the default security group of every VPC restricts all traffic NA View
S3 Bucket has an ACL defined which allows public READ access. NA View
Ensure that the --insecure-port argument is set to 0 NA View
Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate NA View
Ensure that the --root-ca-file argument is set as appropriate NA View

Load the following URL to get to the application in Securin platform
https://dev.securin.io/findings

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Lingom-KSR @vijay1984 @snyk-bot