This repository has been archived by the owner on Jul 29, 2024. It is now read-only.

fix(stack): change compose deployment config #225

Annotations

44 warnings

Unexpected input(s) 'debug', 'acs-report-enable', valid inputs are ['image', 'path', 'sbom', 'fail-build', 'output-format', 'severity-cutoff', 'only-fixed', 'add-cpes-if-none', 'by-cve', 'grype-version']

Failed minimum severity level. Found vulnerabilities with level 'medium' or higher

Vulnerability GHSA-22wj-vf5f-wrvj Severity: high Package: h2 Version: 2.1.214 Fix Version: 2.2.220 Type: java-archive Location: /app/spring-boot-application.jar:BOOT-INF/lib/h2-2.1.214.jar Data Namespace: github:language:java Link: [GHSA-22wj-vf5f-wrvj](https://github.com/advisories/GHSA-22wj-vf5f-wrvj)

Vulnerability GHSA-3h6f-g5f3-gc4w Severity: critical Package: spring-security-config Version: 5.7.8 Fix Version: 5.7.10 Type: java-archive Location: /app/spring-boot-application.jar:BOOT-INF/lib/spring-security-config-5.7.8.jar Data Namespace: github:language:java Link: [GHSA-3h6f-g5f3-gc4w](https://github.com/advisories/GHSA-3h6f-g5f3-gc4w)

Vulnerability GHSA-3mc7-4q67-w48m Severity: high Package: snakeyaml Version: 1.30 Fix Version: 1.31 Type: java-archive Location: /app/spring-boot-application.jar:BOOT-INF/lib/snakeyaml-1.30.jar Data Namespace: github:language:java Link: [GHSA-3mc7-4q67-w48m](https://github.com/advisories/GHSA-3mc7-4q67-w48m)

Vulnerability GHSA-493p-pfq6-5258 Severity: high Package: json-smart Version: 2.4.8 Fix Version: 2.4.9 Type: java-archive Location: /app/spring-boot-application.jar:BOOT-INF/lib/nimbus-jose-jwt-9.22.jar Data Namespace: github:language:java Link: [GHSA-493p-pfq6-5258](https://github.com/advisories/GHSA-493p-pfq6-5258)

Vulnerability GHSA-4jq9-2xhw-jpx7 Severity: high Package: json Version: 20230227 Fix Version: 20231013 Type: java-archive Location: /app/spring-boot-application.jar:BOOT-INF/lib/json-20230227.jar Data Namespace: github:language:java Link: [GHSA-4jq9-2xhw-jpx7](https://github.com/advisories/GHSA-4jq9-2xhw-jpx7)

Vulnerability GHSA-4wrc-f8pq-fpqp Severity: critical Package: spring-web Version: 5.3.27 Fix Version: 6.0.0 Type: java-archive Location: /app/spring-boot-application.jar:BOOT-INF/lib/spring-web-5.3.27.jar Data Namespace: github:language:java Link: [GHSA-4wrc-f8pq-fpqp](https://github.com/advisories/GHSA-4wrc-f8pq-fpqp)

Vulnerability GHSA-mjmj-j48q-9wg2 Severity: high Package: snakeyaml Version: 1.30 Fix Version: 2.0 Type: java-archive Location: /app/spring-boot-application.jar:BOOT-INF/lib/snakeyaml-1.30.jar Data Namespace: github:language:java Link: [GHSA-mjmj-j48q-9wg2](https://github.com/advisories/GHSA-mjmj-j48q-9wg2)

Vulnerability GHSA-vmq6-5m68-f53m Severity: high Package: logback-classic Version: 1.2.12 Fix Version: 1.2.13 Type: java-archive Location: /app/spring-boot-application.jar:BOOT-INF/lib/logback-classic-1.2.12.jar Data Namespace: github:language:java Link: [GHSA-vmq6-5m68-f53m](https://github.com/advisories/GHSA-vmq6-5m68-f53m)

Vulnerability GHSA-vmq6-5m68-f53m Severity: high Package: logback-core Version: 1.2.12 Fix Version: 1.2.13 Type: java-archive Location: /app/spring-boot-application.jar:BOOT-INF/lib/logback-core-1.2.12.jar Data Namespace: github:language:java Link: [GHSA-vmq6-5m68-f53m](https://github.com/advisories/GHSA-vmq6-5m68-f53m)

Vulnerability GHSA-xpw8-rcwv-8f8p Severity: high Package: netty-codec-http2 Version: 4.1.92.Final Fix Version: 4.1.100.Final Type: java-archive Location: /app/spring-boot-application.jar:BOOT-INF/lib/netty-codec-http2-4.1.92.Final.jar Data Namespace: github:language:java Link: [GHSA-xpw8-rcwv-8f8p](https://github.com/advisories/GHSA-xpw8-rcwv-8f8p)

