Scanning of pom files leads to wrong transitive dependencies #4458

yinonsh-orca · 2023-05-24T08:18:15Z

yinonsh-orca
May 24, 2023

Description

We use trivy to scan maven pom files using trivy -d fs <Directory>.

For some of the transitive dependencies, it seems to resolve to a wrong version (which often doesnt exist/found), and doesnt scan our used versions. We also compared the trivy log with the one generated by mvn dependency:tree to confirm such differences.

For the attached pom, here are a few examples of wrong transitive dependencies:

For org.apache.logging.log4j:log4j-slf4j-impl, we use version 2.17.1 but the scanned version is 23 (which is not found)
Same goes for org.apache.logging.log4j:log4j-core and org.apache.logging.log4j:log4j-jul
For org.glassfish.jersey.containers:jersey-container-servlet-core we use version 2.30 but the scanned version is 1.0.5 (which is not found)
For org.apache.parquet:parquet-jackson we use version 1.8.3 and not version 16 (which is not found)
For org.apache.curator:curator-framework we use version 2.6.0 and not version 14 (which is not found)
etc

Note also that:

This can lead to false positive/negative as well.
Since many of the artifacts are not found on maven repo, it leads to slower scan. On our tests it took over 2m instead of expected less than 1m.
We're using latest go-dep-parser
The issue is somewhat similar to the one described here: Dependency appears in Trivy but not when running maven tree. #4272

Desired Behavior

The desired behavior is to scan the correct transitive dependencies, and not to scan wrong dependencies

Actual Behavior

The actual behavior is that expected transitive dependencies are not scanned, while wrong dependencies are scanned, which may lead to false/positive negatives, and also slows down the scan.

