Merge pull request #272 from checkmarx-ltd/pr-vulnerabilties-fix

vulnerabilties fix
checkmarx-ltd · Nov 20, 2022 · 840ca57 · 840ca57
2 parents dfcddf0 + 7c79ecb
commit 840ca57
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 8 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1,4 +1,6 @@
-version: 2
+version: '2.1'
+orbs:
+  circleci-maven-release-orb: sonatype-nexus-community/[email protected]
 jobs:
   build:
     docker:
@@ -12,9 +14,9 @@ jobs:
           keys:
             - v1-dependencies-{{ checksum "pom.xml" }}
             - v1-dependencies-
-      - run: echo $GPG_ASC_BASE64 | base64 --decode | gpg --batch --no-tty --import --yes
+      - run: echo $GPG_ASC_BASE64NEW | base64 --decode |  gpg --batch --no-tty --import --yes
       - run: chmod u+x mvnw
-      - run: ./mvnw -s .circleci/maven.settings.xml clean verify
+      - run: ./mvnw -s .circleci/maven.settings.xml clean verify -X
       - run: mvn help:evaluate -Dexpression=project.version -q -DforceStdout > target/version.txt
       - save_cache:
           paths:
@@ -40,7 +42,7 @@ jobs:
           keys:
             - v1-dependencies-{{ checksum "pom.xml" }}
             - v1-dependencies-
-      - run: echo $GPG_ASC_BASE64 | base64 --decode | gpg --batch --no-tty --import --yes
+      - run: echo $GPG_ASC_BASE64NEW | base64 --decode | gpg --version --batch --no-tty --import --yes
       - run: chmod u+x mvnw
       - run: ./mvnw -s .circleci/maven.settings.xml clean deploy -DskipTests
       - save_cache:

diff --git a/.circleci/maven.settings.xml b/.circleci/maven.settings.xml
@@ -21,7 +21,7 @@
             <id>gpg</id>
             <properties>
                 <gpg.executable>gpg</gpg.executable>
-                <gpg.passphrase>${env.GPG_PASSPHRASE}</gpg.passphrase>
+                <gpg.passphrase>${env.GPG_PASSPHRASENEW}</gpg.passphrase>
             </properties>
         </profile>
     </profiles>

diff --git a/pom.xml b/pom.xml
@@ -5,14 +5,14 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>2.6.6</version>
+		<version>2.6.13</version>
 		<relativePath/> <!-- lookup parent from repository -->
 	</parent>
 	<groupId>com.github.checkmarx-ltd</groupId>
 	<artifactId>cx-spring-boot-sdk</artifactId>
 
 
-	<version>0.5.29</version>
+	<version>0.5.30</version>
 
 
 	<name>cx-spring-boot-sdk</name>
@@ -40,6 +40,11 @@
 			<artifactId>httpclient</artifactId>
 			<version>4.5.13</version>
 		</dependency>
+		<dependency>
+			<groupId>org.yaml</groupId>
+			<artifactId>snakeyaml</artifactId>
+			<version>1.33</version>
+		</dependency>
 		<dependency>
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-compress</artifactId>
@@ -68,7 +73,7 @@
 		<dependency>
 			<groupId>com.google.code.gson</groupId>
 			<artifactId>gson</artifactId>
-			<version>2.8.8</version>
+			<version>2.8.9</version>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.commons</groupId>