Failed minimum severity level. Found vulnerabilities with level 'medium' or higher

Vulnerability GHSA-vmq6-5m68-f53m Severity: high Package: logback-classic Version: 1.4.11 Fix Version: 1.4.12 Type: java-archive Location: /app/spring-boot-application.jar:BOOT-INF/lib/logback-classic-1.4.11.jar Data Namespace: github:language:java Link: [GHSA-vmq6-5m68-f53m](https://github.com/advisories/GHSA-vmq6-5m68-f53m)

Vulnerability GHSA-vmq6-5m68-f53m Severity: high Package: logback-core Version: 1.4.11 Fix Version: 1.4.12 Type: java-archive Location: /app/spring-boot-application.jar:BOOT-INF/lib/logback-core-1.4.11.jar Data Namespace: github:language:java Link: [GHSA-vmq6-5m68-f53m](https://github.com/advisories/GHSA-vmq6-5m68-f53m)

Vulnerability CVE-2017-16932 Severity: high Package: libxml2 Version: 2.9.4+dfsg1-7+deb10u2 Fix Version: Type: deb Location: /usr/share/doc/libxml2/copyright Data Namespace: debian:distro:debian:10 Link: [CVE-2017-16932](https://security-tracker.debian.org/tracker/CVE-2017-16932)

Vulnerability CVE-2017-6363 Severity: high Package: libgd3 Version: 2.2.5-5.2 Fix Version: Type: deb Location: /usr/share/doc/libgd3/copyright Data Namespace: debian:distro:debian:10 Link: [CVE-2017-6363](https://security-tracker.debian.org/tracker/CVE-2017-6363)

Vulnerability CVE-2018-12886 Severity: high Package: gcc-8-base Version: 8.3.0-6 Fix Version: Type: deb Location: /usr/share/doc/gcc-8-base/copyright Data Namespace: debian:distro:debian:10 Link: [CVE-2018-12886](https://security-tracker.debian.org/tracker/CVE-2018-12886)

Vulnerability CVE-2018-12886 Severity: high Package: libgcc1 Version: 1:8.3.0-6 Fix Version: Type: deb Location: /usr/share/doc/libgcc1/copyright Data Namespace: debian:distro:debian:10 Link: [CVE-2018-12886](https://security-tracker.debian.org/tracker/CVE-2018-12886)

Vulnerability CVE-2018-12886 Severity: high Package: libstdc++6 Version: 8.3.0-6 Fix Version: Type: deb Location: /usr/share/doc/libstdc++6/copyright Data Namespace: debian:distro:debian:10 Link: [CVE-2018-12886](https://security-tracker.debian.org/tracker/CVE-2018-12886)

Vulnerability CVE-2018-25032 Severity: high Package: zlib1g Version: 1:1.2.11.dfsg-1 Fix Version: 1:1.2.11.dfsg-1+deb10u1 Type: deb Location: /usr/share/doc/zlib1g/copyright Data Namespace: debian:distro:debian:10 Link: [CVE-2018-25032](https://security-tracker.debian.org/tracker/CVE-2018-25032)

Vulnerability CVE-2019-12290 Severity: high Package: libidn2-0 Version: 2.0.5-1+deb10u1 Fix Version: Type: deb Location: /usr/share/doc/libidn2-0/copyright Data Namespace: debian:distro:debian:10 Link: [CVE-2019-12290](https://security-tracker.debian.org/tracker/CVE-2019-12290)

Vulnerability CVE-2019-13115 Severity: high Package: libssh2-1 Version: 1.8.0-2.1 Fix Version: 1.8.0-2.1+deb10u1 Type: deb Location: /usr/share/doc/libssh2-1/copyright Data Namespace: debian:distro:debian:10 Link: [CVE-2019-13115](https://security-tracker.debian.org/tracker/CVE-2019-13115)

Vulnerability CVE-2019-15847 Severity: high Package: gcc-8-base Version: 8.3.0-6 Fix Version: Type: deb Location: /usr/share/doc/gcc-8-base/copyright Data Namespace: debian:distro:debian:10 Link: [CVE-2019-15847](https://security-tracker.debian.org/tracker/CVE-2019-15847)

Vulnerability CVE-2019-15847 Severity: high Package: libgcc1 Version: 1:8.3.0-6 Fix Version: Type: deb Location: /usr/share/doc/libgcc1/copyright Data Namespace: debian:distro:debian:10 Link: [CVE-2019-15847](https://security-tracker.debian.org/tracker/CVE-2019-15847)

Vulnerability GHSA-mjmj-j48q-9wg2 Severity: high Package: snakeyaml Version: 1.33 Fix Version: 2.0 Type: java-archive Location: /app/spring-boot-application.jar:BOOT-INF/lib/snakeyaml-1.33.jar Data Namespace: github:language:java Link: [GHSA-mjmj-j48q-9wg2](https://github.com/advisories/GHSA-mjmj-j48q-9wg2)

