chore(deps): update github-actions #216

renovate · 2024-12-01T00:27:51Z

This PR contains the following updates:

Package	Type	Update	Change
github/codeql-action	action	minor	`v2.27.4` -> `v2.28.0`
miracum/.github	action	patch	`v1.12.10` -> `v1.12.12`

Release Notes

github/codeql-action (github/codeql-action)

`v2.28.0`

Compare Source

`v2.27.9`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

2.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

`v2.27.8`

Compare Source

`v2.27.7`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

2.27.7 - 10 Dec 2024

We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631
Update default CodeQL bundle version to 2.20.0. #2636

See the full CHANGELOG.md for more information.

`v2.27.6`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

2.27.6 - 03 Dec 2024

Update default CodeQL bundle version to 2.19.4. #2626

See the full CHANGELOG.md for more information.

`v2.27.5`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

2.27.5 - 19 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

miracum/.github (miracum/.github)

`v1.12.12`

Compare Source

Miscellaneous Chores

deps: update oxsecurity/megalinter action to v8.3.0 (#99) (abfae50)

`v1.12.11`

Compare Source

Miscellaneous Chores

deps: update dependency gradle to v8.11.1 (#97) (d49d346)
deps: update github-actions (#98) (ec147b5)

Configuration

📅 Schedule: Branch creation - "* 0-3 1 * *" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2024-12-01T00:31:03Z

🦙 MegaLinter status: ❌ ERROR

Descriptor	Linter	Files	Errors	Elapsed time
✅ ACTION	actionlint	6	0	0.11s
✅ BASH	bash-exec	2	0	0.01s
✅ BASH	shellcheck	2	0	0.18s
✅ BASH	shfmt	2	0	0.0s
✅ DOCKERFILE	hadolint	2	0	0.2s
✅ EDITORCONFIG	editorconfig-checker	89	0	0.5s
✅ ENV	dotenv-linter	1	0	0.01s
✅ JSON	jsonlint	3	0	0.25s
✅ JSON	prettier	3	0	0.5s
✅ JSON	v8r	3	0	3.53s
⚠️ MARKDOWN	markdownlint	8	97	1.52s
⚠️ MARKDOWN	markdown-table-formatter	8	1	0.53s
✅ PYTHON	bandit	7	0	2.4s
✅ PYTHON	black	7	0	2.21s
✅ PYTHON	flake8	7	0	1.04s
✅ PYTHON	isort	7	0	0.41s
✅ PYTHON	mypy	7	0	3.25s
✅ PYTHON	pyright	7	0	8.08s
✅ PYTHON	ruff	7	0	0.03s
❌ REPOSITORY	checkov	yes	13	28.96s
✅ REPOSITORY	dustilock	yes	no	3.29s
✅ REPOSITORY	gitleaks	yes	no	2.54s
✅ REPOSITORY	git_diff	yes	no	0.05s
✅ REPOSITORY	grype	yes	no	16.11s
✅ REPOSITORY	kics	yes	no	44.14s
✅ REPOSITORY	secretlint	yes	no	1.19s
✅ REPOSITORY	syft	yes	no	2.29s
❌ REPOSITORY	trivy	yes	1	11.73s
✅ REPOSITORY	trivy-sbom	yes	no	0.2s
✅ REPOSITORY	trufflehog	yes	no	4.25s
✅ XML	xmllint	3	0	0.02s
✅ YAML	prettier	28	0	1.06s
✅ YAML	v8r	28	0	44.41s
✅ YAML	yamllint	28	0	1.28s

See detailed report in MegaLinter reports

You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.

Click here to request the new flavor

MegaLinter is graciously provided by

github-actions · 2024-12-20T21:13:35Z

Trivy image scan report

`ghcr.io/bzkf/onco-analytics-on-fhir/decompose-xmls:pr-216 (debian 12.7)`

8 known vulnerabilities found (CRITICAL: 2 HIGH: 2 MEDIUM: 2 LOW: 2)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`libexpat1`	CVE-2024-45491	CRITICAL	2.5.0-1	2.5.0-1+deb12u1
`libexpat1`	CVE-2024-45492	CRITICAL	2.5.0-1	2.5.0-1+deb12u1
`libexpat1`	CVE-2024-45490	HIGH	2.5.0-1	2.5.0-1+deb12u1
`libsqlite3-0`	CVE-2023-7104	HIGH	3.40.1-2	3.40.1-2+deb12u1
`libssl3`	CVE-2024-5535	MEDIUM	3.0.14-1~deb12u2	3.0.15-1~deb12u1
`libssl3`	CVE-2024-9143	LOW	3.0.14-1~deb12u2	3.0.15-1~deb12u1
`openssl`	CVE-2024-5535	MEDIUM	3.0.14-1~deb12u2	3.0.15-1~deb12u1
`openssl`	CVE-2024-9143	LOW	3.0.14-1~deb12u2	3.0.15-1~deb12u1

