[Snyk] Security upgrade io.jsonwebtoken:jjwt from 0.9.1 to 0.12.0

[msant262]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• webgoat-lessons/challenge/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538	721	io.jsonwebtoken:jjwt: 0.9.1 -> 0.12.0 No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)

[guardrails]

⚠️ We detected 5 security issues in this pull request:

Vulnerable Libraries (5)

Severity	Details
High	pkg:maven/ch.qos.logback/[email protected] (t) upgrade to: 1.4.12,1.3.12
High	pkg:maven/com.fasterxml.jackson.core/[email protected] (t) upgrade to: 2.13.2.1,2.12.6.1
High	pkg:maven/ch.qos.logback/[email protected] (t) upgrade to: 1.4.12,1.3.12
High	pkg:maven/org.springframework/[email protected] (t) upgrade to: 5.3.20,5.2.22.RELEASE
Medium	pkg:maven/org.yaml/[email protected] (t) upgrade to: 1.31

More info on how to fix Vulnerable Libraries in Java.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[deepsource-io]

Here's the code health analysis summary for commits ec11eb6..715ade9. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
Java	✅ Success		View Check ↗

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[msant262]

Checkmarx One – Scan Summary & Details – ec11f615-46b4-4b3b-915d-2c0a8d606ee4

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2024-5971	Maven-io.undertow:undertow-core-2.2.4.Final	Vulnerable Package
	CVE-2021-28169	Maven-org.eclipse.jetty:jetty-server-9.4.36.v20210114	Vulnerable Package
	CVE-2021-28169	Maven-org.eclipse.jetty:jetty-http-9.4.36.v20210114	Vulnerable Package
	CVE-2021-28169	Maven-org.eclipse.jetty:jetty-servlets-9.4.36.v20210114	Vulnerable Package
	CVE-2024-3653	Maven-io.undertow:undertow-core-2.2.4.Final	Vulnerable Package
	CVE-2024-6484	Npm-bootstrap-3.1.1	Vulnerable Package
	CVE-2024-6484	Maven-org.webjars:bootstrap-3.3.7	Vulnerable Package
	CVE-2024-6485	Maven-org.webjars:bootstrap-3.3.7	Vulnerable Package
	CVE-2024-6485	Npm-bootstrap-3.1.1	Vulnerable Package