Reproduction Steps

1. Copy the attached pom to a ~/tmp/pom-dir
2. `cd ~/tmp/pom-dir`
3. run `trivy  -d fs ~/tmp/pom-dir`

Target

Filesystem

Scanner

Vulnerability

Output Format

None

Mode

None

Debug Output

❯❯❯ ./trivy  -d fs ~/tmp/a                                                                                                                                                    2023-05-24T11:09:16.230+0300	DEBUG	Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2023-05-24T11:09:16.233+0300	DEBUG	cache dir:  /Users/yinonsharifi/Library/Caches/trivy
2023-05-24T11:09:16.233+0300	DEBUG	DB update was skipped because the local DB is the latest
2023-05-24T11:09:16.233+0300	DEBUG	DB Schema: 2, UpdatedAt: 2023-05-24 06:08:25.56543888 +0000 UTC, NextUpdate: 2023-05-24 12:08:25.56543838 +0000 UTC, DownloadedAt: 2023-05-24 07:13:33.791492 +0000 UTC
2023-05-24T11:09:16.233+0300	INFO	Vulnerability scanning is enabled
2023-05-24T11:09:16.233+0300	DEBUG	Vulnerability type:  [os library]
2023-05-24T11:09:16.233+0300	INFO	Secret scanning is enabled
2023-05-24T11:09:16.233+0300	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-05-24T11:09:16.233+0300	INFO	Please see also https://aquasecurity.github.io/trivy/dev/docs/secret/scanning/#recommendation for faster secret detection
2023-05-24T11:09:16.233+0300	DEBUG	No secret config detected: trivy-secret.yaml
2023-05-24T11:09:16.233+0300	DEBUG	Walk the file tree rooted at '/Users/yinonsharifi/tmp/a' in parallel
2023-05-24T11:09:16.234+0300	DEBUG	Start parent: org.springframework.boot:spring-boot-starter-parent:2.3.12.RELEASE
2023-05-24T11:09:16.597+0300	DEBUG	Start parent: org.springframework.boot:spring-boot-dependencies:2.3.12.RELEASE
2023-05-24T11:09:16.797+0300	DEBUG	Exit parent: org.springframework.boot:spring-boot-dependencies:2.3.12.RELEASE
2023-05-24T11:09:16.799+0300	DEBUG	Exit parent: org.springframework.boot:spring-boot-starter-parent:2.3.12.RELEASE
2023-05-24T11:09:16.801+0300	DEBUG	Resolving com.datastax.oss:java-driver-bom:4.6.1...
2023-05-24T11:09:16.868+0300	DEBUG	Resolving io.dropwizard.metrics:metrics-bom:4.1.22...
2023-05-24T11:09:16.936+0300	DEBUG	Start parent: io.dropwizard.metrics:metrics-parent:4.1.22
2023-05-24T11:09:17.008+0300	DEBUG	Exit parent: io.dropwizard.metrics:metrics-parent:4.1.22
2023-05-24T11:09:17.009+0300	DEBUG	Resolving org.codehaus.groovy:groovy-bom:2.5.14...
2023-05-24T11:09:17.082+0300	DEBUG	Resolving com.fasterxml.jackson:jackson-bom:2.11.4...
2023-05-24T11:09:17.152+0300	DEBUG	Start parent: com.fasterxml.jackson:jackson-parent:2.11
2023-05-24T11:09:17.219+0300	DEBUG	Start parent: com.fasterxml:oss-parent:38
2023-05-24T11:09:17.292+0300	DEBUG	Exit parent: com.fasterxml:oss-parent:38
2023-05-24T11:09:17.292+0300	DEBUG	Exit parent: com.fasterxml.jackson:jackson-parent:2.11
2023-05-24T11:09:17.294+0300	DEBUG	Resolving org.glassfish.jersey:jersey-bom:2.30.1...
2023-05-24T11:09:17.365+0300	DEBUG	Start parent: org.eclipse.ee4j:project:1.0.5
2023-05-24T11:09:17.435+0300	DEBUG	Exit parent: org.eclipse.ee4j:project:1.0.5
2023-05-24T11:09:17.436+0300	DEBUG	Resolving org.eclipse.jetty:jetty-bom:9.4.42.v20210604...
2023-05-24T11:09:17.512+0300	DEBUG	Resolving org.junit:junit-bom:5.6.3...
2023-05-24T11:09:17.581+0300	DEBUG	Resolving org.jetbrains.kotlin:kotlin-bom:1.3.72...
2023-05-24T11:09:17.651+0300	DEBUG	Resolving org.jetbrains.kotlinx:kotlinx-coroutines-bom:1.3.8...
2023-05-24T11:09:17.719+0300	DEBUG	Resolving org.apache.logging.log4j:log4j-bom:2.17.1...
2023-05-24T11:09:17.788+0300	DEBUG	Start parent: org.apache.logging:logging-parent:3
2023-05-24T11:09:17.855+0300	DEBUG	Start parent: org.apache:apache:23
2023-05-24T11:09:17.926+0300	DEBUG	Exit parent: org.apache:apache:23
2023-05-24T11:09:17.926+0300	DEBUG	Exit parent: org.apache.logging:logging-parent:3
2023-05-24T11:09:17.928+0300	DEBUG	Resolving io.micrometer:micrometer-bom:1.5.14...
2023-05-24T11:09:17.996+0300	DEBUG	Resolving io.netty:netty-bom:4.1.65.Final...
2023-05-24T11:09:18.065+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:09:18.133+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:09:18.134+0300	DEBUG	Resolving io.r2dbc:r2dbc-bom:Arabba-SR10...
2023-05-24T11:09:18.202+0300	DEBUG	Resolving io.projectreactor:reactor-bom:Dysprosium-SR20...
2023-05-24T11:09:18.300+0300	DEBUG	Resolving io.rsocket:rsocket-bom:1.0.5...
2023-05-24T11:09:18.368+0300	DEBUG	Resolving org.springframework.data:spring-data-releasetrain:Neumann-SR9...
2023-05-24T11:09:18.435+0300	DEBUG	Start parent: org.springframework.data.build:spring-data-build:2.3.9.RELEASE
2023-05-24T11:09:18.506+0300	DEBUG	Exit parent: org.springframework.data.build:spring-data-build:2.3.9.RELEASE
2023-05-24T11:09:18.508+0300	DEBUG	Resolving org.springframework:spring-framework-bom:5.2.15.RELEASE...
2023-05-24T11:09:18.576+0300	DEBUG	Resolving org.springframework.integration:spring-integration-bom:5.3.8.RELEASE...
2023-05-24T11:09:18.645+0300	DEBUG	Resolving org.springframework.security:spring-security-bom:5.3.9.RELEASE...
2023-05-24T11:09:18.713+0300	DEBUG	Resolving org.springframework.session:spring-session-bom:Dragonfruit-SR3...
2023-05-24T11:09:18.795+0300	DEBUG	Resolving org.springframework.boot:spring-boot-starter-web:2.3.12.RELEASE...
2023-05-24T11:09:18.863+0300	DEBUG	Resolving org.springframework.boot:spring-boot-starter-data-jpa:2.3.12.RELEASE...
2023-05-24T11:09:18.931+0300	DEBUG	Resolving org.springframework.boot:spring-boot-starter-log4j2:2.3.12.RELEASE...
2023-05-24T11:09:19.000+0300	DEBUG	Resolving com.google.code.gson:gson:2.8.7...
2023-05-24T11:09:19.067+0300	DEBUG	Start parent: com.google.code.gson:gson-parent:2.8.7
2023-05-24T11:09:19.134+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:09:19.135+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:09:19.135+0300	DEBUG	Exit parent: com.google.code.gson:gson-parent:2.8.7
2023-05-24T11:09:19.135+0300	DEBUG	Resolving org.json:json:20180130...
2023-05-24T11:09:19.213+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:9
2023-05-24T11:09:19.282+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:9
2023-05-24T11:09:19.282+0300	DEBUG	Resolving com.microsoft.sqlserver:mssql-jdbc:7.4.1.jre8...
2023-05-24T11:09:19.358+0300	DEBUG	Resolving org.springframework.boot:spring-boot-starter-jdbc:2.3.12.RELEASE...
2023-05-24T11:09:19.427+0300	DEBUG	Resolving com.oracle.ojdbc:ojdbc8:19.3.0.0...
2023-05-24T11:09:19.496+0300	DEBUG	Resolving org.apache.spark:spark-sql_2.11:2.3.1...
2023-05-24T11:09:19.567+0300	DEBUG	Start parent: org.apache.spark:spark-parent_2.11:2.3.1
2023-05-24T11:09:19.656+0300	DEBUG	Start parent: org.apache:apache:18
2023-05-24T11:09:19.727+0300	DEBUG	Exit parent: org.apache:apache:18
2023-05-24T11:09:19.728+0300	DEBUG	Exit parent: org.apache.spark:spark-parent_2.11:2.3.1
2023-05-24T11:09:19.734+0300	DEBUG	Resolving io.springfox:springfox-swagger2:2.8.0...
2023-05-24T11:09:19.810+0300	DEBUG	Resolving io.springfox:springfox-swagger-ui:2.8.0...
2023-05-24T11:09:19.878+0300	DEBUG	Resolving org.apache.tomcat:tomcat-dbcp:9.0.17...
2023-05-24T11:09:19.946+0300	DEBUG	Resolving org.apache.commons:commons-text:1.10.0...
2023-05-24T11:09:20.017+0300	DEBUG	Start parent: org.apache.commons:commons-parent:54
2023-05-24T11:09:20.099+0300	DEBUG	Start parent: org.apache:apache:27
2023-05-24T11:09:20.173+0300	DEBUG	Exit parent: org.apache:apache:27
2023-05-24T11:09:20.173+0300	DEBUG	Exit parent: org.apache.commons:commons-parent:54
2023-05-24T11:09:20.174+0300	DEBUG	Resolving org.junit:junit-bom:5.9.1...
2023-05-24T11:09:20.246+0300	DEBUG	Resolving io.lettuce:lettuce-core:6.1.8.RELEASE...
2023-05-24T11:09:20.322+0300	DEBUG	Resolving org.springframework.data:spring-data-redis:2.6.3...
2023-05-24T11:09:20.389+0300	DEBUG	Start parent: org.springframework.data.build:spring-data-parent:2.6.3
2023-05-24T11:09:20.465+0300	DEBUG	Start parent: org.springframework.data.build:spring-data-build:2.6.3
2023-05-24T11:09:20.532+0300	DEBUG	Exit parent: org.springframework.data.build:spring-data-build:2.6.3
2023-05-24T11:09:20.533+0300	DEBUG	Resolving io.projectreactor:reactor-bom:2020.0.17...
2023-05-24T11:09:20.600+0300	DEBUG	Resolving org.springframework:spring-framework-bom:5.3.17...
2023-05-24T11:09:20.670+0300	DEBUG	Resolving org.jetbrains.kotlin:kotlin-bom:1.5.32...
2023-05-24T11:09:20.739+0300	DEBUG	Resolving org.jetbrains.kotlinx:kotlinx-coroutines-bom:1.5.2...
2023-05-24T11:09:20.806+0300	DEBUG	Resolving com.fasterxml.jackson:jackson-bom:2.13.2...
2023-05-24T11:09:20.875+0300	DEBUG	Start parent: com.fasterxml.jackson:jackson-parent:2.13
2023-05-24T11:09:20.943+0300	DEBUG	Start parent: com.fasterxml:oss-parent:43
2023-05-24T11:09:21.016+0300	DEBUG	Exit parent: com.fasterxml:oss-parent:43
2023-05-24T11:09:21.016+0300	DEBUG	Exit parent: com.fasterxml.jackson:jackson-parent:2.13
2023-05-24T11:09:21.017+0300	DEBUG	Resolving org.junit:junit-bom:5.8.2...
2023-05-24T11:09:21.085+0300	DEBUG	Exit parent: org.springframework.data.build:spring-data-parent:2.6.3
2023-05-24T11:09:21.092+0300	DEBUG	Resolving com.configcat:configcat-java-client:7.0.6...
2023-05-24T11:09:21.160+0300	DEBUG	Resolving org.springframework.boot:spring-boot-starter:2.3.12.RELEASE...
2023-05-24T11:09:21.228+0300	DEBUG	Resolving org.springframework.boot:spring-boot-starter-json:2.3.12.RELEASE...
2023-05-24T11:09:21.297+0300	DEBUG	Resolving org.springframework.boot:spring-boot-starter-tomcat:2.3.12.RELEASE...
2023-05-24T11:09:21.365+0300	DEBUG	Resolving org.springframework:spring-web:5.2.15.RELEASE...
2023-05-24T11:09:21.432+0300	DEBUG	Resolving org.springframework:spring-webmvc:5.2.15.RELEASE...
