CVE-2023-24998 bump commons-fileupload to 1.5 (#86)

* CVE-2023-24998 bump commons-fileupload to 1.5 * update package-lock for unrelated qs vuln * further js vuln audit fix * update cljs-controlled deps for qs vulnerability
yetanalytics · Feb 22, 2023 · 754e197 · 754e197
1 parent a67ed28
commit 754e197
Show file tree

Hide file tree

Showing 3 changed files with 1,196 additions and 25 deletions.
diff --git a/deps.edn b/deps.edn
@@ -6,10 +6,13 @@
   com.yetanalytics/xapi-schema {:mvn/version "1.2.0"
                                 :exclusions [org.clojure/clojurescript]}
   cheshire/cheshire {:mvn/version "5.10.1"}
-  io.pedestal/pedestal.service {:mvn/version "0.5.10"
-                                ;; exclude msgpack (via tools.analyzer)
-                                ;; clears CVE-2022-41719
-                                :exclusions [org.msgpack/msgpack]}
+  io.pedestal/pedestal.service
+  {:mvn/version "0.5.10"
+   ;; exclude msgpack (via tools.analyzer)
+   ;; clears CVE-2022-41719
+   :exclusions [org.msgpack/msgpack
+                commons-fileupload/commons-fileupload]}
+  commons-fileupload/commons-fileupload {:mvn/version "1.5"}
   macchiato/core {:mvn/version "0.2.17"
                   :exclusions [funcool/cuerdas]}
   funcool/cuerdas {:mvn/version "2020.03.26-2"}