No Misconfigurations found

`Python`

No Vulnerabilities found

No Misconfigurations found

github-actions · 2024-12-20T21:16:52Z

Trivy image scan report

`ghcr.io/bzkf/onco-analytics-on-fhir/obds-fhir-to-opal:pr-216 (debian 12.5)`

53 known vulnerabilities found (HIGH: 21 MEDIUM: 24 LOW: 4 CRITICAL: 4)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`bsdutils`	CVE-2024-28085	HIGH	1:2.38.1-5+b1	2.38.1-5+deb12u1
`libblkid1`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1
`libc-bin`	CVE-2024-2961	HIGH	2.36-9+deb12u4	2.36-9+deb12u6
`libc-bin`	CVE-2024-33599	HIGH	2.36-9+deb12u4	2.36-9+deb12u7
`libc-bin`	CVE-2024-33600	MEDIUM	2.36-9+deb12u4	2.36-9+deb12u7
`libc-bin`	CVE-2024-33601	MEDIUM	2.36-9+deb12u4	2.36-9+deb12u7
`libc-bin`	CVE-2024-33602	MEDIUM	2.36-9+deb12u4	2.36-9+deb12u7
`libc6`	CVE-2024-2961	HIGH	2.36-9+deb12u4	2.36-9+deb12u6
`libc6`	CVE-2024-33599	HIGH	2.36-9+deb12u4	2.36-9+deb12u7
`libc6`	CVE-2024-33600	MEDIUM	2.36-9+deb12u4	2.36-9+deb12u7
`libc6`	CVE-2024-33601	MEDIUM	2.36-9+deb12u4	2.36-9+deb12u7
`libc6`	CVE-2024-33602	MEDIUM	2.36-9+deb12u4	2.36-9+deb12u7
`libgnutls30`	CVE-2024-28834	MEDIUM	3.7.9-2+deb12u2	3.7.9-2+deb12u3
`libgnutls30`	CVE-2024-28835	MEDIUM	3.7.9-2+deb12u2	3.7.9-2+deb12u3
`libgssapi-krb5-2`	CVE-2024-37371	CRITICAL	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libgssapi-krb5-2`	CVE-2024-37370	HIGH	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libk5crypto3`	CVE-2024-37371	CRITICAL	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libk5crypto3`	CVE-2024-37370	HIGH	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libkrb5-3`	CVE-2024-37371	CRITICAL	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libkrb5-3`	CVE-2024-37370	HIGH	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libkrb5support0`	CVE-2024-37371	CRITICAL	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libkrb5support0`	CVE-2024-37370	HIGH	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libmount1`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1
`libsmartcols1`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1
`libsqlite3-0`	CVE-2023-7104	HIGH	3.40.1-2	3.40.1-2+deb12u1
`libssl3`	CVE-2023-5678	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`libssl3`	CVE-2023-6129	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`libssl3`	CVE-2023-6237	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`libssl3`	CVE-2024-0727	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`libssl3`	CVE-2024-4603	MEDIUM	3.0.11-1~deb12u2	3.0.14-1~deb12u1
`libssl3`	CVE-2024-4741	MEDIUM	3.0.11-1~deb12u2	3.0.14-1~deb12u1
`libssl3`	CVE-2024-5535	MEDIUM	3.0.11-1~deb12u2	3.0.15-1~deb12u1
`libssl3`	CVE-2024-6119	MEDIUM	3.0.11-1~deb12u2	3.0.14-1~deb12u2
`libssl3`	CVE-2024-2511	LOW	3.0.11-1~deb12u2	3.0.14-1~deb12u1
`libssl3`	CVE-2024-9143	LOW	3.0.11-1~deb12u2	3.0.15-1~deb12u1
`libsystemd0`	CVE-2023-50387	HIGH	252.22-1~deb12u1	252.23-1~deb12u1
`libsystemd0`	CVE-2023-50868	HIGH	252.22-1~deb12u1	252.23-1~deb12u1
`libudev1`	CVE-2023-50387	HIGH	252.22-1~deb12u1	252.23-1~deb12u1
`libudev1`	CVE-2023-50868	HIGH	252.22-1~deb12u1	252.23-1~deb12u1
`libuuid1`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1
`mount`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1
`openssl`	CVE-2023-5678	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`openssl`	CVE-2023-6129	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`openssl`	CVE-2023-6237	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`openssl`	CVE-2024-0727	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`openssl`	CVE-2024-4603	MEDIUM	3.0.11-1~deb12u2	3.0.14-1~deb12u1
`openssl`	CVE-2024-4741	MEDIUM	3.0.11-1~deb12u2	3.0.14-1~deb12u1
`openssl`	CVE-2024-5535	MEDIUM	3.0.11-1~deb12u2	3.0.15-1~deb12u1
`openssl`	CVE-2024-6119	MEDIUM	3.0.11-1~deb12u2	3.0.14-1~deb12u2
`openssl`	CVE-2024-2511	LOW	3.0.11-1~deb12u2	3.0.14-1~deb12u1
`openssl`	CVE-2024-9143	LOW	3.0.11-1~deb12u2	3.0.15-1~deb12u1
`util-linux`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1
`util-linux-extra`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1

