Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update mockito monorepo to v5 (major) #43

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+2 −2

Update mockito monorepo to v5

b19dee4
Select commit
Loading
Failed to load commit list.
Open

Update mockito monorepo to v5 (major) #43

Update mockito monorepo to v5
b19dee4
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Oct 15, 2024 in 4m 13s

Security Report

18 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2024-25710

Path to dependency file: /modules/roadmap-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar

Dependency Hierarchy:

-> ❌ commons-compress-1.23.0.jar (Vulnerable Library)

High 8.1 commons-compress-1.23.0.jar Upgrade to version: org.apache.commons:commons-compress:1.26.0 #275
CVE-2024-6162

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /modules/roadmap-all/pom.xml,/modules/roadmap-commons/pom.xml,/modules/roadmap-router-service/pom.xml

Dependency Hierarchy:

-> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library)

High 7.5 undertow-core-2.3.0.Alpha1.jar Upgrade to version: io.undertow:undertow-core:2.3.14.Final None
CVE-2024-5971

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /modules/roadmap-all/pom.xml,/modules/roadmap-commons/pom.xml,/modules/roadmap-router-service/pom.xml

Dependency Hierarchy:

-> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library)

High 7.5 undertow-core-2.3.0.Alpha1.jar None
CVE-2024-1635

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /modules/roadmap-all/pom.xml,/modules/roadmap-commons/pom.xml,/modules/roadmap-router-service/pom.xml

Dependency Hierarchy:

-> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library)

High 7.5 undertow-core-2.3.0.Alpha1.jar Upgrade to version: io.undertow:undertow-core:2.3.12.Final None
CVE-2023-5685

Path to dependency file: /modules/roadmap-commons/pom.xml

Path to vulnerable library: /modules/roadmap-commons/pom.xml,/modules/roadmap-router-service/pom.xml,/modules/roadmap-all/pom.xml

Dependency Hierarchy:

-> undertow-core-2.3.0.Alpha1.jar (Root Library)

   -> ❌ xnio-api-3.8.7.Final.jar (Vulnerable Library)

High 7.5 xnio-api-3.8.7.Final.jar #274
CVE-2023-1108

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /modules/roadmap-all/pom.xml,/modules/roadmap-commons/pom.xml,/modules/roadmap-router-service/pom.xml

Dependency Hierarchy:

-> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library)

High 7.5 undertow-core-2.3.0.Alpha1.jar Upgrade to version: org.teiid:vdb-base-builder - 1.6.0;io.syndesis.server:server-runtime - 1.3.5,1.13.1;io.syndesis.meta:meta - 1.13.1,1.3.5,1.13.1 #227
CVE-2022-4492

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /modules/roadmap-all/pom.xml,/modules/roadmap-commons/pom.xml,/modules/roadmap-router-service/pom.xml

Dependency Hierarchy:

-> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library)

High 7.5 undertow-core-2.3.0.Alpha1.jar Upgrade to version: io.undertow:undertow-core:2.2.24.Final,2.3.5.Final, io.undertow:undertow-examples:2.2.24.Final,2.3.5.Final, io.undertow:undertow-benchmarks:2.2.24.Final,2.3.5.Final #226
CVE-2022-42004

Path to dependency file: /modules/roadmap-router-service/pom.xml

Path to vulnerable library: /modules/roadmap-router-service/pom.xml,/modules/roadmap-all/pom.xml,/modules/roadmap-commons/pom.xml

Dependency Hierarchy:

-> logstash-logback-encoder-6.6.jar (Root Library)

   -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library)

High 7.5 jackson-databind-2.12.0.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.13.4 #219
CVE-2022-42003

Path to dependency file: /modules/roadmap-router-service/pom.xml

Path to vulnerable library: /modules/roadmap-router-service/pom.xml,/modules/roadmap-all/pom.xml,/modules/roadmap-commons/pom.xml

Dependency Hierarchy:

-> logstash-logback-encoder-6.6.jar (Root Library)

   -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library)

High 7.5 jackson-databind-2.12.0.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.7.1,2.13.4.2 #220
CVE-2022-1319

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /modules/roadmap-all/pom.xml,/modules/roadmap-commons/pom.xml,/modules/roadmap-router-service/pom.xml

