Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability Issues with ch.qos.logback:logback-classic:jar:1.5.12 under the com.intuit.karate:karate-junit5:jar:1.4.1 #2642

Open
saxensan opened this issue Jan 8, 2025 · 2 comments
Open

Vulnerability Issues with ch.qos.logback:logback-classic:jar:1.5.12 under the com.intuit.karate:karate-junit5:jar:1.4.1 #2642

saxensan opened this issue Jan 8, 2025 · 2 comments
Assignees
@ptrthomas
Labels
codequality fixed
Milestone
1.5.2

Comments

@saxensan
Copy link

saxensan commented Jan 8, 2025

Team,

We have been using the karate-junit5 -1.4.1 and have been facing the vulnerability issues from the Dependabot alerts (Screenshot attached) related to the ch.qos.logback:logback-classic:jar:1.5.12

Please suggest us on the same.
imagem (1)
imagem
@ptrthomas ptrthomas self-assigned this Jan 8, 2025
@ptrthomas ptrthomas added this to the 1.5.2 milestone Jan 8, 2025
ptrthomas added a commit that referenced this issue Jan 8, 2025
@ptrthomas
upgrade library dependencies #2642
85d7123
@ptrthomas ptrthomas mentioned this issue Jan 8, 2025
Closed
@ptrthomas ptrthomas added the fixed label Jan 8, 2025
@ptrthomas
Copy link
Member

@saxensan please try 1.5.2.RC1 now available in Maven central: https://central.sonatype.com/artifact/io.karatelabs/karate-core/1.5.2.RC1

do confirm if it solves the issue

@ptrthomas
Copy link
Member

@saxensan thanks for confirming, I'll just flip the status to open (fixed) - the process we follow is to close issues only when a final release version (non-RC) is out. in this case our assessment is that the RC is good for production use

@ptrthomas ptrthomas reopened this Jan 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ptrthomas ptrthomas

Labels
codequality fixed
Projects
None yet
Milestone
1.5.2
Development

No branches or pull requests
2 participants
@ptrthomas @saxensan