No Misconfigurations found

`Java`

296 known vulnerabilities found (CRITICAL: 22 HIGH: 151 MEDIUM: 100 LOW: 23)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-45294	HIGH	5.6.971	6.3.23
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-45294	HIGH	5.6.971	6.3.23
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-45294	HIGH	5.6.971	6.3.23
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-51132	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-51132	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-51132	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-52007	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-52007	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-52007	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-45294	HIGH	5.6.971	6.3.23
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-45294	HIGH	5.6.971	6.3.23
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-45294	HIGH	5.6.971	6.3.23
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-51132	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-51132	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-51132	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-52007	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-52007	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-52007	HIGH	5.6.971	6.4.0
`ch.qos.logback:logback-classic`	CVE-2023-6378	HIGH	1.2.11	1.3.12, 1.4.12, 1.2.13
`ch.qos.logback:logback-classic`	CVE-2023-6378	HIGH	1.2.11	1.3.12, 1.4.12, 1.2.13
`ch.qos.logback:logback-core`	CVE-2023-6378	HIGH	1.2.11	1.3.12, 1.4.12, 1.2.13
`ch.qos.logback:logback-core`	CVE-2023-6378	HIGH	1.2.11	1.3.12, 1.4.12, 1.2.13
`ch.qos.logback:logback-core`	CVE-2024-12798	MEDIUM	1.2.11	1.5.13
`ch.qos.logback:logback-core`	CVE-2024-12798	MEDIUM	1.2.11	1.5.13
`ch.qos.logback:logback-core`	CVE-2024-12801	LOW	1.2.11	1.5.13
`ch.qos.logback:logback-core`	CVE-2024-12801	LOW	1.2.11	1.5.13
`com.amazonaws:aws-java-sdk-s3`	CVE-2022-31159	HIGH	1.11.1026	1.12.261
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36518	HIGH	2.11.4	2.13.2.1, 2.12.6.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2021-46877	HIGH	2.11.4	2.12.6, 2.13.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42003	HIGH	2.11.4	2.12.7.1, 2.13.4.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42004	HIGH	2.11.4	2.12.7.1, 2.13.4
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36518	HIGH	2.13.0	2.13.2.1, 2.12.6.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36518	HIGH	2.13.0	2.13.2.1, 2.12.6.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36518	HIGH	2.13.0	2.13.2.1, 2.12.6.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2021-46877	HIGH	2.13.0	2.12.6, 2.13.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2021-46877	HIGH	2.13.0	2.12.6, 2.13.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2021-46877	HIGH	2.13.0	2.12.6, 2.13.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42003	HIGH	2.13.0	2.12.7.1, 2.13.4.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42003	HIGH	2.13.0	2.12.7.1, 2.13.4.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42003	HIGH	2.13.0	2.12.7.1, 2.13.4.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42004	HIGH	2.13.0	2.12.7.1, 2.13.4
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42004	HIGH	2.13.0	2.12.7.1, 2.13.4
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42004	HIGH	2.13.0	2.12.7.1, 2.13.4
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42003	HIGH	2.13.4	2.12.7.1, 2.13.4.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2017-17485	CRITICAL	2.6.7.4	2.9.4, 2.8.11, 2.7.9.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2018-11307	CRITICAL	2.6.7.4	2.7.9.4, 2.8.11.2, 2.9.6
`com.fasterxml.jackson.core:jackson-databind`	CVE-2018-14719	CRITICAL	2.6.7.4	2.9.7, 2.8.11.3, 2.7.9.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2018-7489	CRITICAL	2.6.7.4	2.8.11.1, 2.9.5, 2.7.9.3, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2019-14379	CRITICAL	2.6.7.4	2.9.9.2, 2.8.11.4, 2.7.9.6
`com.fasterxml.jackson.core:jackson-databind`	CVE-2019-17267	CRITICAL	2.6.7.4	2.9.10, 2.8.11.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-9547	CRITICAL	2.6.7.4	2.9.10.4, 2.8.11.6, 2.7.9.7
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-9548	CRITICAL	2.6.7.4	2.9.10.4, 2.8.11.6, 2.7.9.7
