Skip to content
This repository was archived by the owner on Jan 7, 2026. It is now read-only.

GHSA-wxr5-93ph-8wr9/adv update #19004

Merged
bentasker merged 1 commit into from
May 30, 2025
Merged

GHSA-wxr5-93ph-8wr9/adv update #19004

bentasker merged 1 commit into from
May 30, 2025

Conversation

@jamie-albert
Copy link
Member

@jamie-albert jamie-albert commented May 30, 2025

1. GHSA-wxr5-93ph-8wr9

  • pending-upstream-fix: The commons-beanutil dependency that exists in the sonarqube-10 package is brought in as a transitive dependency from sonar-iac-plugin-1.46.0.15097.jar, sonar-php-plugin-3.45.0.12991.jar, sonar-scanner-engine-shaded-25.5.0.107428-all.jar, and sonar-application-25.5.0.107428.jar . This dependency is not able to be upgraded to a higher version and requires upstream maintainers to implement.

@jamie-albert jamie-albert mentioned this pull request May 30, 2025
Closed
@jamie-albert jamie-albert requested a review from a team May 30, 2025 00:23
@bentasker bentasker added this pull request to the merge queue May 30, 2025
Merged via the queue into wolfi-dev:main with commit 0adac9a May 30, 2025
3 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@bentasker bentasker bentasker approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jamie-albert @bentasker