Dependency Hierarchy:

-> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library)

High 7.5 undertow-core-2.3.0.Alpha1.jar Upgrade to version: io.undertow:undertow-core:2.2.18.Final,2.3.0.Final #231
CVE-2022-0084

Path to dependency file: /modules/roadmap-commons/pom.xml

Path to vulnerable library: /modules/roadmap-commons/pom.xml,/modules/roadmap-router-service/pom.xml,/modules/roadmap-all/pom.xml

Dependency Hierarchy:

-> undertow-core-2.3.0.Alpha1.jar (Root Library)

   -> ❌ xnio-api-3.8.7.Final.jar (Vulnerable Library)

High 7.5 xnio-api-3.8.7.Final.jar Upgrade to version: org.jboss.xnio:xnio-api:3.8.8.Final #212
CVE-2021-46877

Path to dependency file: /modules/roadmap-router-service/pom.xml

Path to vulnerable library: /modules/roadmap-router-service/pom.xml,/modules/roadmap-all/pom.xml,/modules/roadmap-commons/pom.xml

Dependency Hierarchy:

-> logstash-logback-encoder-6.6.jar (Root Library)

   -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library)

High 7.5 jackson-databind-2.12.0.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6,2.13.1 None
CVE-2020-36518

Path to dependency file: /modules/roadmap-router-service/pom.xml

Path to vulnerable library: /modules/roadmap-router-service/pom.xml,/modules/roadmap-all/pom.xml,/modules/roadmap-commons/pom.xml

Dependency Hierarchy:

-> logstash-logback-encoder-6.6.jar (Root Library)

   -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library)

High 7.5 jackson-databind-2.12.0.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6.1,2.13.2.1 #200
CVE-2023-6378

Path to dependency file: /modules/roadmap-router-service/pom.xml

Path to vulnerable library: /modules/roadmap-router-service/pom.xml,/modules/roadmap-commons/pom.xml,/modules/roadmap-all/pom.xml

Dependency Hierarchy:

-> ❌ logback-classic-1.4.8.jar (Vulnerable Library)

High 7.1 logback-classic-1.4.8.jar Upgrade to version: ch.qos.logback:logback-classic:1.3.12,1.4.12 None
WS-2021-0616

Path to dependency file: /modules/roadmap-router-service/pom.xml

Path to vulnerable library: /modules/roadmap-router-service/pom.xml,/modules/roadmap-all/pom.xml,/modules/roadmap-commons/pom.xml

Dependency Hierarchy:

-> logstash-logback-encoder-6.6.jar (Root Library)

   -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library)

Medium 5.9 jackson-databind-2.12.0.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6, 2.13.1; com.fasterxml.jackson.core:jackson-core:2.12.6, 2.13.1 None
CVE-2024-26308

Path to dependency file: /modules/roadmap-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar

Dependency Hierarchy:

-> ❌ commons-compress-1.23.0.jar (Vulnerable Library)

Medium 5.5 commons-compress-1.23.0.jar Upgrade to version: org.apache.commons:commons-compress:1.26.0 #272
CVE-2023-42503

Path to dependency file: /modules/roadmap-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar

Dependency Hierarchy:

-> ❌ commons-compress-1.23.0.jar (Vulnerable Library)

Medium 5.5 commons-compress-1.23.0.jar Upgrade to version: org.apache.commons:commons-compress:1.24.0 #271
CVE-2023-2976

Path to dependency file: /modules/roadmap-commons/pom.xml

Path to vulnerable library: /modules/roadmap-commons/pom.xml,/modules/roadmap-all/pom.xml,/modules/roadmap-router-service/pom.xml

Dependency Hierarchy:

-> ❌ guava-30.1.1-jre.jar (Vulnerable Library)

Medium 5.5 guava-30.1.1-jre.jar Upgrade to version: com.google.guava:guava:32.0.1-android,32.0.1-jre #273

Base branch total remaining vulnerabilities: 0
Base branch commit: 4aeb0ef98df9663437b823e7139ba8458da43cdb


Total libraries scanned: 52

Scan token: 2f9d2b9698254d009120553978d09912

View more details on Mend Bolt for GitHub