`com.fasterxml.jackson.core:jackson-databind`	CVE-2018-12022	HIGH	2.6.7.4	2.7.9.4, 2.8.11.2, 2.9.6
`com.fasterxml.jackson.core:jackson-databind`	CVE-2018-5968	HIGH	2.6.7.4	2.8.11.1, 2.9.4, 2.7.9.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-10650	HIGH	2.6.7.4	2.9.10.4
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-24616	HIGH	2.6.7.4	2.9.10.6
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-24750	HIGH	2.6.7.4	2.6.7.5, 2.9.10.6
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-35490	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-35491	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-35728	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36179	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36180	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36181	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36182	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36183	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36184	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36185	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36186	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36187	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36188	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36189	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36518	HIGH	2.6.7.4	2.13.2.1, 2.12.6.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2021-20190	HIGH	2.6.7.4	2.9.10.7, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42003	HIGH	2.6.7.4	2.12.7.1, 2.13.4.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42004	HIGH	2.6.7.4	2.12.7.1, 2.13.4
`com.fasterxml.woodstox:woodstox-core`	CVE-2022-40152	MEDIUM	5.3.0	6.4.0, 5.4.0
`com.fasterxml.woodstox:woodstox-core`	CVE-2022-40152	MEDIUM	5.3.0	6.4.0, 5.4.0
`com.fasterxml.woodstox:woodstox-core`	CVE-2022-40152	MEDIUM	5.3.0	6.4.0, 5.4.0
`com.google.code.gson:gson`	CVE-2022-25647	HIGH	2.2.4	2.8.9
`com.google.code.gson:gson`	CVE-2022-25647	HIGH	2.8.6	2.8.9
`com.google.guava:guava`	CVE-2018-10237	MEDIUM	14.0.1	24.1.1-android
`com.google.guava:guava`	CVE-2018-10237	MEDIUM	14.0.1	24.1.1-android
`com.google.guava:guava`	CVE-2018-10237	MEDIUM	14.0.1	24.1.1-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	14.0.1	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	14.0.1	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	14.0.1	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	14.0.1	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	14.0.1	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	14.0.1	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	31.0.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	31.0.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	31.0.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	31.0.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	31.0.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	31.0.1-jre	32.0.0-android
`com.google.protobuf:protobuf-java`	CVE-2021-22569	HIGH	2.5.0	3.16.1, 3.18.2, 3.19.2
`com.google.protobuf:protobuf-java`	CVE-2021-22570	HIGH	2.5.0	3.15.0
`com.google.protobuf:protobuf-java`	CVE-2022-3509	HIGH	2.5.0	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3510	HIGH	2.5.0	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2024-7254	HIGH	2.5.0	3.25.5, 4.27.5, 4.28.2
`com.google.protobuf:protobuf-java`	CVE-2022-3171	MEDIUM	2.5.0	3.21.7, 3.20.3, 3.19.6, 3.16.3
`com.google.protobuf:protobuf-java`	CVE-2021-22569	HIGH	3.3.0	3.16.1, 3.18.2, 3.19.2
`com.google.protobuf:protobuf-java`	CVE-2021-22570	HIGH	3.3.0	3.15.0
`com.google.protobuf:protobuf-java`	CVE-2022-3509	HIGH	3.3.0	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3510	HIGH	3.3.0	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2024-7254	HIGH	3.3.0	3.25.5, 4.27.5, 4.28.2
`com.google.protobuf:protobuf-java`	CVE-2022-3171	MEDIUM	3.3.0	3.21.7, 3.20.3, 3.19.6, 3.16.3
`com.google.protobuf:protobuf-java`	CVE-2021-22569	HIGH	3.7.1	3.16.1, 3.18.2, 3.19.2
`com.google.protobuf:protobuf-java`	CVE-2021-22569	HIGH	3.7.1	3.16.1, 3.18.2, 3.19.2
`com.google.protobuf:protobuf-java`	CVE-2021-22569	HIGH	3.7.1	3.16.1, 3.18.2, 3.19.2
`com.google.protobuf:protobuf-java`	CVE-2021-22570	HIGH	3.7.1	3.15.0
`com.google.protobuf:protobuf-java`	CVE-2021-22570	HIGH	3.7.1	3.15.0
`com.google.protobuf:protobuf-java`	CVE-2021-22570	HIGH	3.7.1	3.15.0
