Fixes CVE-2024-12798 and CVE-2024-12801
Comment From: pivotal-cla
@yeikel Please sign the Contributor License Agreement!
Click here to manually synchronize the status of this Pull Request.
See the FAQ for frequently asked questions.
Comment From: pivotal-cla
@yeikel Thank you for signing the Contributor License Agreement!
Comment From: yeikel
I read the contribution guidelines and I felt that this pull request was still valuable given recent examples like https://github.com/spring-projects/spring-boot/issues/43107
The reported vulnerabilities do not impact Spring directly and it was unclear if I needed to go through the Security Disclosure route.
Comment From: wilkinsona
Thanks but this duplicates #43568 and we don’t accept PRs for one-line dependency upgrades.