[
https://issues.apache.org/jira/browse/GROOVY-11045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884149#comment-17884149
]
QwertyChouskie commented on GROOVY-11045:
-----------------------------------------
I have this in my `build.gradle.kts` now, and it gets rid of the CVE
notification:
{color:#dcdcaa}testImplementation{color}{color:#cccccc}({color}{color:#ce9178}"org.codehaus.groovy:groovy-all:3.0.22"{color}{color:#cccccc}){color}
{color:#dcdcaa}constraints{color}{color:#cccccc} {{color}
{color:#cccccc}
{color}{color:#dcdcaa}implementation{color}{color:#cccccc}({color}{color:#ce9178}"org.testng:testng:7.5.1"{color}{color:#cccccc})
{{color}
{color:#cccccc}
{color}{color:#dcdcaa}because{color}{color:#cccccc}({color}{color:#ce9178}"CVE-2022-4065:
TestNG 7.5 is vulnerable to Path Traversal"{color}{color:#cccccc}){color}
{color:#cccccc} }{color}
{color:#cccccc}}{color}
Would be nice if upstream groovy-all was updated to point to 7.5.1 rather than
7.5, but this workaround works fine.
> Bump testng to 7.5.1
> --------------------
>
> Key: GROOVY-11045
> URL: https://issues.apache.org/jira/browse/GROOVY-11045
> Project: Groovy
> Issue Type: Dependency upgrade
> Reporter: Paul King
> Assignee: Paul King
> Priority: Major
> Fix For: 4.0.12
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