`com.google.protobuf:protobuf-java`	CVE-2022-3509	HIGH	3.7.1	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3509	HIGH	3.7.1	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3509	HIGH	3.7.1	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3510	HIGH	3.7.1	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3510	HIGH	3.7.1	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3510	HIGH	3.7.1	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2024-7254	HIGH	3.7.1	3.25.5, 4.27.5, 4.28.2
`com.google.protobuf:protobuf-java`	CVE-2024-7254	HIGH	3.7.1	3.25.5, 4.27.5, 4.28.2
`com.google.protobuf:protobuf-java`	CVE-2024-7254	HIGH	3.7.1	3.25.5, 4.27.5, 4.28.2
`com.google.protobuf:protobuf-java`	CVE-2022-3171	MEDIUM	3.7.1	3.21.7, 3.20.3, 3.19.6, 3.16.3
`com.google.protobuf:protobuf-java`	CVE-2022-3171	MEDIUM	3.7.1	3.21.7, 3.20.3, 3.19.6, 3.16.3
`com.google.protobuf:protobuf-java`	CVE-2022-3171	MEDIUM	3.7.1	3.21.7, 3.20.3, 3.19.6, 3.16.3
`com.nimbusds:nimbus-jose-jwt`	CVE-2023-52428	HIGH	9.8.1	9.37.2
`com.nimbusds:nimbus-jose-jwt`	CVE-2023-52428	HIGH	9.8.1	9.37.2
`com.nimbusds:nimbus-jose-jwt`	CVE-2023-52428	HIGH	9.8.1	9.37.2
`com.squareup.okio:okio`	CVE-2023-3635	MEDIUM	1.14.0	3.4.0, 1.17.6
`com.squareup.okio:okio`	CVE-2023-3635	MEDIUM	1.6.0	3.4.0, 1.17.6
`com.squareup.okio:okio`	CVE-2023-3635	MEDIUM	1.6.0	3.4.0, 1.17.6
`com.squareup.okio:okio`	CVE-2023-3635	MEDIUM	1.6.0	3.4.0, 1.17.6
`com.squareup.okio:okio-jvm`	CVE-2023-3635	MEDIUM	3.2.0	3.4.0
`com.squareup.okio:okio-jvm`	CVE-2023-3635	MEDIUM	3.2.0	3.4.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.11.0	2.14.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.11.0	2.14.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.11.0	2.14.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.11.0	2.14.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.8.0	2.14.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.8.0	2.14.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.8.0	2.14.0
`commons-net:commons-net`	CVE-2021-37533	MEDIUM	3.6	3.9.0
`commons-net:commons-net`	CVE-2021-37533	MEDIUM	3.6	3.9.0
`commons-net:commons-net`	CVE-2021-37533	MEDIUM	3.6	3.9.0
`dnsjava:dnsjava`	CVE-2024-25638	HIGH	2.1.7	3.6.0
`dnsjava:dnsjava`	CVE-2024-25638	HIGH	2.1.7	3.6.0
`dnsjava:dnsjava`	CVE-2024-25638	HIGH	2.1.7	3.6.0
`io.airlift:aircompressor`	CVE-2024-36114	HIGH	0.21	0.27
`io.netty:netty`	CVE-2019-20444	CRITICAL	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2019-20444	CRITICAL	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2015-2156	HIGH	3.7.0.Final	3.10.3.Final, 3.9.8.Final
`io.netty:netty`	CVE-2015-2156	HIGH	3.7.0.Final	3.10.3.Final, 3.9.8.Final
`io.netty:netty`	CVE-2021-37136	HIGH	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-37136	HIGH	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-37137	HIGH	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-37137	HIGH	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2014-0193	MEDIUM	3.7.0.Final	3.6.9.Final, 3.7.1.Final, 3.8.2.Final, 3.9.1.Final, 4.0.19.Final
`io.netty:netty`	CVE-2014-0193	MEDIUM	3.7.0.Final	3.6.9.Final, 3.7.1.Final, 3.8.2.Final, 3.9.1.Final, 4.0.19.Final
`io.netty:netty`	CVE-2019-20445	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2019-20445	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-21290	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-21290	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-21295	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-21295	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-21409	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-21409	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-43797	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-43797	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty-codec`	CVE-2021-37136	HIGH	4.1.61.Final	4.1.68.Final
`io.netty:netty-codec`	CVE-2021-37137	HIGH	4.1.61.Final	4.1.68.Final
`io.netty:netty-codec-http`	CVE-2021-43797	MEDIUM	4.1.61.Final	4.1.71.Final
`io.netty:netty-codec-http`	CVE-2022-24823	MEDIUM	4.1.61.Final	4.1.77.Final
`io.netty:netty-codec-http`	CVE-2024-29025	MEDIUM	4.1.61.Final	4.1.108.Final
`io.netty:netty-common`	CVE-2024-47535	MEDIUM	4.1.61.Final	4.1.115
`io.netty:netty-common`	CVE-2024-47535	MEDIUM	4.1.74.Final	4.1.115
