-
Task
-
Resolution: Done
-
Medium
-
None
-
None
CDS pulls in a number of dependencies, some of which are vulnerable.
Ideally, it would be good to work towards CDS over an API. Alternatively, the dependencies should be updated to versions that do not have vulnerabilities.
Check the CLM reports for models, apex-pdp, and drools-pdp,especially for:
io.grpc:grpc-core
The following dependencies are overridden in policy-parent integration but it would be better to have them corrected in CDS:
<dependency>
<groupId>com.google.protobuf</groupId>
<artifactId>protobuf-java</artifactId>
<version>3.21.7</version>
</dependency>
<dependency>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-daemon-client</artifactId>
<version>1.7.20</version>
</dependency>
<dependency>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-scripting-jvm</artifactId>
<version>1.7.20</version>
</dependency>
- mentioned in
-
Page Loading...