2023-05-24T11:09:21.500+0300	DEBUG	Resolving org.springframework.boot:spring-boot-starter-aop:2.3.12.RELEASE...
2023-05-24T11:09:21.569+0300	DEBUG	Resolving jakarta.transaction:jakarta.transaction-api:1.3.3...
2023-05-24T11:09:21.639+0300	DEBUG	Start parent: org.eclipse.ee4j:project:1.0.5
2023-05-24T11:09:21.639+0300	DEBUG	Exit parent: org.eclipse.ee4j:project:1.0.5
2023-05-24T11:09:21.640+0300	DEBUG	Resolving jakarta.persistence:jakarta.persistence-api:2.2.3...
2023-05-24T11:09:21.715+0300	DEBUG	Start parent: org.eclipse.ee4j:project:1.0.5
2023-05-24T11:09:21.715+0300	DEBUG	Exit parent: org.eclipse.ee4j:project:1.0.5
2023-05-24T11:09:21.716+0300	DEBUG	Resolving org.hibernate:hibernate-core:5.4.32.Final...
2023-05-24T11:09:21.784+0300	DEBUG	Resolving org.springframework.data:spring-data-jpa:2.3.9.RELEASE...
2023-05-24T11:09:21.856+0300	DEBUG	Start parent: org.springframework.data.build:spring-data-parent:2.3.9.RELEASE
2023-05-24T11:09:21.931+0300	DEBUG	Start parent: org.springframework.data.build:spring-data-build:2.3.9.RELEASE
2023-05-24T11:09:21.931+0300	DEBUG	Exit parent: org.springframework.data.build:spring-data-build:2.3.9.RELEASE
2023-05-24T11:09:21.931+0300	DEBUG	Resolving io.projectreactor:reactor-bom:Dysprosium-SR19...
2023-05-24T11:09:21.999+0300	DEBUG	Resolving org.springframework:spring-framework-bom:5.2.14.RELEASE...
2023-05-24T11:09:22.066+0300	DEBUG	Resolving org.jetbrains.kotlinx:kotlinx-coroutines-bom:1.3.9...
2023-05-24T11:09:22.134+0300	DEBUG	Exit parent: org.springframework.data.build:spring-data-parent:2.3.9.RELEASE
2023-05-24T11:09:22.141+0300	DEBUG	Resolving org.springframework:spring-aspects:5.2.15.RELEASE...
2023-05-24T11:09:22.208+0300	DEBUG	Resolving org.apache.logging.log4j:log4j-slf4j-impl:23...
2023-05-24T11:09:23.619+0300	DEBUG	org.apache.logging.log4j:log4j-slf4j-impl:23 was not found in local/remote repositories
2023-05-24T11:09:23.619+0300	DEBUG	Resolving org.apache.logging.log4j:log4j-core:23...
2023-05-24T11:09:25.020+0300	DEBUG	org.apache.logging.log4j:log4j-core:23 was not found in local/remote repositories
2023-05-24T11:09:25.020+0300	DEBUG	Resolving org.apache.logging.log4j:log4j-jul:23...
2023-05-24T11:09:26.405+0300	DEBUG	org.apache.logging.log4j:log4j-jul:23 was not found in local/remote repositories
2023-05-24T11:09:26.405+0300	DEBUG	Resolving org.slf4j:jul-to-slf4j:1.7.30...
2023-05-24T11:09:26.482+0300	DEBUG	Start parent: org.slf4j:slf4j-parent:1.7.30
2023-05-24T11:09:26.551+0300	DEBUG	Exit parent: org.slf4j:slf4j-parent:1.7.30
2023-05-24T11:09:26.552+0300	DEBUG	Resolving com.zaxxer:HikariCP:3.4.5...
2023-05-24T11:09:26.626+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:9
2023-05-24T11:09:26.626+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:9
2023-05-24T11:09:26.632+0300	DEBUG	Resolving org.springframework:spring-jdbc:5.2.15.RELEASE...
2023-05-24T11:09:26.701+0300	DEBUG	Resolving com.oracle.ojdbc:ucp:19.3.0.0...
2023-05-24T11:09:26.768+0300	DEBUG	Resolving com.oracle.ojdbc:oraclepki:19.3.0.0...
2023-05-24T11:09:26.836+0300	DEBUG	Resolving com.oracle.ojdbc:osdt_cert:19.3.0.0...
2023-05-24T11:09:26.904+0300	DEBUG	Resolving com.oracle.ojdbc:osdt_core:19.3.0.0...
2023-05-24T11:09:26.972+0300	DEBUG	Resolving com.oracle.ojdbc:simplefan:19.3.0.0...
2023-05-24T11:09:27.039+0300	DEBUG	Resolving com.oracle.ojdbc:ons:19.3.0.0...
2023-05-24T11:09:27.108+0300	DEBUG	Resolving org.spark-project.spark:unused:1.0.0...
2023-05-24T11:09:27.174+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:9
2023-05-24T11:09:27.174+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:9
2023-05-24T11:09:27.174+0300	DEBUG	Resolving com.univocity:univocity-parsers:2.5.9...
2023-05-24T11:09:27.249+0300	DEBUG	Resolving org.apache.spark:spark-sketch_2.11:2.3.1...
2023-05-24T11:09:27.316+0300	DEBUG	Start parent: org.apache.spark:spark-parent_2.11:2.3.1
2023-05-24T11:09:27.316+0300	DEBUG	Exit parent: org.apache.spark:spark-parent_2.11:2.3.1
2023-05-24T11:09:27.319+0300	DEBUG	Resolving org.apache.spark:spark-core_2.11:2.3.1...
2023-05-24T11:09:27.394+0300	DEBUG	Start parent: org.apache.spark:spark-parent_2.11:2.3.1
2023-05-24T11:09:27.394+0300	DEBUG	Exit parent: org.apache.spark:spark-parent_2.11:2.3.1
2023-05-24T11:09:27.405+0300	DEBUG	Resolving org.apache.spark:spark-catalyst_2.11:2.3.1...
2023-05-24T11:09:27.473+0300	DEBUG	Start parent: org.apache.spark:spark-parent_2.11:2.3.1
2023-05-24T11:09:27.473+0300	DEBUG	Exit parent: org.apache.spark:spark-parent_2.11:2.3.1
2023-05-24T11:09:27.479+0300	DEBUG	Resolving org.apache.spark:spark-tags_2.11:2.3.1...
2023-05-24T11:09:27.546+0300	DEBUG	Start parent: org.apache.spark:spark-parent_2.11:2.3.1
2023-05-24T11:09:27.546+0300	DEBUG	Exit parent: org.apache.spark:spark-parent_2.11:2.3.1
2023-05-24T11:09:27.549+0300	DEBUG	Resolving org.apache.orc:orc-mapreduce:1.4.4...
2023-05-24T11:09:27.617+0300	DEBUG	Start parent: org.apache.orc:orc:1.4.4
2023-05-24T11:09:27.688+0300	DEBUG	Start parent: org.apache:apache:18
2023-05-24T11:09:27.688+0300	DEBUG	Exit parent: org.apache:apache:18
2023-05-24T11:09:27.689+0300	DEBUG	Exit parent: org.apache.orc:orc:1.4.4
2023-05-24T11:09:27.693+0300	DEBUG	Resolving org.apache.parquet:parquet-column:1.8.3...
2023-05-24T11:09:27.762+0300	DEBUG	Start parent: org.apache.parquet:parquet:1.8.3
2023-05-24T11:09:27.834+0300	DEBUG	Start parent: org.apache:apache:16
2023-05-24T11:09:27.902+0300	DEBUG	Exit parent: org.apache:apache:16
2023-05-24T11:09:27.902+0300	DEBUG	Exit parent: org.apache.parquet:parquet:1.8.3
2023-05-24T11:09:27.904+0300	DEBUG	Resolving org.apache.parquet:parquet-hadoop:1.8.3...
2023-05-24T11:09:27.971+0300	DEBUG	Start parent: org.apache.parquet:parquet:1.8.3
2023-05-24T11:09:27.971+0300	DEBUG	Exit parent: org.apache.parquet:parquet:1.8.3
2023-05-24T11:09:27.974+0300	DEBUG	Resolving org.apache.arrow:arrow-vector:0.8.0...
2023-05-24T11:09:28.043+0300	DEBUG	Start parent: org.apache.arrow:arrow-java-root:0.8.0
2023-05-24T11:09:28.115+0300	DEBUG	Start parent: org.apache:apache:18
2023-05-24T11:09:28.115+0300	DEBUG	Exit parent: org.apache:apache:18
2023-05-24T11:09:28.116+0300	DEBUG	Exit parent: org.apache.arrow:arrow-java-root:0.8.0
2023-05-24T11:09:28.120+0300	DEBUG	Resolving org.apache.xbean:xbean-asm5-shaded:4.4...
2023-05-24T11:09:28.188+0300	DEBUG	Start parent: org.apache.xbean:xbean:4.4
2023-05-24T11:09:28.258+0300	DEBUG	Start parent: org.apache.geronimo.genesis:genesis-java5-flava:2.1
2023-05-24T11:09:28.328+0300	DEBUG	Start parent: org.apache.geronimo.genesis:genesis-default-flava:2.1
2023-05-24T11:09:28.398+0300	DEBUG	Start parent: org.apache.geronimo.genesis:genesis:2.1
2023-05-24T11:09:28.469+0300	DEBUG	Start parent: org.apache:apache:13
2023-05-24T11:09:28.539+0300	DEBUG	Exit parent: org.apache:apache:13
2023-05-24T11:09:28.539+0300	DEBUG	Exit parent: org.apache.geronimo.genesis:genesis:2.1
2023-05-24T11:09:28.539+0300	DEBUG	Exit parent: org.apache.geronimo.genesis:genesis-default-flava:2.1
2023-05-24T11:09:28.539+0300	DEBUG	Exit parent: org.apache.geronimo.genesis:genesis-java5-flava:2.1
2023-05-24T11:09:28.539+0300	DEBUG	Exit parent: org.apache.xbean:xbean:4.4
2023-05-24T11:09:28.540+0300	DEBUG	Resolving io.swagger:swagger-annotations:1.5.14...
2023-05-24T11:09:28.610+0300	DEBUG	Start parent: io.swagger:swagger-project:1.5.14
2023-05-24T11:09:28.681+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:5
2023-05-24T11:09:28.747+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:5
2023-05-24T11:09:28.747+0300	DEBUG	Exit parent: io.swagger:swagger-project:1.5.14
2023-05-24T11:09:28.748+0300	DEBUG	Resolving io.swagger:swagger-models:1.5.14...
2023-05-24T11:09:28.816+0300	DEBUG	Start parent: io.swagger:swagger-project:1.5.14
2023-05-24T11:09:28.816+0300	DEBUG	Exit parent: io.swagger:swagger-project:1.5.14
2023-05-24T11:09:28.820+0300	DEBUG	Resolving io.springfox:springfox-spi:2.8.0...
2023-05-24T11:09:28.887+0300	DEBUG	Resolving io.springfox:springfox-schema:2.8.0...
2023-05-24T11:09:28.956+0300	DEBUG	Resolving io.springfox:springfox-swagger-common:2.8.0...
2023-05-24T11:09:29.040+0300	DEBUG	Resolving io.springfox:springfox-spring-web:2.8.0...
2023-05-24T11:09:29.126+0300	DEBUG	Resolving com.google.guava:guava:20.0...
2023-05-24T11:09:29.193+0300	DEBUG	Start parent: com.google.guava:guava-parent:20.0
2023-05-24T11:09:29.263+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:09:29.263+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:09:29.263+0300	DEBUG	Exit parent: com.google.guava:guava-parent:20.0
2023-05-24T11:09:29.264+0300	DEBUG	Resolving com.fasterxml:classmate:1.5.1...
2023-05-24T11:09:29.331+0300	DEBUG	Start parent: com.fasterxml:oss-parent:35
2023-05-24T11:09:29.403+0300	DEBUG	Exit parent: com.fasterxml:oss-parent:35
2023-05-24T11:09:29.403+0300	DEBUG	Resolving org.slf4j:slf4j-api:1.7.30...
2023-05-24T11:09:29.470+0300	DEBUG	Start parent: org.slf4j:slf4j-parent:1.7.30
2023-05-24T11:09:29.470+0300	DEBUG	Exit parent: org.slf4j:slf4j-parent:1.7.30
2023-05-24T11:09:29.470+0300	DEBUG	Resolving org.springframework.plugin:spring-plugin-core:1.2.0.RELEASE...
2023-05-24T11:09:29.537+0300	DEBUG	Start parent: org.springframework.plugin:spring-plugin:1.2.0.RELEASE
2023-05-24T11:09:29.605+0300	DEBUG	Exit parent: org.springframework.plugin:spring-plugin:1.2.0.RELEASE
2023-05-24T11:09:29.606+0300	DEBUG	Resolving org.springframework.plugin:spring-plugin-metadata:1.2.0.RELEASE...
2023-05-24T11:09:29.673+0300	DEBUG	Start parent: org.springframework.plugin:spring-plugin:1.2.0.RELEASE
2023-05-24T11:09:29.673+0300	DEBUG	Exit parent: org.springframework.plugin:spring-plugin:1.2.0.RELEASE
2023-05-24T11:09:29.674+0300	DEBUG	Resolving org.mapstruct:mapstruct:1.2.0.Final...
2023-05-24T11:09:29.741+0300	DEBUG	Start parent: org.mapstruct:mapstruct-parent:1.2.0.Final
2023-05-24T11:09:29.812+0300	DEBUG	Exit parent: org.mapstruct:mapstruct-parent:1.2.0.Final
2023-05-24T11:09:29.812+0300	DEBUG	Resolving org.jboss.arquillian:arquillian-bom:1.0.2.Final...
2023-05-24T11:09:29.881+0300	DEBUG	Resolving org.apache.tomcat:tomcat-juli:9.0.17...
2023-05-24T11:09:29.959+0300	DEBUG	Resolving org.apache.commons:commons-lang3:3.10...
2023-05-24T11:09:30.032+0300	DEBUG	Start parent: org.apache.commons:commons-parent:50
2023-05-24T11:09:30.112+0300	DEBUG	Start parent: org.apache:apache:21
2023-05-24T11:09:30.184+0300	DEBUG	Exit parent: org.apache:apache:21
2023-05-24T11:09:30.184+0300	DEBUG	Exit parent: org.apache.commons:commons-parent:50
2023-05-24T11:09:30.186+0300	DEBUG	Resolving io.netty:netty-common:4.1.65.Final...
2023-05-24T11:09:30.254+0300	DEBUG	Start parent: io.netty:netty-parent:4.1.65.Final
2023-05-24T11:09:30.335+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:9
2023-05-24T11:09:30.335+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:9
2023-05-24T11:09:30.335+0300	DEBUG	Exit parent: io.netty:netty-parent:4.1.65.Final
2023-05-24T11:09:30.339+0300	DEBUG	Resolving io.netty:netty-handler:4.1.65.Final...
2023-05-24T11:09:30.406+0300	DEBUG	Start parent: io.netty:netty-parent:4.1.65.Final
2023-05-24T11:09:30.406+0300	DEBUG	Exit parent: io.netty:netty-parent:4.1.65.Final
2023-05-24T11:09:30.412+0300	DEBUG	Resolving io.netty:netty-transport:4.1.65.Final...
2023-05-24T11:09:30.478+0300	DEBUG	Start parent: io.netty:netty-parent:4.1.65.Final
2023-05-24T11:09:30.478+0300	DEBUG	Exit parent: io.netty:netty-parent:4.1.65.Final
2023-05-24T11:09:30.481+0300	DEBUG	Resolving io.projectreactor:reactor-core:3.3.17.RELEASE...
2023-05-24T11:09:30.548+0300	DEBUG	Resolving org.springframework.data:spring-data-keyvalue:2.3.9.RELEASE...
2023-05-24T11:09:30.615+0300	DEBUG	Start parent: org.springframework.data.build:spring-data-parent:2.3.9.RELEASE
2023-05-24T11:09:30.615+0300	DEBUG	Exit parent: org.springframework.data.build:spring-data-parent:2.3.9.RELEASE
2023-05-24T11:09:30.617+0300	DEBUG	Resolving org.springframework:spring-tx:5.2.15.RELEASE...
2023-05-24T11:09:30.684+0300	DEBUG	Resolving org.springframework:spring-oxm:5.2.15.RELEASE...
2023-05-24T11:09:30.753+0300	DEBUG	Resolving org.springframework:spring-aop:5.2.15.RELEASE...
2023-05-24T11:09:30.821+0300	DEBUG	Resolving org.springframework:spring-context-support:5.2.15.RELEASE...
2023-05-24T11:09:30.889+0300	DEBUG	Resolving com.squareup.okhttp3:okhttp:3.14.9...
2023-05-24T11:09:30.964+0300	DEBUG	Start parent: com.squareup.okhttp3:parent:3.14.9
2023-05-24T11:09:31.035+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:09:31.035+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:09:31.035+0300	DEBUG	Exit parent: com.squareup.okhttp3:parent:3.14.9
2023-05-24T11:09:31.038+0300	DEBUG	Resolving commons-codec:commons-codec:1.14...
2023-05-24T11:09:31.108+0300	DEBUG	Start parent: org.apache.commons:commons-parent:50
2023-05-24T11:09:31.108+0300	DEBUG	Exit parent: org.apache.commons:commons-parent:50
2023-05-24T11:09:31.108+0300	DEBUG	Resolving de.skuzzle:semantic-version:2.1.0...
2023-05-24T11:09:31.177+0300	DEBUG	Start parent: de.skuzzle:skuzzle-parent:2.0.11
2023-05-24T11:09:31.248+0300	DEBUG	Exit parent: de.skuzzle:skuzzle-parent:2.0.11
2023-05-24T11:09:31.251+0300	DEBUG	Resolving org.springframework.boot:spring-boot:2.3.12.RELEASE...
2023-05-24T11:09:31.322+0300	DEBUG	Resolving org.springframework.boot:spring-boot-autoconfigure:2.3.12.RELEASE...
2023-05-24T11:09:31.389+0300	DEBUG	Resolving jakarta.annotation:jakarta.annotation-api:1.3.5...
2023-05-24T11:09:31.461+0300	DEBUG	Start parent: jakarta.annotation:ca-parent:1.3.5
2023-05-24T11:09:31.527+0300	DEBUG	Start parent: org.eclipse.ee4j:project:1.0.5
2023-05-24T11:09:31.527+0300	DEBUG	Exit parent: org.eclipse.ee4j:project:1.0.5
2023-05-24T11:09:31.529+0300	DEBUG	Exit parent: jakarta.annotation:ca-parent:1.3.5
2023-05-24T11:09:31.529+0300	DEBUG	Resolving org.springframework:spring-core:5.2.15.RELEASE...
2023-05-24T11:09:31.596+0300	DEBUG	Resolving org.yaml:snakeyaml:1.26...
2023-05-24T11:09:31.673+0300	DEBUG	Resolving com.fasterxml.jackson.core:jackson-databind:2.11.4...
2023-05-24T11:09:31.741+0300	DEBUG	Start parent: com.fasterxml.jackson:jackson-base:2.11.4
2023-05-24T11:09:31.809+0300	DEBUG	Start parent: com.fasterxml.jackson:jackson-bom:2.11.4
2023-05-24T11:09:31.809+0300	DEBUG	Exit parent: com.fasterxml.jackson:jackson-bom:2.11.4
2023-05-24T11:09:31.810+0300	DEBUG	Exit parent: com.fasterxml.jackson:jackson-base:2.11.4
2023-05-24T11:09:31.812+0300	DEBUG	Resolving com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.11.4...
2023-05-24T11:09:31.879+0300	DEBUG	Start parent: com.fasterxml.jackson.module:jackson-modules-java8:2.11.4
2023-05-24T11:09:31.946+0300	DEBUG	Start parent: com.fasterxml.jackson:jackson-base:2.11.4
2023-05-24T11:09:31.946+0300	DEBUG	Exit parent: com.fasterxml.jackson:jackson-base:2.11.4
2023-05-24T11:09:31.947+0300	DEBUG	Exit parent: com.fasterxml.jackson.module:jackson-modules-java8:2.11.4
2023-05-24T11:09:31.948+0300	DEBUG	Resolving com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.11.4...
2023-05-24T11:09:32.016+0300	DEBUG	Start parent: com.fasterxml.jackson.module:jackson-modules-java8:2.11.4
2023-05-24T11:09:32.016+0300	DEBUG	Exit parent: com.fasterxml.jackson.module:jackson-modules-java8:2.11.4
2023-05-24T11:09:32.017+0300	DEBUG	Resolving com.fasterxml.jackson.module:jackson-module-parameter-names:2.11.4...
2023-05-24T11:09:32.084+0300	DEBUG	Start parent: com.fasterxml.jackson.module:jackson-modules-java8:2.11.4
2023-05-24T11:09:32.084+0300	DEBUG	Exit parent: com.fasterxml.jackson.module:jackson-modules-java8:2.11.4
2023-05-24T11:09:32.085+0300	DEBUG	Resolving org.apache.tomcat.embed:tomcat-embed-core:9.0.46...
2023-05-24T11:09:32.151+0300	DEBUG	Resolving org.glassfish:jakarta.el:3.0.3...
2023-05-24T11:09:32.220+0300	DEBUG	Start parent: org.eclipse.ee4j:project:1.0.5
2023-05-24T11:09:32.220+0300	DEBUG	Exit parent: org.eclipse.ee4j:project:1.0.5
2023-05-24T11:09:32.220+0300	DEBUG	Resolving org.apache.tomcat.embed:tomcat-embed-websocket:9.0.46...
2023-05-24T11:09:32.287+0300	DEBUG	Resolving org.springframework:spring-beans:5.2.15.RELEASE...
2023-05-24T11:09:32.354+0300	DEBUG	Resolving org.springframework:spring-context:5.2.15.RELEASE...
2023-05-24T11:09:32.422+0300	DEBUG	Resolving org.springframework:spring-expression:5.2.15.RELEASE...
2023-05-24T11:09:32.489+0300	DEBUG	Resolving org.aspectj:aspectjweaver:1.9.6...
2023-05-24T11:09:32.555+0300	DEBUG	Resolving org.jboss.logging:jboss-logging:3.4.2.Final...
2023-05-24T11:09:32.625+0300	DEBUG	Start parent: org.jboss:jboss-parent:37
2023-05-24T11:09:32.704+0300	DEBUG	Exit parent: org.jboss:jboss-parent:37
2023-05-24T11:09:32.704+0300	DEBUG	Resolving org.junit:junit-bom:5.7.0...
2023-05-24T11:09:32.779+0300	DEBUG	Resolving org.javassist:javassist:3.27.0-GA...
2023-05-24T11:09:32.847+0300	DEBUG	Resolving net.bytebuddy:byte-buddy:1.10.22...
2023-05-24T11:09:32.916+0300	DEBUG	Start parent: net.bytebuddy:byte-buddy-parent:1.10.22
2023-05-24T11:09:32.992+0300	DEBUG	Exit parent: net.bytebuddy:byte-buddy-parent:1.10.22
2023-05-24T11:09:32.993+0300	DEBUG	Resolving antlr:antlr:2.7.7...
2023-05-24T11:09:33.061+0300	DEBUG	Resolving org.jboss:jandex:2.2.3.Final...
2023-05-24T11:09:33.142+0300	DEBUG	Start parent: org.jboss:jboss-parent:12
2023-05-24T11:09:33.215+0300	DEBUG	Exit parent: org.jboss:jboss-parent:12
2023-05-24T11:09:33.216+0300	DEBUG	Resolving org.dom4j:dom4j:2.1.3...
2023-05-24T11:09:33.284+0300	DEBUG	Resolving org.hibernate.common:hibernate-commons-annotations:5.1.2.Final...
2023-05-24T11:09:33.352+0300	DEBUG	Resolving org.glassfish.jaxb:jaxb-runtime:2.3.4...
2023-05-24T11:09:33.420+0300	DEBUG	Start parent: com.sun.xml.bind.mvn:jaxb-runtime-parent:2.3.4
2023-05-24T11:09:33.489+0300	DEBUG	Start parent: com.sun.xml.bind.mvn:jaxb-parent:2.3.4
2023-05-24T11:09:33.563+0300	DEBUG	Start parent: com.sun.xml.bind:jaxb-bom-ext:2.3.4
2023-05-24T11:09:33.630+0300	DEBUG	Start parent: org.glassfish.jaxb:jaxb-bom:2.3.4
2023-05-24T11:09:33.698+0300	DEBUG	Start parent: org.eclipse.ee4j:project:1.0.7
2023-05-24T11:09:33.768+0300	DEBUG	Exit parent: org.eclipse.ee4j:project:1.0.7
2023-05-24T11:09:33.769+0300	DEBUG	Exit parent: org.glassfish.jaxb:jaxb-bom:2.3.4
2023-05-24T11:09:33.769+0300	DEBUG	Exit parent: com.sun.xml.bind:jaxb-bom-ext:2.3.4
2023-05-24T11:09:33.769+0300	DEBUG	Exit parent: com.sun.xml.bind.mvn:jaxb-parent:2.3.4
2023-05-24T11:09:33.769+0300	DEBUG	Exit parent: com.sun.xml.bind.mvn:jaxb-runtime-parent:2.3.4
2023-05-24T11:09:33.771+0300	DEBUG	Resolving org.springframework.data.build:spring-data-commons:2.3.9.RELEASE...
2023-05-24T11:09:35.344+0300	DEBUG	org.springframework.data.build:spring-data-commons:2.3.9.RELEASE was not found in local/remote repositories
2023-05-24T11:09:35.344+0300	DEBUG	Resolving org.springframework:spring-orm:5.2.15.RELEASE...
2023-05-24T11:09:35.414+0300	DEBUG	Resolving org.apache.avro:avro:1.7.7...
2023-05-24T11:09:35.482+0300	DEBUG	Start parent: org.apache.avro:avro-parent:1.7.7
2023-05-24T11:09:35.556+0300	DEBUG	Start parent: org.apache.avro:avro-toplevel:1.7.7
2023-05-24T11:09:35.626+0300	DEBUG	Start parent: org.apache:apache:10
2023-05-24T11:09:35.697+0300	DEBUG	Exit parent: org.apache:apache:10
2023-05-24T11:09:35.697+0300	DEBUG	Exit parent: org.apache.avro:avro-toplevel:1.7.7
2023-05-24T11:09:35.697+0300	DEBUG	Exit parent: org.apache.avro:avro-parent:1.7.7
2023-05-24T11:09:35.700+0300	DEBUG	Resolving org.apache.avro:avro-mapred:1.7.7...
2023-05-24T11:09:35.768+0300	DEBUG	Start parent: org.apache.avro:avro-parent:1.7.7
2023-05-24T11:09:35.768+0300	DEBUG	Exit parent: org.apache.avro:avro-parent:1.7.7
2023-05-24T11:09:35.771+0300	DEBUG	Resolving com.twitter:chill_2.11:0.8.4...
2023-05-24T11:09:35.842+0300	DEBUG	Resolving com.twitter:chill-java:0.8.4...
2023-05-24T11:09:35.915+0300	DEBUG	Resolving org.apache.hadoop:hadoop-client:2.6.5...
2023-05-24T11:09:35.985+0300	DEBUG	Start parent: org.apache.hadoop:hadoop-project-dist:2.6.5
2023-05-24T11:09:36.056+0300	DEBUG	Start parent: org.apache.hadoop:hadoop-project:2.6.5
2023-05-24T11:09:36.132+0300	DEBUG	Start parent: org.apache.hadoop:hadoop-main:2.6.5
2023-05-24T11:09:36.202+0300	DEBUG	Exit parent: org.apache.hadoop:hadoop-main:2.6.5
2023-05-24T11:09:36.202+0300	DEBUG	Exit parent: org.apache.hadoop:hadoop-project:2.6.5
2023-05-24T11:09:36.203+0300	DEBUG	Exit parent: org.apache.hadoop:hadoop-project-dist:2.6.5
2023-05-24T11:09:36.205+0300	DEBUG	Resolving org.apache.spark:spark-launcher_2.11:2.3.1...
2023-05-24T11:09:36.277+0300	DEBUG	Start parent: org.apache.spark:spark-parent_2.11:2.3.1
2023-05-24T11:09:36.277+0300	DEBUG	Exit parent: org.apache.spark:spark-parent_2.11:2.3.1
2023-05-24T11:09:36.282+0300	DEBUG	Resolving org.apache.spark:spark-kvstore_2.11:2.3.1...
2023-05-24T11:09:36.350+0300	DEBUG	Start parent: org.apache.spark:spark-parent_2.11:2.3.1
2023-05-24T11:09:36.350+0300	DEBUG	Exit parent: org.apache.spark:spark-parent_2.11:2.3.1
2023-05-24T11:09:36.355+0300	DEBUG	Resolving org.apache.spark:spark-network-common_2.11:2.3.1...
2023-05-24T11:09:36.423+0300	DEBUG	Start parent: org.apache.spark:spark-parent_2.11:2.3.1
2023-05-24T11:09:36.423+0300	DEBUG	Exit parent: org.apache.spark:spark-parent_2.11:2.3.1
2023-05-24T11:09:36.430+0300	DEBUG	Resolving org.apache.spark:spark-network-shuffle_2.11:2.3.1...
2023-05-24T11:09:36.499+0300	DEBUG	Start parent: org.apache.spark:spark-parent_2.11:2.3.1
2023-05-24T11:09:36.499+0300	DEBUG	Exit parent: org.apache.spark:spark-parent_2.11:2.3.1
2023-05-24T11:09:36.504+0300	DEBUG	Resolving org.apache.spark:spark-unsafe_2.11:2.3.1...
2023-05-24T11:09:36.574+0300	DEBUG	Start parent: org.apache.spark:spark-parent_2.11:2.3.1
2023-05-24T11:09:36.574+0300	DEBUG	Exit parent: org.apache.spark:spark-parent_2.11:2.3.1
2023-05-24T11:09:36.581+0300	DEBUG	Resolving net.java.dev.jets3t:jets3t:0.9.4...
2023-05-24T11:09:36.658+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:09:36.658+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:09:36.661+0300	DEBUG	Resolving org.apache.curator:curator-recipes:2.6.0...
2023-05-24T11:09:36.728+0300	DEBUG	Start parent: org.apache.curator:apache-curator:2.6.0
2023-05-24T11:09:36.805+0300	DEBUG	Start parent: org.apache:apache:14
2023-05-24T11:09:36.875+0300	DEBUG	Exit parent: org.apache:apache:14
2023-05-24T11:09:36.875+0300	DEBUG	Exit parent: org.apache.curator:apache-curator:2.6.0
2023-05-24T11:09:36.876+0300	DEBUG	Resolving javax.servlet:javax.servlet-api:4.0.1...
2023-05-24T11:09:36.947+0300	DEBUG	Start parent: net.java:jvnet-parent:3
2023-05-24T11:09:37.016+0300	DEBUG	Exit parent: net.java:jvnet-parent:3
2023-05-24T11:09:37.016+0300	DEBUG	Resolving org.apache.commons:commons-math3:3.4.1...
2023-05-24T11:09:37.088+0300	DEBUG	Start parent: org.apache.commons:commons-parent:34
2023-05-24T11:09:37.165+0300	DEBUG	Start parent: org.apache:apache:13
2023-05-24T11:09:37.165+0300	DEBUG	Exit parent: org.apache:apache:13
2023-05-24T11:09:37.165+0300	DEBUG	Exit parent: org.apache.commons:commons-parent:34
2023-05-24T11:09:37.166+0300	DEBUG	Resolving com.google.code.findbugs:jsr305:1.3.9...
2023-05-24T11:09:37.232+0300	DEBUG	Resolving org.slf4j:jcl-over-slf4j:1.7.30...
2023-05-24T11:09:37.299+0300	DEBUG	Start parent: org.slf4j:slf4j-parent:1.7.30
2023-05-24T11:09:37.299+0300	DEBUG	Exit parent: org.slf4j:slf4j-parent:1.7.30
2023-05-24T11:09:37.299+0300	DEBUG	Resolving log4j:log4j:1.2.17...
2023-05-24T11:09:37.372+0300	DEBUG	Resolving com.ning:compress-lzf:1.0.3...
2023-05-24T11:09:37.440+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:09:37.440+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:09:37.441+0300	DEBUG	Resolving org.xerial.snappy:snappy-java:1.1.2.6...
2023-05-24T11:09:37.510+0300	DEBUG	Resolving org.lz4:lz4-java:1.4.0...
2023-05-24T11:09:37.577+0300	DEBUG	Resolving com.github.luben:zstd-jni:1.3.2-2...
2023-05-24T11:09:37.644+0300	DEBUG	Resolving org.roaringbitmap:RoaringBitmap:0.5.11...
2023-05-24T11:09:37.712+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:5
2023-05-24T11:09:37.712+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:5
2023-05-24T11:09:37.713+0300	DEBUG	Resolving commons-net:commons-net:2.2...
2023-05-24T11:09:37.783+0300	DEBUG	Start parent: org.apache.commons:commons-parent:17
2023-05-24T11:09:37.857+0300	DEBUG	Start parent: org.apache:apache:7
2023-05-24T11:09:37.927+0300	DEBUG	Exit parent: org.apache:apache:7
2023-05-24T11:09:37.927+0300	DEBUG	Exit parent: org.apache.commons:commons-parent:17
2023-05-24T11:09:37.927+0300	DEBUG	Resolving org.scala-lang:scala-library:2.11.8...
2023-05-24T11:09:37.994+0300	DEBUG	Resolving org.json4s:json4s-jackson_2.11:3.2.11...
2023-05-24T11:09:38.090+0300	DEBUG	Resolving org.glassfish.jersey.core:jersey-client:1.0.5...
2023-05-24T11:09:43.156+0300	DEBUG	org.glassfish.jersey.core:jersey-client:1.0.5 was not found in local/remote repositories
2023-05-24T11:09:43.156+0300	DEBUG	Resolving org.glassfish.jersey.core:jersey-common:1.0.5...
2023-05-24T11:09:47.056+0300	DEBUG	org.glassfish.jersey.core:jersey-common:1.0.5 was not found in local/remote repositories
2023-05-24T11:09:47.056+0300	DEBUG	Resolving org.glassfish.jersey.core:jersey-server:1.0.5...
2023-05-24T11:09:50.470+0300	DEBUG	org.glassfish.jersey.core:jersey-server:1.0.5 was not found in local/remote repositories
2023-05-24T11:09:50.470+0300	DEBUG	Resolving org.glassfish.jersey.containers:jersey-container-servlet:1.0.5...
2023-05-24T11:09:54.372+0300	DEBUG	org.glassfish.jersey.containers:jersey-container-servlet:1.0.5 was not found in local/remote repositories
2023-05-24T11:09:54.372+0300	DEBUG	Resolving org.glassfish.jersey.containers:jersey-container-servlet-core:1.0.5...
2023-05-24T11:09:58.264+0300	DEBUG	org.glassfish.jersey.containers:jersey-container-servlet-core:1.0.5 was not found in local/remote repositories
2023-05-24T11:09:58.264+0300	DEBUG	Resolving io.netty:netty-all:4.1.65.Final...
2023-05-24T11:09:58.336+0300	DEBUG	Start parent: io.netty:netty-parent:4.1.65.Final
2023-05-24T11:09:58.336+0300	DEBUG	Exit parent: io.netty:netty-parent:4.1.65.Final
2023-05-24T11:09:58.337+0300	DEBUG	Resolving io.netty:netty-bom:9...
2023-05-24T11:10:01.743+0300	DEBUG	io.netty:netty-bom:9 was not found in local/remote repositories
2023-05-24T11:10:01.753+0300	DEBUG	Resolving com.clearspring.analytics:stream:2.7.0...
2023-05-24T11:10:01.821+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:10:01.821+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:10:01.824+0300	DEBUG	Resolving io.dropwizard.metrics:metrics-core:4.1.22...
2023-05-24T11:10:01.892+0300	DEBUG	Start parent: io.dropwizard.metrics:metrics-parent:4.1.22
2023-05-24T11:10:01.892+0300	DEBUG	Exit parent: io.dropwizard.metrics:metrics-parent:4.1.22
2023-05-24T11:10:01.892+0300	DEBUG	Resolving io.dropwizard.metrics:metrics-jvm:4.1.22...
2023-05-24T11:10:01.959+0300	DEBUG	Start parent: io.dropwizard.metrics:metrics-parent:4.1.22
2023-05-24T11:10:01.960+0300	DEBUG	Exit parent: io.dropwizard.metrics:metrics-parent:4.1.22
2023-05-24T11:10:01.960+0300	DEBUG	Resolving io.dropwizard.metrics:metrics-json:4.1.22...
2023-05-24T11:10:02.027+0300	DEBUG	Start parent: io.dropwizard.metrics:metrics-parent:4.1.22
2023-05-24T11:10:02.027+0300	DEBUG	Exit parent: io.dropwizard.metrics:metrics-parent:4.1.22
2023-05-24T11:10:02.028+0300	DEBUG	Resolving io.dropwizard.metrics:metrics-graphite:4.1.22...
2023-05-24T11:10:02.095+0300	DEBUG	Start parent: io.dropwizard.metrics:metrics-parent:4.1.22
2023-05-24T11:10:02.095+0300	DEBUG	Exit parent: io.dropwizard.metrics:metrics-parent:4.1.22
2023-05-24T11:10:02.096+0300	DEBUG	Resolving com.fasterxml.jackson.module:jackson-module-scala_2.11:2.11.4...
2023-05-24T11:10:02.167+0300	DEBUG	Resolving org.apache.ivy:ivy:2.4.0...
2023-05-24T11:10:02.241+0300	DEBUG	Start parent: org.apache:apache:7
2023-05-24T11:10:02.241+0300	DEBUG	Exit parent: org.apache:apache:7
2023-05-24T11:10:02.248+0300	DEBUG	Resolving oro:oro:2.0.8...
2023-05-24T11:10:02.314+0300	DEBUG	Resolving net.razorvine:pyrolite:4.13...
2023-05-24T11:10:02.380+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:9
2023-05-24T11:10:02.380+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:9
2023-05-24T11:10:02.381+0300	DEBUG	Resolving net.sf.py4j:py4j:0.10.7...
2023-05-24T11:10:02.448+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:10:02.448+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:10:02.449+0300	DEBUG	Resolving org.apache.commons:commons-crypto:1.0.0...
2023-05-24T11:10:02.522+0300	DEBUG	Start parent: org.apache.commons:commons-parent:40
2023-05-24T11:10:02.600+0300	DEBUG	Start parent: org.apache:apache:17
2023-05-24T11:10:02.675+0300	DEBUG	Exit parent: org.apache:apache:17
2023-05-24T11:10:02.676+0300	DEBUG	Exit parent: org.apache.commons:commons-parent:40
2023-05-24T11:10:02.677+0300	DEBUG	Resolving org.scala-lang:scala-reflect:2.11.8...
2023-05-24T11:10:02.745+0300	DEBUG	Resolving org.scala-lang.modules:scala-parser-combinators_2.11:1.0.4...
2023-05-24T11:10:02.814+0300	DEBUG	Resolving org.codehaus.janino:janino:3.1.4...
2023-05-24T11:10:02.882+0300	DEBUG	Start parent: org.codehaus.janino:janino-parent:3.1.4
2023-05-24T11:10:02.951+0300	DEBUG	Exit parent: org.codehaus.janino:janino-parent:3.1.4
2023-05-24T11:10:02.951+0300	DEBUG	Resolving org.codehaus.janino:commons-compiler:3.1.4...
2023-05-24T11:10:03.020+0300	DEBUG	Start parent: org.codehaus.janino:janino-parent:3.1.4
2023-05-24T11:10:03.020+0300	DEBUG	Exit parent: org.codehaus.janino:janino-parent:3.1.4
2023-05-24T11:10:03.021+0300	DEBUG	Resolving org.antlr:antlr4-runtime:4.7...
2023-05-24T11:10:03.088+0300	DEBUG	Start parent: org.antlr:antlr4-master:4.7
2023-05-24T11:10:03.154+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:9
2023-05-24T11:10:03.154+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:9
2023-05-24T11:10:03.155+0300	DEBUG	Exit parent: org.antlr:antlr4-master:4.7
2023-05-24T11:10:03.155+0300	DEBUG	Resolving com.esotericsoftware:kryo-shaded:3.0.3...
2023-05-24T11:10:03.222+0300	DEBUG	Start parent: com.esotericsoftware:kryo-parent:3.0.3
2023-05-24T11:10:03.290+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:10:03.290+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:10:03.291+0300	DEBUG	Exit parent: com.esotericsoftware:kryo-parent:3.0.3
2023-05-24T11:10:03.292+0300	DEBUG	Resolving org.apache.parquet:parquet-common:1.8.3...
2023-05-24T11:10:03.361+0300	DEBUG	Start parent: org.apache.parquet:parquet:1.8.3
2023-05-24T11:10:03.361+0300	DEBUG	Exit parent: org.apache.parquet:parquet:1.8.3
2023-05-24T11:10:03.363+0300	DEBUG	Resolving org.apache.parquet:parquet-encoding:1.8.3...
2023-05-24T11:10:03.430+0300	DEBUG	Start parent: org.apache.parquet:parquet:1.8.3
2023-05-24T11:10:03.430+0300	DEBUG	Exit parent: org.apache.parquet:parquet:1.8.3
2023-05-24T11:10:03.431+0300	DEBUG	Resolving org.apache.parquet:parquet-format:2.3.1...
2023-05-24T11:10:03.499+0300	DEBUG	Start parent: org.apache:apache:16
2023-05-24T11:10:03.499+0300	DEBUG	Exit parent: org.apache:apache:16
2023-05-24T11:10:03.499+0300	DEBUG	Resolving org.apache.parquet:parquet-jackson:16...
2023-05-24T11:10:07.617+0300	DEBUG	org.apache.parquet:parquet-jackson:16 was not found in local/remote repositories
2023-05-24T11:10:07.617+0300	DEBUG	Resolving org.codehaus.jackson:jackson-core-asl:1.9.11...
2023-05-24T11:10:07.684+0300	DEBUG	Resolving org.apache.arrow:arrow-format:18...
2023-05-24T11:10:11.303+0300	DEBUG	org.apache.arrow:arrow-format:18 was not found in local/remote repositories
2023-05-24T11:10:11.303+0300	DEBUG	Resolving org.apache.arrow:arrow-memory:18...
2023-05-24T11:10:17.413+0300	DEBUG	org.apache.arrow:arrow-memory:18 was not found in local/remote repositories
2023-05-24T11:10:17.413+0300	DEBUG	Resolving joda-time:joda-time:2.9.9...
2023-05-24T11:10:17.488+0300	DEBUG	Resolving com.fasterxml.jackson.core:jackson-core:2.11.4...
2023-05-24T11:10:17.558+0300	DEBUG	Start parent: com.fasterxml.jackson:jackson-base:2.11.4
2023-05-24T11:10:17.558+0300	DEBUG	Exit parent: com.fasterxml.jackson:jackson-base:2.11.4
2023-05-24T11:10:17.559+0300	DEBUG	Resolving com.carrotsearch:hppc:0.7.2...
2023-05-24T11:10:17.640+0300	DEBUG	Start parent: com.carrotsearch:hppc-parent:0.7.2
2023-05-24T11:10:17.712+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:9
2023-05-24T11:10:17.712+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:9
2023-05-24T11:10:17.713+0300	DEBUG	Exit parent: com.carrotsearch:hppc-parent:0.7.2
2023-05-24T11:10:17.715+0300	DEBUG	Resolving com.vlkan:flatbuffers:1.2.0-3f79e055...
2023-05-24T11:10:17.783+0300	DEBUG	Resolving com.fasterxml.jackson.core:jackson-annotations:2.11.4...
2023-05-24T11:10:17.851+0300	DEBUG	Start parent: com.fasterxml.jackson:jackson-parent:2.11
2023-05-24T11:10:17.851+0300	DEBUG	Exit parent: com.fasterxml.jackson:jackson-parent:2.11
2023-05-24T11:10:17.852+0300	DEBUG	Resolving io.springfox:springfox-core:2.8.0...
2023-05-24T11:10:17.925+0300	DEBUG	Resolving org.reflections:reflections:0.9.11...
2023-05-24T11:10:17.997+0300	DEBUG	Resolving org.sonatype.oss:netty-common:9...
2023-05-24T11:10:22.971+0300	DEBUG	org.sonatype.oss:netty-common:9 was not found in local/remote repositories
2023-05-24T11:10:22.972+0300	DEBUG	Resolving org.sonatype.oss:netty-resolver:9...
2023-05-24T11:10:27.045+0300	DEBUG	org.sonatype.oss:netty-resolver:9 was not found in local/remote repositories
2023-05-24T11:10:27.045+0300	DEBUG	Resolving org.sonatype.oss:netty-buffer:9...
2023-05-24T11:10:30.661+0300	DEBUG	org.sonatype.oss:netty-buffer:9 was not found in local/remote repositories
2023-05-24T11:10:30.661+0300	DEBUG	Resolving org.sonatype.oss:netty-transport:9...
2023-05-24T11:10:35.392+0300	DEBUG	org.sonatype.oss:netty-transport:9 was not found in local/remote repositories
2023-05-24T11:10:35.392+0300	DEBUG	Resolving org.sonatype.oss:netty-codec:9...
2023-05-24T11:10:40.443+0300	DEBUG	org.sonatype.oss:netty-codec:9 was not found in local/remote repositories
2023-05-24T11:10:40.443+0300	DEBUG	Resolving org.mockito:mockito-core:1.10.19...
2023-05-24T11:10:40.512+0300	DEBUG	Resolving org.reactivestreams:reactive-streams:1.0.3...
2023-05-24T11:10:40.579+0300	DEBUG	Resolving org.springframework.data:spring-data-commons:2.3.9.RELEASE...
2023-05-24T11:10:40.649+0300	DEBUG	Start parent: org.springframework.data.build:spring-data-parent:2.3.9.RELEASE
2023-05-24T11:10:40.649+0300	DEBUG	Exit parent: org.springframework.data.build:spring-data-parent:2.3.9.RELEASE
2023-05-24T11:10:40.659+0300	DEBUG	Resolving com.squareup.okio:okio:1.17.2...
2023-05-24T11:10:40.726+0300	DEBUG	Start parent: com.squareup.okio:okio-parent:1.17.2
2023-05-24T11:10:40.794+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:10:40.794+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:10:40.795+0300	DEBUG	Exit parent: com.squareup.okio:okio-parent:1.17.2
2023-05-24T11:10:40.799+0300	DEBUG	Resolving org.springframework:spring-jcl:5.2.15.RELEASE...
2023-05-24T11:10:40.866+0300	DEBUG	Resolving jakarta.xml.bind:jakarta.xml.bind-api:2.3.3...
2023-05-24T11:10:40.937+0300	DEBUG	Start parent: jakarta.xml.bind:jakarta.xml.bind-api-parent:2.3.3
2023-05-24T11:10:41.004+0300	DEBUG	Start parent: org.eclipse.ee4j:project:1.0.6
2023-05-24T11:10:41.073+0300	DEBUG	Exit parent: org.eclipse.ee4j:project:1.0.6
2023-05-24T11:10:41.073+0300	DEBUG	Exit parent: jakarta.xml.bind:jakarta.xml.bind-api-parent:2.3.3
2023-05-24T11:10:41.074+0300	DEBUG	Resolving org.eclipse.ee4j:txw2:...
2023-05-24T11:10:44.630+0300	DEBUG	org.eclipse.ee4j:txw2: was not found in local/remote repositories
2023-05-24T11:10:44.630+0300	DEBUG	Resolving com.sun.istack:istack-commons-runtime:3.0.12...
2023-05-24T11:10:44.697+0300	DEBUG	Start parent: com.sun.istack:istack-commons:3.0.12
2023-05-24T11:10:44.770+0300	DEBUG	Start parent: org.eclipse.ee4j:project:1.0.6
2023-05-24T11:10:44.770+0300	DEBUG	Exit parent: org.eclipse.ee4j:project:1.0.6
2023-05-24T11:10:44.770+0300	DEBUG	Exit parent: com.sun.istack:istack-commons:3.0.12
2023-05-24T11:10:44.771+0300	DEBUG	Resolving com.thoughtworks.paranamer:paranamer:2.3...
2023-05-24T11:10:44.838+0300	DEBUG	Start parent: com.thoughtworks.paranamer:paranamer-parent:2.3
2023-05-24T11:10:44.908+0300	DEBUG	Start parent: org.codehaus:codehaus-parent:1
2023-05-24T11:10:44.979+0300	DEBUG	Exit parent: org.codehaus:codehaus-parent:1
2023-05-24T11:10:44.979+0300	DEBUG	Exit parent: com.thoughtworks.paranamer:paranamer-parent:2.3
2023-05-24T11:10:44.980+0300	DEBUG	Resolving org.apache.commons:commons-compress:1.4.1...
2023-05-24T11:10:45.048+0300	DEBUG	Start parent: org.apache.commons:commons-parent:24
2023-05-24T11:10:45.144+0300	DEBUG	Start parent: org.apache:apache:9
2023-05-24T11:10:45.215+0300	DEBUG	Exit parent: org.apache:apache:9
2023-05-24T11:10:45.215+0300	DEBUG	Exit parent: org.apache.commons:commons-parent:24
2023-05-24T11:10:45.216+0300	DEBUG	Resolving org.apache:avro-ipc:10...
2023-05-24T11:10:50.264+0300	DEBUG	org.apache:avro-ipc:10 was not found in local/remote repositories
2023-05-24T11:10:50.264+0300	DEBUG	Resolving org.apache.hadoop:hadoop-hdfs:2.6.5...
2023-05-24T11:10:50.341+0300	DEBUG	Start parent: org.apache.hadoop:hadoop-project-dist:2.6.5
2023-05-24T11:10:50.341+0300	DEBUG	Exit parent: org.apache.hadoop:hadoop-project-dist:2.6.5
2023-05-24T11:10:50.350+0300	DEBUG	Resolving org.apache.hadoop:hadoop-mapreduce-client-app:2.6.5...
2023-05-24T11:10:50.475+0300	DEBUG	Start parent: org.apache.hadoop:hadoop-mapreduce-client:2.6.5
2023-05-24T11:10:50.545+0300	DEBUG	Start parent: org.apache.hadoop:hadoop-project:2.6.5
2023-05-24T11:10:50.545+0300	DEBUG	Exit parent: org.apache.hadoop:hadoop-project:2.6.5
2023-05-24T11:10:50.546+0300	DEBUG	Exit parent: org.apache.hadoop:hadoop-mapreduce-client:2.6.5
2023-05-24T11:10:50.551+0300	DEBUG	Resolving org.apache.hadoop:hadoop-yarn-api:2.6.5...
2023-05-24T11:10:50.619+0300	DEBUG	Start parent: org.apache.hadoop:hadoop-yarn:2.6.5
2023-05-24T11:10:50.686+0300	DEBUG	Start parent: org.apache.hadoop:hadoop-project:2.6.5
2023-05-24T11:10:50.693+0300	DEBUG	Exit parent: org.apache.hadoop:hadoop-project:2.6.5
2023-05-24T11:10:50.695+0300	DEBUG	Exit parent: org.apache.hadoop:hadoop-yarn:2.6.5
2023-05-24T11:10:50.698+0300	DEBUG	Resolving org.apache.hadoop:hadoop-mapreduce-client-jobclient:2.6.5...
2023-05-24T11:10:50.766+0300	DEBUG	Start parent: org.apache.hadoop:hadoop-mapreduce-client:2.6.5
2023-05-24T11:10:50.766+0300	DEBUG	Exit parent: org.apache.hadoop:hadoop-mapreduce-client:2.6.5
2023-05-24T11:10:50.775+0300	DEBUG	Resolving org.fusesource.leveldbjni:leveldbjni-all:1.8...
2023-05-24T11:10:50.843+0300	DEBUG	Start parent: org.fusesource.leveldbjni:leveldbjni-project:1.8
2023-05-24T11:10:50.912+0300	DEBUG	Start parent: org.fusesource:fusesource-pom:1.9
2023-05-24T11:10:50.983+0300	DEBUG	Exit parent: org.fusesource:fusesource-pom:1.9
2023-05-24T11:10:50.983+0300	DEBUG	Exit parent: org.fusesource.leveldbjni:leveldbjni-project:1.8
2023-05-24T11:10:50.985+0300	DEBUG	Resolving org.apache.httpcomponents:httpcore:4.4.14...
2023-05-24T11:10:51.052+0300	DEBUG	Start parent: org.apache.httpcomponents:httpcomponents-core:4.4.14
2023-05-24T11:10:51.122+0300	DEBUG	Start parent: org.apache.httpcomponents:httpcomponents-parent:11
2023-05-24T11:10:51.195+0300	DEBUG	Start parent: org.apache:apache:21
2023-05-24T11:10:51.195+0300	DEBUG	Exit parent: org.apache:apache:21
2023-05-24T11:10:51.196+0300	DEBUG	Exit parent: org.apache.httpcomponents:httpcomponents-parent:11
2023-05-24T11:10:51.198+0300	DEBUG	Exit parent: org.apache.httpcomponents:httpcomponents-core:4.4.14
2023-05-24T11:10:51.199+0300	DEBUG	Resolving org.apache.httpcomponents:httpclient:4.5.13...
2023-05-24T11:10:51.266+0300	DEBUG	Start parent: org.apache.httpcomponents:httpcomponents-client:4.5.13
2023-05-24T11:10:51.338+0300	DEBUG	Start parent: org.apache.httpcomponents:httpcomponents-parent:11
2023-05-24T11:10:51.338+0300	DEBUG	Exit parent: org.apache.httpcomponents:httpcomponents-parent:11
2023-05-24T11:10:51.339+0300	DEBUG	Exit parent: org.apache.httpcomponents:httpcomponents-client:4.5.13
2023-05-24T11:10:51.341+0300	DEBUG	Resolving javax.activation:activation:1.1.1...
2023-05-24T11:10:51.411+0300	DEBUG	Resolving org.bouncycastle:bcprov-jdk15on:1.52...
2023-05-24T11:10:51.478+0300	DEBUG	Resolving com.jamesmurty.utils:java-xmlbuilder:1.1...
2023-05-24T11:10:51.546+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:10:51.546+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:10:51.547+0300	DEBUG	Resolving org.apache.zookeeper:zookeeper:3.4.6...
2023-05-24T11:10:51.622+0300	DEBUG	Resolving org.apache.curator:curator-framework:14...
2023-05-24T11:10:57.589+0300	DEBUG	org.apache.curator:curator-framework:14 was not found in local/remote repositories
2023-05-24T11:10:57.589+0300	DEBUG	Resolving org.json4s:json4s-core_2.11:3.2.11...
2023-05-24T11:10:57.658+0300	DEBUG	Resolving com.rabbitmq:amqp-client:5.9.0...
2023-05-24T11:10:57.735+0300	DEBUG	Resolving com.fasterxml.jackson.module:jackson-module-paranamer:2.11.4...
2023-05-24T11:10:57.803+0300	DEBUG	Start parent: com.fasterxml.jackson.module:jackson-modules-base:2.11.4
2023-05-24T11:10:57.873+0300	DEBUG	Start parent: com.fasterxml.jackson:jackson-base:2.11.4
2023-05-24T11:10:57.873+0300	DEBUG	Exit parent: com.fasterxml.jackson:jackson-base:2.11.4
2023-05-24T11:10:57.873+0300	DEBUG	Exit parent: com.fasterxml.jackson.module:jackson-modules-base:2.11.4
2023-05-24T11:10:57.874+0300	DEBUG	Resolving com.esotericsoftware:minlog:1.3.0...
2023-05-24T11:10:57.941+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:10:57.941+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:10:57.942+0300	DEBUG	Resolving org.objenesis:objenesis:2.1...
2023-05-24T11:10:58.008+0300	DEBUG	Start parent: org.objenesis:objenesis-parent:2.1
2023-05-24T11:10:58.076+0300	DEBUG	Exit parent: org.objenesis:objenesis-parent:2.1
2023-05-24T11:10:58.076+0300	DEBUG	Resolving jakarta.activation:jakarta.activation-api:1.2.2...
2023-05-24T11:10:58.145+0300	DEBUG	Start parent: com.sun.activation:all:1.2.2
2023-05-24T11:10:58.215+0300	DEBUG	Start parent: org.eclipse.ee4j:project:1.0.6
2023-05-24T11:10:58.215+0300	DEBUG	Exit parent: org.eclipse.ee4j:project:1.0.6
2023-05-24T11:10:58.215+0300	DEBUG	Exit parent: com.sun.activation:all:1.2.2
2023-05-24T11:10:58.215+0300	DEBUG	Resolving commons-cli:commons-cli:1.2...
2023-05-24T11:10:58.285+0300	DEBUG	Start parent: org.apache.commons:commons-parent:11
2023-05-24T11:10:58.356+0300	DEBUG	Start parent: org.apache:apache:4
2023-05-24T11:10:58.424+0300	DEBUG	Exit parent: org.apache:apache:4
2023-05-24T11:10:58.424+0300	DEBUG	Exit parent: org.apache.commons:commons-parent:11
2023-05-24T11:10:58.424+0300	DEBUG	Resolving commons-io:commons-io:2.4...
2023-05-24T11:10:58.493+0300	DEBUG	Start parent: org.apache.commons:commons-parent:25
2023-05-24T11:10:58.568+0300	DEBUG	Start parent: org.apache:apache:9
2023-05-24T11:10:58.568+0300	DEBUG	Exit parent: org.apache:apache:9
2023-05-24T11:10:58.569+0300	DEBUG	Exit parent: org.apache.commons:commons-parent:25
2023-05-24T11:10:58.569+0300	DEBUG	Resolving commons-lang:commons-lang:2.6...
2023-05-24T11:10:58.639+0300	DEBUG	Start parent: org.apache.commons:commons-parent:17
2023-05-24T11:10:58.639+0300	DEBUG	Exit parent: org.apache.commons:commons-parent:17
2023-05-24T11:10:58.640+0300	DEBUG	Resolving com.google.protobuf:protobuf-java:2.5.0...
2023-05-24T11:10:58.707+0300	DEBUG	Start parent: com.google:google:1
2023-05-24T11:10:58.775+0300	DEBUG	Exit parent: com.google:google:1
2023-05-24T11:10:58.777+0300	DEBUG	Resolving xmlenc:xmlenc:0.52...
2023-05-24T11:10:58.843+0300	DEBUG	Resolving xerces:xercesImpl:2.9.1...
2023-05-24T11:10:58.910+0300	DEBUG	Start parent: org.apache:apache:4
2023-05-24T11:10:58.910+0300	DEBUG	Exit parent: org.apache:apache:4
2023-05-24T11:10:58.911+0300	DEBUG	Resolving org.htrace:htrace-core:3.0.4...
2023-05-24T11:10:58.978+0300	DEBUG	Start parent: org.htrace:htrace:3.0.4
2023-05-24T11:10:59.046+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:10:59.046+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:10:59.047+0300	DEBUG	Exit parent: org.htrace:htrace:3.0.4
2023-05-24T11:10:59.049+0300	DEBUG	Resolving org.apache.hadoop:hadoop-mapreduce-client-common:2.6.5...
2023-05-24T11:10:59.116+0300	DEBUG	Start parent: org.apache.hadoop:hadoop-mapreduce-client:2.6.5
2023-05-24T11:10:59.116+0300	DEBUG	Exit parent: org.apache.hadoop:hadoop-mapreduce-client:2.6.5
2023-05-24T11:10:59.118+0300	DEBUG	Resolving org.apache.hadoop:hadoop-mapreduce-client-shuffle:2.6.5...
2023-05-24T11:10:59.186+0300	DEBUG	Start parent: org.apache.hadoop:hadoop-mapreduce-client:2.6.5
2023-05-24T11:10:59.186+0300	DEBUG	Exit parent: org.apache.hadoop:hadoop-mapreduce-client:2.6.5
2023-05-24T11:10:59.189+0300	DEBUG	Resolving net.iharder:base64:2.3.8...
2023-05-24T11:10:59.258+0300	DEBUG	Resolving jline:jline:0.9.94...
2023-05-24T11:10:59.325+0300	DEBUG	Resolving io.netty:netty:3.7.0.Final...
2023-05-24T11:10:59.398+0300	DEBUG	Start parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:10:59.398+0300	DEBUG	Exit parent: org.sonatype.oss:oss-parent:7
2023-05-24T11:10:59.404+0300	DEBUG	Resolving org.json4s:json4s-ast_2.11:3.2.11...
2023-05-24T11:10:59.472+0300	DEBUG	Resolving org.scala-lang:scalap:2.11.0...
2023-05-24T11:10:59.540+0300	DEBUG	Resolving xml-apis:xml-apis:1.3.04...
2023-05-24T11:10:59.606+0300	DEBUG	Start parent: org.apache:apache:3
2023-05-24T11:10:59.673+0300	DEBUG	Exit parent: org.apache:apache:3
2023-05-24T11:10:59.673+0300	DEBUG	Resolving org.apache.hadoop:hadoop-yarn-common:2.6.5...
2023-05-24T11:10:59.741+0300	DEBUG	Start parent: org.apache.hadoop:hadoop-yarn:2.6.5
2023-05-24T11:10:59.741+0300	DEBUG	Exit parent: org.apache.hadoop:hadoop-yarn:2.6.5
2023-05-24T11:10:59.750+0300	DEBUG	Resolving org.apache.hadoop:hadoop-yarn-client:2.6.5...
2023-05-24T11:10:59.817+0300	DEBUG	Start parent: org.apache.hadoop:hadoop-yarn:2.6.5
2023-05-24T11:10:59.817+0300	DEBUG	Exit parent: org.apache.hadoop:hadoop-yarn:2.6.5
2023-05-24T11:10:59.826+0300	DEBUG	Resolving org.apache.hadoop:hadoop-yarn-server-common:2.6.5...
2023-05-24T11:10:59.893+0300	DEBUG	Start parent: org.apache.hadoop:hadoop-yarn-server:2.6.5
2023-05-24T11:10:59.961+0300	DEBUG	Start parent: org.apache.hadoop:hadoop-yarn:2.6.5
2023-05-24T11:10:59.961+0300	DEBUG	Exit parent: org.apache.hadoop:hadoop-yarn:2.6.5
2023-05-24T11:10:59.962+0300	DEBUG	Exit parent: org.apache.hadoop:hadoop-yarn-server:2.6.5
2023-05-24T11:10:59.967+0300	DEBUG	Resolving org.scala-lang:scala-compiler:2.11.0...
2023-05-24T11:11:00.036+0300	DEBUG	Resolving javax.xml.bind:jaxb-api:2.3.1...
2023-05-24T11:11:00.112+0300	DEBUG	Start parent: javax.xml.bind:jaxb-api-parent:2.3.1
2023-05-24T11:11:00.180+0300	DEBUG	Start parent: net.java:jvnet-parent:5
2023-05-24T11:11:00.248+0300	DEBUG	Exit parent: net.java:jvnet-parent:5
2023-05-24T11:11:00.248+0300	DEBUG	Exit parent: javax.xml.bind:jaxb-api-parent:2.3.1
2023-05-24T11:11:00.249+0300	DEBUG	Resolving com.sun.jersey:jersey-client:1.9...
2023-05-24T11:11:00.317+0300	DEBUG	Start parent: com.sun.jersey:jersey-project:1.9
2023-05-24T11:11:00.387+0300	DEBUG	Start parent: net.java:jvnet-parent:1
2023-05-24T11:11:00.455+0300	DEBUG	Exit parent: net.java:jvnet-parent:1
2023-05-24T11:11:00.456+0300	DEBUG	Exit parent: com.sun.jersey:jersey-project:1.9
2023-05-24T11:11:00.456+0300	DEBUG	Resolving org.codehaus.jackson:jackson-jaxrs:1.9.13...
2023-05-24T11:11:00.524+0300	DEBUG	Resolving org.codehaus.jackson:jackson-xc:1.9.13...
2023-05-24T11:11:00.597+0300	DEBUG	Resolving org.scala-lang.modules:scala-xml_2.11:1.0.1...
2023-05-24T11:11:00.666+0300	DEBUG	Resolving javax.activation:javax.activation-api:1.2.0...
2023-05-24T11:11:00.734+0300	DEBUG	Start parent: com.sun.activation:all:1.2.0
2023-05-24T11:11:00.805+0300	DEBUG	Start parent: net.java:jvnet-parent:1
2023-05-24T11:11:00.805+0300	DEBUG	Exit parent: net.java:jvnet-parent:1
2023-05-24T11:11:00.805+0300	DEBUG	Exit parent: com.sun.activation:all:1.2.0
2023-05-24T11:11:00.816+0300	DEBUG	OS is not detected.
2023-05-24T11:11:00.816+0300	DEBUG	Detected OS: unknown
2023-05-24T11:11:00.816+0300	INFO	Number of language-specific files: 1
2023-05-24T11:11:00.816+0300	INFO	Detecting pom vulnerabilities...
2023-05-24T11:11:00.816+0300	DEBUG	Detecting library vulnerabilities, type: pom, path: pom.xml