`io.netty:netty-common`	CVE-2024-47535	MEDIUM	4.1.74.Final	4.1.115
`io.netty:netty-handler`	CVE-2023-34462	MEDIUM	4.1.61.Final	4.1.94.Final
`io.netty:netty-handler`	CVE-2023-34462	MEDIUM	4.1.74.Final	4.1.94.Final
`io.netty:netty-handler`	CVE-2023-34462	MEDIUM	4.1.74.Final	4.1.94.Final
`net.minidev:json-smart`	CVE-2021-31684	HIGH	1.3.2	1.3.3, 2.4.4
`net.minidev:json-smart`	CVE-2021-31684	HIGH	1.3.2	1.3.3, 2.4.4
`net.minidev:json-smart`	CVE-2021-31684	HIGH	1.3.2	1.3.3, 2.4.4
`net.minidev:json-smart`	CVE-2023-1370	HIGH	1.3.2	2.4.9
`net.minidev:json-smart`	CVE-2023-1370	HIGH	1.3.2	2.4.9
`net.minidev:json-smart`	CVE-2023-1370	HIGH	1.3.2	2.4.9
`org.apache.avro:avro`	CVE-2024-47561	CRITICAL	1.11.0	1.11.4
`org.apache.avro:avro`	CVE-2023-39410	HIGH	1.11.0	1.11.3
`org.apache.avro:avro`	CVE-2024-47561	CRITICAL	1.7.7	1.11.4
`org.apache.avro:avro`	CVE-2024-47561	CRITICAL	1.7.7	1.11.4
`org.apache.avro:avro`	CVE-2024-47561	CRITICAL	1.7.7	1.11.4
`org.apache.avro:avro`	CVE-2023-39410	HIGH	1.7.7	1.11.3
`org.apache.avro:avro`	CVE-2023-39410	HIGH	1.7.7	1.11.3
`org.apache.avro:avro`	CVE-2023-39410	HIGH	1.7.7	1.11.3
`org.apache.commons:commons-compress`	CVE-2024-25710	HIGH	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-25710	HIGH	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-25710	HIGH	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-25710	HIGH	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-26308	MEDIUM	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-26308	MEDIUM	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-26308	MEDIUM	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-26308	MEDIUM	1.21	1.26.0
`org.apache.commons:commons-configuration2`	CVE-2024-29131	MEDIUM	2.1.1	2.10.1
`org.apache.commons:commons-configuration2`	CVE-2024-29131	MEDIUM	2.1.1	2.10.1
`org.apache.commons:commons-configuration2`	CVE-2024-29131	MEDIUM	2.1.1	2.10.1
`org.apache.commons:commons-configuration2`	CVE-2024-29133	MEDIUM	2.1.1	2.10.1
`org.apache.commons:commons-configuration2`	CVE-2024-29133	MEDIUM	2.1.1	2.10.1
`org.apache.commons:commons-configuration2`	CVE-2024-29133	MEDIUM	2.1.1	2.10.1
`org.apache.derby:derby`	CVE-2022-46337	CRITICAL	10.14.2.0	10.14.3, 10.15.2.1, 10.16.1.2, 10.17.1.0
`org.apache.hadoop:hadoop-common`	CVE-2022-25168	CRITICAL	3.3.2	2.10.2, 3.2.4, 3.3.3
`org.apache.hadoop:hadoop-common`	CVE-2022-25168	CRITICAL	3.3.2	2.10.2, 3.2.4, 3.3.3
`org.apache.hadoop:hadoop-common`	CVE-2022-25168	CRITICAL	3.3.2	2.10.2, 3.2.4, 3.3.3
`org.apache.hadoop:hadoop-common`	CVE-2024-23454	LOW	3.3.2	3.4.0
`org.apache.hadoop:hadoop-common`	CVE-2024-23454	LOW	3.3.2	3.4.0
`org.apache.hadoop:hadoop-common`	CVE-2024-23454	LOW	3.3.2	3.4.0
`org.apache.ivy:ivy`	CVE-2022-46751	HIGH	2.5.1	2.5.2
`org.apache.kafka:kafka-clients`	CVE-2024-31141	MEDIUM	2.8.1	3.7.1
`org.apache.kafka:kafka-clients`	CVE-2024-31141	MEDIUM	2.8.1	3.7.1
`org.apache.mesos:mesos`	CVE-2018-1330	HIGH	1.4.3	1.6.0
`org.apache.thrift:libthrift`	CVE-2019-0205	HIGH	0.12.0	0.13.0
`org.apache.thrift:libthrift`	CVE-2020-13949	HIGH	0.12.0	0.14.0
`org.apache.zookeeper:zookeeper`	CVE-2023-44981	CRITICAL	3.4.8	3.7.2, 3.8.3, 3.9.1
`org.apache.zookeeper:zookeeper`	CVE-2023-44981	CRITICAL	3.4.8	3.7.2, 3.8.3, 3.9.1
`org.apache.zookeeper:zookeeper`	CVE-2017-5637	HIGH	3.4.8	3.4.10, 3.5.3
`org.apache.zookeeper:zookeeper`	CVE-2017-5637	HIGH	3.4.8	3.4.10, 3.5.3
`org.apache.zookeeper:zookeeper`	CVE-2018-8012	HIGH	3.4.8	3.4.10, 3.5.4-beta
`org.apache.zookeeper:zookeeper`	CVE-2018-8012	HIGH	3.4.8	3.4.10, 3.5.4-beta
`org.apache.zookeeper:zookeeper`	CVE-2019-0201	MEDIUM	3.4.8	3.4.14, 3.5.5
`org.apache.zookeeper:zookeeper`	CVE-2019-0201	MEDIUM	3.4.8	3.4.14, 3.5.5
`org.apache.zookeeper:zookeeper`	CVE-2023-44981	CRITICAL	3.6.2	3.7.2, 3.8.3, 3.9.1
`org.apache.zookeeper:zookeeper`	CVE-2023-44981	CRITICAL	3.6.2	3.7.2, 3.8.3, 3.9.1
`org.apache.zookeeper:zookeeper`	CVE-2024-23944	MEDIUM	3.6.2	3.8.4, 3.9.2
`org.apache.zookeeper:zookeeper`	CVE-2024-23944	MEDIUM	3.6.2	3.8.4, 3.9.2
`org.eclipse.jetty:jetty-http`	CVE-2023-40167	MEDIUM	9.4.43.v20210629	9.4.52, 10.0.16, 11.0.16, 12.0.1
`org.eclipse.jetty:jetty-http`	CVE-2023-40167	MEDIUM	9.4.43.v20210629	9.4.52, 10.0.16, 11.0.16, 12.0.1
`org.eclipse.jetty:jetty-http`	CVE-2023-40167	MEDIUM	9.4.43.v20210629	9.4.52, 10.0.16, 11.0.16, 12.0.1
`org.eclipse.jetty:jetty-http`	CVE-2024-6763	MEDIUM	9.4.43.v20210629	12.0.12
