From 2c93b77c27d6c26669935ae50c211c489be0479b Mon Sep 17 00:00:00 2001 From: Zhe Sun <31067185+ZheSun88@users.noreply.github.com> Date: Tue, 4 Jul 2023 11:29:42 +0300 Subject: [PATCH 1/2] chore: update k8t kit to 1.0.3 --- versions.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions.json b/versions.json index 80db30167..d5b65879a 100644 --- a/versions.json +++ b/versions.json @@ -551,7 +551,7 @@ "version": "1.0.0" }, "kubernetes-kit-starter": { - "javaVersion": "1.0-SNAPSHOT" + "javaVersion": "1.0.3" }, "observability-kit": { "version": "1.1.0" From e11efa16c6fbf2147fb39ce64e28d8eaac14ff7c Mon Sep 17 00:00:00 2001 From: Zhe Sun <31067185+ZheSun88@users.noreply.github.com> Date: Tue, 4 Jul 2023 12:24:09 +0300 Subject: [PATCH 2/2] exclude own cves --- scripts/generateAndCheckSBOM.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/generateAndCheckSBOM.js b/scripts/generateAndCheckSBOM.js index 5155b1c83..3dd24348c 100755 --- a/scripts/generateAndCheckSBOM.js +++ b/scripts/generateAndCheckSBOM.js @@ -43,7 +43,8 @@ const licenseWhiteList = [ const cveWhiteList = { 'pkg:maven/org.springframework/spring-web@5.3.27' : ['CVE-2016-1000027'], // based on the issue this is not a CVE https://github.com/FasterXML/jackson-databind/issues/3972 - 'pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.14.2' : ['CVE-2023-35116'] + 'pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.14.2' : ['CVE-2023-35116'], + 'pkg:maven/com.vaadin/vaadin-core@23.3-SNAPSHOT' : ['CVE-2023-25499', 'CVE-2023-25500'] } const STYLE = `