Vulnerability GHSA-v94h-hvhg-mf9h Severity: high Package: spring-webmvc Version: 6.0.9 Fix Version: 6.0.14 Type: java-archive Location: /app/spring-boot-application.jar:BOOT-INF/lib/spring-webmvc-6.0.9.jar Data Namespace: github:language:java Link: [GHSA-v94h-hvhg-mf9h](https://github.com/advisories/GHSA-v94h-hvhg-mf9h)

Vulnerability GHSA-vmq6-5m68-f53m Severity: high Package: logback-classic Version: 1.4.7 Fix Version: 1.4.12 Type: java-archive Location: /app/spring-boot-application.jar:BOOT-INF/lib/logback-classic-1.4.7.jar Data Namespace: github:language:java Link: [GHSA-vmq6-5m68-f53m](https://github.com/advisories/GHSA-vmq6-5m68-f53m)

Vulnerability GHSA-vmq6-5m68-f53m Severity: high Package: logback-core Version: 1.4.7 Fix Version: 1.4.12 Type: java-archive Location: /app/spring-boot-application.jar:BOOT-INF/lib/logback-core-1.4.7.jar Data Namespace: github:language:java Link: [GHSA-vmq6-5m68-f53m](https://github.com/advisories/GHSA-vmq6-5m68-f53m)

Vulnerability GHSA-3mc7-4q67-w48m Severity: high Package: snakeyaml Version: 1.30 Fix Version: 1.31 Type: java-archive Location: /deployments/spring-boot-application.jar:BOOT-INF/lib/snakeyaml-1.30.jar Data Namespace: github:language:java Link: [GHSA-3mc7-4q67-w48m](https://github.com/advisories/GHSA-3mc7-4q67-w48m)

Vulnerability GHSA-4wrc-f8pq-fpqp Severity: critical Package: spring-web Version: 5.3.27 Fix Version: 6.0.0 Type: java-archive Location: /deployments/spring-boot-application.jar:BOOT-INF/lib/spring-web-5.3.27.jar Data Namespace: github:language:java Link: [GHSA-4wrc-f8pq-fpqp](https://github.com/advisories/GHSA-4wrc-f8pq-fpqp)

Vulnerability GHSA-55g7-9cwv-5qfv Severity: high Package: snappy-java Version: 1.1.10.1 Fix Version: 1.1.10.4 Type: java-archive Location: /deployments/spring-boot-application.jar:BOOT-INF/lib/snappy-java-1.1.10.1.jar Data Namespace: github:language:java Link: [GHSA-55g7-9cwv-5qfv](https://github.com/advisories/GHSA-55g7-9cwv-5qfv)

Vulnerability GHSA-crqf-q9fp-hwjw Severity: high Package: spring-kafka Version: 2.8.11 Fix Version: 2.9.11 Type: java-archive Location: /deployments/spring-boot-application.jar:BOOT-INF/lib/spring-kafka-2.8.11.jar Data Namespace: github:language:java Link: [GHSA-crqf-q9fp-hwjw](https://github.com/advisories/GHSA-crqf-q9fp-hwjw)

Vulnerability GHSA-mjmj-j48q-9wg2 Severity: high Package: snakeyaml Version: 1.30 Fix Version: 2.0 Type: java-archive Location: /deployments/spring-boot-application.jar:BOOT-INF/lib/snakeyaml-1.30.jar Data Namespace: github:language:java Link: [GHSA-mjmj-j48q-9wg2](https://github.com/advisories/GHSA-mjmj-j48q-9wg2)

Vulnerability GHSA-vmq6-5m68-f53m Severity: high Package: logback-classic Version: 1.2.12 Fix Version: 1.2.13 Type: java-archive Location: /deployments/spring-boot-application.jar:BOOT-INF/lib/logback-classic-1.2.12.jar Data Namespace: github:language:java Link: [GHSA-vmq6-5m68-f53m](https://github.com/advisories/GHSA-vmq6-5m68-f53m)

Vulnerability GHSA-vmq6-5m68-f53m Severity: high Package: logback-core Version: 1.2.12 Fix Version: 1.2.13 Type: java-archive Location: /deployments/spring-boot-application.jar:BOOT-INF/lib/logback-core-1.2.12.jar Data Namespace: github:language:java Link: [GHSA-vmq6-5m68-f53m](https://github.com/advisories/GHSA-vmq6-5m68-f53m)

Failed minimum severity level. Found vulnerabilities with level 'medium' or higher

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(stack): change compose deployment config #225

build_miranum_platform

fix(stack): change compose deployment config #225

Jobs

Run details

Annotations

The logs for this run have expired and are no longer available.

Re-running jobs...