[Snyk] Fix for 68 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • microservice-consul-demo/microservice-consul-demo-catalog/pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity	Reachability
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	Proof of Concept	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	Proof of Concept	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	Proof of Concept	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	Proof of Concept	No Path Found
	630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	Proof of Concept	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	Proof of Concept	No Path Found
	630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	Proof of Concept	No Path Found
	555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-174736	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	Proof of Concept	No Path Found
	555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-31573	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	Proof of Concept	No Path Found
	555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	Proof of Concept	No Path Found
	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	Mature	No Path Found
	555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467014	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	675/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467015	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	Mature	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467016	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-469674	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-469676	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	555/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	Proof of Concept	No Path Found
	630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	Proof of Concept	No Path Found
	630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-559106	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	Proof of Concept	No Path Found
	630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	Proof of Concept	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	Proof of Concept	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	630/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	Proof of Concept	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72445	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72446	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72447	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72448	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72449	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72450	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72451	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72882	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72883	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	563/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72884	net.logstash.logback:logstash-logback-encoder: 4.11 -> 6.3	Yes	No Known Exploit	No Path Found
	580/1000 Why? Has a fix available, CVSS 8.6	Improper Input Validation SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832		Yes	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Information Exposure SNYK-JAVA-ORGSPRINGFRAMEWORK-31689		No	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Multipart Content Pollution SNYK-JAVA-ORGSPRINGFRAMEWORK-32199		No	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Directory Traversal SNYK-JAVA-ORGSPRINGFRAMEWORK-32202		No	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Cross-Site Tracing (XST) SNYK-JAVA-ORGSPRINGFRAMEWORK-451604		No	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Multipart Content Pollution SNYK-JAVA-ORGSPRINGFRAMEWORK-460644		No	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Information Exposure SNYK-JAVA-ORGSPRINGFRAMEWORK-467268		No	No Known Exploit	No Path Found
	335/1000 Why? Has a fix available, CVSS 3.7	Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-72470		No	No Known Exploit	No Path Found

(*) Note that the real score may have changed since the PR was raised.

Vulnerabilities that could not be fixed

• Upgrade:
  • Could not upgrade org.springframework.hateoas:[email protected] to org.springframework.hateoas:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.6.RELEASE/spring-boot-dependencies-1.5.6.RELEASE.pom

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic