fix(deps): update dependency commons-io:commons-io to v2.14.0 [security] #1246

renovate-bot · 2024-10-03T17:20:51Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
commons-io:commons-io (source)	`2.13.0` -> `2.14.0`

GitHub Vulnerability Alerts

CVE-2024-47554

Uncontrolled Resource Consumption vulnerability in Apache Commons IO.

The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.

This issue affects Apache Commons IO: from 2.0 before 2.14.0.

Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate-bot requested a review from a team as a code owner October 3, 2024 17:20

forking-renovate bot added the automerge Merge the pull request once unit tests and other checks pass. label Oct 3, 2024

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 3, 2024

blunderbuss-gcf bot assigned grayside Oct 3, 2024

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Oct 3, 2024

gcf-merge-on-green bot removed the automerge Merge the pull request once unit tests and other checks pass. label Oct 4, 2024

renovate-bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from d730349 to 2c0f040 Compare May 28, 2025 17:50

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 28, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 28, 2025

renovate-bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from 2c0f040 to 8fbcdba Compare May 29, 2025 03:24

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

renovate-bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from 8fbcdba to 19e6670 Compare May 29, 2025 12:57

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

renovate-bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from 19e6670 to 20bfa0a Compare May 30, 2025 00:38

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

renovate-bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from 20bfa0a to cf52654 Compare May 30, 2025 13:01

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

renovate-bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from cf52654 to 02fe365 Compare May 31, 2025 03:06

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

renovate-bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from 02fe365 to 6dd02e4 Compare May 31, 2025 10:40

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

renovate-bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from 6dd02e4 to 515ba92 Compare May 31, 2025 18:49

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 5, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 5, 2025

renovate-bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from 07ed287 to c02a0db Compare July 5, 2025 20:00

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 5, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 5, 2025

renovate-bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from c02a0db to 985790c Compare July 6, 2025 03:29

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 6, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 6, 2025

renovate-bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from 985790c to 7cd7569 Compare July 6, 2025 11:03

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 6, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 6, 2025

renovate-bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from 7cd7569 to 615274d Compare July 6, 2025 19:55

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 6, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 6, 2025

renovate-bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from 615274d to 0aae933 Compare July 7, 2025 03:51

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 7, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 7, 2025

renovate-bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from 0aae933 to 1f29a6e Compare July 7, 2025 18:24

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 7, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 7, 2025

renovate-bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from 1f29a6e to 3781f08 Compare July 8, 2025 09:04

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 8, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 8, 2025

renovate-bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from 3781f08 to a5fc10e Compare July 9, 2025 00:46

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 9, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 9, 2025

fix(deps): update dependency commons-io:commons-io to v2.14.0 [security]

ba8142a

renovate-bot force-pushed the renovate/maven-commons-io-commons-io-vulnerability branch from a5fc10e to ba8142a Compare July 9, 2025 18:14

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 9, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 9, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(deps): update dependency commons-io:commons-io to v2.14.0 [security] #1246

fix(deps): update dependency commons-io:commons-io to v2.14.0 [security] #1246

Uh oh!

renovate-bot commented Oct 3, 2024

Uh oh!

Uh oh!

fix(deps): update dependency commons-io:commons-io to v2.14.0 [security] #1246

Are you sure you want to change the base?

fix(deps): update dependency commons-io:commons-io to v2.14.0 [security] #1246

Uh oh!

Conversation

renovate-bot commented Oct 3, 2024

GitHub Vulnerability Alerts

CVE-2024-47554

Configuration

Uh oh!

Uh oh!