`org.eclipse.jetty:jetty-http`	CVE-2024-6763	MEDIUM	9.4.43.v20210629	12.0.12
`org.eclipse.jetty:jetty-http`	CVE-2024-6763	MEDIUM	9.4.43.v20210629	12.0.12
`org.eclipse.jetty:jetty-http`	CVE-2022-2047	LOW	9.4.43.v20210629	9.4.47, 10.0.10, 11.0.10
`org.eclipse.jetty:jetty-http`	CVE-2022-2047	LOW	9.4.43.v20210629	9.4.47, 10.0.10, 11.0.10
`org.eclipse.jetty:jetty-http`	CVE-2022-2047	LOW	9.4.43.v20210629	9.4.47, 10.0.10, 11.0.10
`org.eclipse.jetty:jetty-http`	CVE-2023-40167	MEDIUM	9.4.48.v20220622	9.4.52, 10.0.16, 11.0.16, 12.0.1
`org.eclipse.jetty:jetty-http`	CVE-2024-6763	MEDIUM	9.4.48.v20220622	12.0.12
`org.eclipse.jetty:jetty-server`	CVE-2023-26048	MEDIUM	9.4.48.v20220622	9.4.51.v20230217, 10.0.14, 11.0.14
`org.eclipse.jetty:jetty-server`	CVE-2024-8184	MEDIUM	9.4.48.v20220622	12.0.9, 10.0.24, 11.0.24, 9.4.56
`org.eclipse.jetty:jetty-server`	CVE-2023-26049	LOW	9.4.48.v20220622	9.4.51.v20230217, 10.0.14, 11.0.14, 12.0.0.beta0
`org.eclipse.jetty:jetty-servlets`	CVE-2024-9823	MEDIUM	9.4.48.v20220622	9.4.54, 10.0.18, 11.0.18
`org.eclipse.jetty:jetty-servlets`	CVE-2023-36479	LOW	9.4.48.v20220622	9.4.52, 10.0.16, 11.0.16
`org.eclipse.jetty:jetty-xml`	GHSA-58qw-p7qm-5rvh	LOW	9.4.43.v20210629	10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823
`org.eclipse.jetty:jetty-xml`	GHSA-58qw-p7qm-5rvh	LOW	9.4.43.v20210629	10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823
`org.eclipse.jetty:jetty-xml`	GHSA-58qw-p7qm-5rvh	LOW	9.4.43.v20210629	10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823
`org.hibernate.validator:hibernate-validator`	CVE-2020-10693	MEDIUM	6.0.13.Final	6.1.5.Final, 6.0.20.Final
`org.hibernate.validator:hibernate-validator`	CVE-2020-10693	MEDIUM	6.0.13.Final	6.1.5.Final, 6.0.20.Final
`org.hibernate.validator:hibernate-validator`	CVE-2020-10693	MEDIUM	6.0.13.Final	6.1.5.Final, 6.0.20.Final
`org.hibernate.validator:hibernate-validator`	CVE-2023-1932	MEDIUM	6.0.13.Final	6.2.0.Final
`org.hibernate.validator:hibernate-validator`	CVE-2023-1932	MEDIUM	6.0.13.Final	6.2.0.Final
`org.hibernate.validator:hibernate-validator`	CVE-2023-1932	MEDIUM	6.0.13.Final	6.2.0.Final
`org.infinispan.protostream:protostream`	CVE-2023-5236	HIGH	4.6.0.Final	4.6.2.Final
`org.infinispan.protostream:protostream`	CVE-2023-5236	HIGH	4.6.0.Final	4.6.2.Final
`org.infinispan.protostream:protostream`	CVE-2023-5236	HIGH	4.6.0.Final	4.6.2.Final
`org.infinispan:infinispan-commons`	CVE-2023-5384	MEDIUM	14.0.5.Final	15.0.0.Dev07, 14.0.25.Final
`org.infinispan:infinispan-commons`	CVE-2023-5384	MEDIUM	14.0.5.Final	15.0.0.Dev07, 14.0.25.Final
`org.infinispan:infinispan-commons`	CVE-2023-5384	MEDIUM	14.0.5.Final	15.0.0.Dev07, 14.0.25.Final
`org.infinispan:infinispan-core`	CVE-2023-5384	MEDIUM	14.0.5.Final	15.0.0.Dev07, 14.0.25.Final
`org.infinispan:infinispan-core`	CVE-2023-5384	MEDIUM	14.0.5.Final	15.0.0.Dev07, 14.0.25.Final
`org.infinispan:infinispan-core`	CVE-2023-5384	MEDIUM	14.0.5.Final	15.0.0.Dev07, 14.0.25.Final
`org.json:json`	CVE-2022-45688	HIGH	20220924	20230227
`org.json:json`	CVE-2022-45688	HIGH	20220924	20230227
`org.json:json`	CVE-2022-45688	HIGH	20220924	20230227
`org.json:json`	CVE-2023-5072	HIGH	20220924	20231013
`org.json:json`	CVE-2023-5072	HIGH	20220924	20231013
`org.json:json`	CVE-2023-5072	HIGH	20220924	20231013
`org.xerial.snappy:snappy-java`	CVE-2023-34455	HIGH	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34455	HIGH	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34455	HIGH	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-43642	HIGH	1.1.8.4	1.1.10.4
`org.xerial.snappy:snappy-java`	CVE-2023-43642	HIGH	1.1.8.4	1.1.10.4
`org.xerial.snappy:snappy-java`	CVE-2023-43642	HIGH	1.1.8.4	1.1.10.4
`org.xerial.snappy:snappy-java`	CVE-2023-34453	MEDIUM	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34453	MEDIUM	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34453	MEDIUM	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34454	MEDIUM	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34454	MEDIUM	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34454	MEDIUM	1.1.8.4	1.1.10.1
`org.yaml:snakeyaml`	CVE-2022-1471	HIGH	1.31	2.0
`org.yaml:snakeyaml`	CVE-2022-38752	MEDIUM	1.31	1.32
`org.yaml:snakeyaml`	CVE-2022-41854	MEDIUM	1.31	1.32
`software.amazon.ion:ion-java`	CVE-2024-21634	HIGH	1.0.2	1.10.5

No Misconfigurations found

`Python`

1 known vulnerabilities found (LOW: 0 CRITICAL: 0 HIGH: 1 MEDIUM: 0)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`setuptools`	CVE-2024-6345	HIGH	68.2.2	70.0.0

No Misconfigurations found

`opt/bitnami/java`

No Vulnerabilities found

No Misconfigurations found

`opt/bitnami/python`

15 known vulnerabilities found (LOW: 1 CRITICAL: 1 HIGH: 7 MEDIUM: 6)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`python`	CVE-2023-36632	HIGH	3.10.13-20	3.11.4
`python`	CVE-2023-6597	HIGH	3.10.13-20	3.8.19, 3.9.19, 3.10.14, 3.11.8, 3.12.1
`python`	CVE-2024-0397	HIGH	3.10.13-20	3.8.20, 3.9.20, 3.10.14, 3.11.9, 3.12.3
`python`	CVE-2024-4032	HIGH	3.10.13-20	3.8.20, 3.9.20, 3.10.15, 3.11.10, 3.12.4
`python`	CVE-2024-6232	HIGH	3.10.13-20	3.12.6, 3.11.10, 3.10.15, 3.9.20, 3.8.20
`python`	CVE-2024-7592	HIGH	3.10.13-20	3.12.6, 3.11.10, 3.10.15, 3.9.20, 3.8.20
`python`	CVE-2023-27043	MEDIUM	3.10.13-20	3.8.20, 3.12.6, 3.11.10, 3.10.15, 3.9.20
`python`	CVE-2024-0450	MEDIUM	3.10.13-20	3.8.19, 3.9.19, 3.10.14, 3.11.8, 3.12.2
`python`	CVE-2024-50602	MEDIUM	3.10.13-20	3.13.1, 3.12.8, 3.11.11, 3.10.16, 3.9.21
`python`	CVE-2024-6923	MEDIUM	3.10.13-20	3.8.20, 3.9.20, 3.10.15, 3.11.10, 3.12.5
`python`	CVE-2024-8088	MEDIUM	3.10.13-20	3.8.20, 3.9.20, 3.10.15, 3.11.10, 3.12.6
`python`	CVE-2024-9287	MEDIUM	3.10.13-20	3.9.21, 3.10.16, 3.11.11, 3.12.8, 3.13.1
`python`	CVE-2024-11168	LOW	3.10.13-20	3.9.21, 3.10.16, 3.11.4
`setuptools`	CVE-2024-6345	HIGH	68.2.2	70.0.0
`virtualenv`	CVE-2024-53899	CRITICAL	20.25.1	20.26.6

No Misconfigurations found

`opt/bitnami/spark`

No Vulnerabilities found

No Misconfigurations found

renovate bot force-pushed the renovate/github-actions branch from 2ca06b1 to 83ea8e0 Compare December 3, 2024 14:31

renovate bot force-pushed the renovate/github-actions branch 2 times, most recently from befad5f to c9360f6 Compare December 13, 2024 01:20

chore(deps): update github-actions

8fd13fb

renovate bot force-pushed the renovate/github-actions branch from c9360f6 to 8fd13fb Compare December 20, 2024 21:12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update github-actions #216

chore(deps): update github-actions #216

renovate bot commented Dec 1, 2024 •

edited

Loading

github-actions bot commented Dec 1, 2024 •

edited

Loading

github-actions bot commented Dec 20, 2024

github-actions bot commented Dec 20, 2024

chore(deps): update github-actions #216

Are you sure you want to change the base?

chore(deps): update github-actions #216

Conversation

renovate bot commented Dec 1, 2024 • edited Loading

Release Notes

CodeQL Action Changelog

2.27.9 - 12 Dec 2024

CodeQL Action Changelog

2.27.7 - 10 Dec 2024

CodeQL Action Changelog

2.27.6 - 03 Dec 2024

CodeQL Action Changelog

2.27.5 - 19 Nov 2024

Miscellaneous Chores

Miscellaneous Chores

Configuration

github-actions bot commented Dec 1, 2024 • edited Loading

🦙 MegaLinter status: ❌ ERROR

github-actions bot commented Dec 20, 2024

Trivy image scan report

ghcr.io/bzkf/onco-analytics-on-fhir/decompose-xmls:pr-216 (debian 12.7)

8 known vulnerabilities found (CRITICAL: 2 HIGH: 2 MEDIUM: 2 LOW: 2)

No Misconfigurations found

Python

No Vulnerabilities found

No Misconfigurations found

github-actions bot commented Dec 20, 2024

Trivy image scan report

ghcr.io/bzkf/onco-analytics-on-fhir/obds-fhir-to-opal:pr-216 (debian 12.5)

53 known vulnerabilities found (HIGH: 21 MEDIUM: 24 LOW: 4 CRITICAL: 4)

No Misconfigurations found

Java

296 known vulnerabilities found (CRITICAL: 22 HIGH: 151 MEDIUM: 100 LOW: 23)

No Misconfigurations found

Python

1 known vulnerabilities found (LOW: 0 CRITICAL: 0 HIGH: 1 MEDIUM: 0)

No Misconfigurations found

opt/bitnami/java

No Vulnerabilities found

No Misconfigurations found

opt/bitnami/python

15 known vulnerabilities found (LOW: 1 CRITICAL: 1 HIGH: 7 MEDIUM: 6)

No Misconfigurations found

opt/bitnami/spark

No Vulnerabilities found

No Misconfigurations found

renovate bot commented Dec 1, 2024 •

edited

Loading

github-actions bot commented Dec 1, 2024 •

edited

Loading

`ghcr.io/bzkf/onco-analytics-on-fhir/decompose-xmls:pr-216 (debian 12.7)`

`Python`

`ghcr.io/bzkf/onco-analytics-on-fhir/obds-fhir-to-opal:pr-216 (debian 12.5)`

`Java`

`Python`

`opt/bitnami/java`

`opt/bitnami/python`

`opt/bitnami/spark`