pom.xml (pom)

Total: 80 (UNKNOWN: 3, LOW: 4, MEDIUM: 35, HIGH: 27, CRITICAL: 11)

┌──────────────────────────────────────────────────┬─────────────────────┬──────────┬───────────────────┬────────────────────────────────┬──────────────────────────────────────────────────────────────┐
│                     Library                      │    Vulnerability    │ Severity │ Installed Version │         Fixed Version          │                            Title                             │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┼───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ com.fasterxml.jackson.core:jackson-databind      │ CVE-2020-36518      │ HIGH     │ 2.11.4            │ 2.12.6.1, 2.13.2.1             │ denial of service via a large depth of nested objects        │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2020-36518                   │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2021-46877      │          │                   │ 2.12.6, 2.13.1                 │ Possible DoS if using JDK serialization to serialize         │
│                                                  │                     │          │                   │                                │ JsonNode                                                     │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2021-46877                   │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2022-42003      │          │                   │ 2.12.7.1, 2.13.4.1             │ deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS    │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-42003                   │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2022-42004      │          │                   │ 2.12.7.1, 2.13.4               │ use of deeply nested arrays                                  │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-42004                   │
├──────────────────────────────────────────────────┼─────────────────────┤          ├───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ com.google.code.gson:gson                        │ CVE-2022-25647      │          │ 2.8.7             │ 2.8.9                          │ Deserialization of Untrusted Data in                         │
│                                                  │                     │          │                   │                                │ com.google.code.gson-gson                                    │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-25647                   │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┼───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ com.google.guava:guava                           │ CVE-2018-10237      │ MEDIUM   │ 20.0              │ 24.1.1-jre, 24.1.1-android     │ guava: Unbounded memory allocation in AtomicDoubleArray and  │
│                                                  │                     │          │                   │                                │ CompoundOrdering classes allow remote attackers...           │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2018-10237                   │
│                                                  ├─────────────────────┼──────────┤                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2020-8908       │ LOW      │                   │ 30.0                           │ guava: local information disclosure via temporary directory  │
│                                                  │                     │          │                   │                                │ created with unsafe permissions                              │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2020-8908                    │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┼───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ com.google.protobuf:protobuf-java                │ CVE-2022-3171       │ HIGH     │ 2.5.0             │ 3.16.3, 3.19.6, 3.20.3, 3.21.7 │ timeout in parser leads to DoS                               │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-3171                    │
│                                                  ├─────────────────────┼──────────┤                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2021-22569      │ MEDIUM   │                   │ 3.16.1, 3.18.2, 3.19.2         │ protobuf-java: potential DoS in the parsing procedure for    │
│                                                  │                     │          │                   │                                │ binary data                                                  │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2021-22569                   │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┼───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ com.jamesmurty.utils:java-xmlbuilder             │ CVE-2014-125087     │ CRITICAL │ 1.1               │ 1.2                            │ java-xmlbuilder: XMLBuilder2 is vulnerable to XML External   │
│                                                  │                     │          │                   │                                │ Entity (XXE) injection                                       │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2014-125087                  │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┼───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ commons-io:commons-io                            │ CVE-2021-29425      │ MEDIUM   │ 2.4               │ 2.7                            │ apache-commons-io: Limited path traversal in Apache Commons  │
│                                                  │                     │          │                   │                                │ IO 2.2 to 2.6                                                │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2021-29425                   │
├──────────────────────────────────────────────────┼─────────────────────┤          ├───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ commons-net:commons-net                          │ CVE-2021-37533      │          │ 2.2               │ 3.9.0                          │ FTP client trusts the host from PASV response by default     │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2021-37533                   │
├──────────────────────────────────────────────────┼─────────────────────┤          ├───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ io.netty:netty                                   │ CVE-2021-21290      │          │ 3.7.0.Final       │                                │ netty: Information disclosure via the local system temporary │
│                                                  │                     │          │                   │                                │ directory                                                    │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2021-21290                   │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2021-21409      │          │                   │ 4.1.61                         │ netty: Request smuggling via content-length header           │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2021-21409                   │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2022-24823      │          │                   │ 4.1.77.Final                   │ world readable temporary file containing sensitive data      │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-24823                   │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┼───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ io.netty:netty-all                               │ CVE-2022-41881      │ HIGH     │ 4.1.65.Final      │ 4.1.86                         │ HAProxyMessageDecoder Stack Exhaustion DoS                   │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-41881                   │
│                                                  ├─────────────────────┼──────────┤                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2022-24823      │ MEDIUM   │                   │ 4.1.77.Final                   │ world readable temporary file containing sensitive data      │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-24823                   │
├──────────────────────────────────────────────────┤                     │          │                   │                                │                                                              │
│ io.netty:netty-handler                           │                     │          │                   │                                │                                                              │
│                                                  │                     │          │                   │                                │                                                              │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┼───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ io.springfox:springfox-swagger-ui                │ CVE-2019-17495      │ CRITICAL │ 2.8.0             │ 2.10.0                         │ Cross-site scripting in Swagger-UI                           │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2019-17495                   │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┼───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ jline:jline                                      │ CVE-2010-1330       │ MEDIUM   │ 0.9.94            │ 1.4.1                          │ jruby: XSS in the regular expression engine when processing  │
│                                                  │                     │          │                   │                                │ invalid UTF-8 byte...                                        │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2010-1330                    │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2013-2035       │          │                   │ 2.11                           │ predictable temporary file name leading to local arbitrary   │
│                                                  │                     │          │                   │                                │ code execution                                               │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2013-2035                    │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┼───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ log4j:log4j                                      │ CVE-2019-17571      │ CRITICAL │ 1.2.17            │ 2.0-alpha1                     │ log4j: deserialization of untrusted data in SocketServer     │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2019-17571                   │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2022-23305      │          │                   │                                │ log4j: SQL injection in Log4j 1.x when application is        │
│                                                  │                     │          │                   │                                │ configured to use...                                         │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-23305                   │
│                                                  ├─────────────────────┼──────────┤                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2021-4104       │ HIGH     │                   │                                │ log4j: Remote code execution in Log4j 1.x when application   │
│                                                  │                     │          │                   │                                │ is configured to...                                          │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2021-4104                    │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2022-23302      │          │                   │                                │ log4j: Remote code execution in Log4j 1.x when application   │
│                                                  │                     │          │                   │                                │ is configured to...                                          │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-23302                   │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2022-23307      │          │                   │                                │ log4j: Unsafe deserialization flaw in Chainsaw log viewer    │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-23307                   │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2023-26464      │          │                   │ 2.0                            │ DoS via hashmap logging                                      │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2023-26464                   │
│                                                  ├─────────────────────┼──────────┤                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2020-9488       │ LOW      │                   │ 2.12.3, 2.13.2                 │ log4j: improper validation of certificate with host mismatch │
│                                                  │                     │          │                   │                                │ in SMTP appender                                             │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2020-9488                    │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┼───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ org.apache.commons:commons-compress              │ CVE-2021-35517      │ HIGH     │ 1.4.1             │ 1.21                           │ apache-commons-compress: excessive memory allocation when    │
│                                                  │                     │          │                   │                                │ reading a specially crafted TAR archive                      │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2021-35517                   │
│                                                  ├─────────────────────┤          │                   │                                ├──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2021-36090      │          │                   │                                │ apache-commons-compress: excessive memory allocation when    │
│                                                  │                     │          │                   │                                │ reading a specially crafted ZIP archive                      │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2021-36090                   │
├──────────────────────────────────────────────────┼─────────────────────┤          ├───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ org.apache.hadoop:hadoop-client                  │ CVE-2017-3162       │          │ 2.6.5             │ 2.7.0                          │ Improper Input Validation in Apache Hadoop                   │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2017-3162                    │
│                                                  ├─────────────────────┼──────────┤                   │                                ├──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2017-3161       │ MEDIUM   │                   │                                │ Improper Neutralization of Input During Web Page Generation  │
│                                                  │                     │          │                   │                                │ in Apache Hadoop                                             │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2017-3161                    │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┤                   │                                ├──────────────────────────────────────────────────────────────┤
│ org.apache.hadoop:hadoop-hdfs                    │ CVE-2017-3162       │ HIGH     │                   │                                │ Improper Input Validation in Apache Hadoop                   │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2017-3162                    │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2020-9492       │          │                   │ 2.10.1, 3.1.4, 3.2.2           │ hadoop: WebHDFS client might send SPNEGO authorization       │
│                                                  │                     │          │                   │                                │ header                                                       │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2020-9492                    │
│                                                  ├─────────────────────┼──────────┤                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2017-3161       │ MEDIUM   │                   │ 2.7.0                          │ Improper Neutralization of Input During Web Page Generation  │
│                                                  │                     │          │                   │                                │ in Apache Hadoop                                             │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2017-3161                    │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┤                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ org.apache.hadoop:hadoop-yarn-server-common      │ CVE-2021-33036      │ HIGH     │                   │ 2.10.2, 3.2.3, 3.3.2           │ hadoop: privilege escalation via yarn user                   │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2021-33036                   │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┼───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ org.apache.ivy:ivy                               │ CVE-2022-37865      │ CRITICAL │ 2.4.0             │ 2.5.1                          │ Directory Traversal                                          │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-37865                   │
│                                                  ├─────────────────────┼──────────┤                   │                                ├──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2022-37866      │ HIGH     │                   │                                │ Ivy Path traversal                                           │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-37866                   │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┼───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ org.apache.spark:spark-core_2.11                 │ CVE-2018-17190      │ CRITICAL │ 2.3.1             │                                │ Remote Code Execution in spark-core                          │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2018-17190                   │
│                                                  ├─────────────────────┼──────────┤                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2019-10099      │ HIGH     │                   │ 2.3.3                          │ Sensitive data written to disk unencrypted in Spark          │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2019-10099                   │
│                                                  ├─────────────────────┼──────────┤                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2018-11770      │ MEDIUM   │                   │                                │ spark: Missing authentication allows users to run driver     │
│                                                  │                     │          │                   │                                │ programs via the REST...                                     │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2018-11770                   │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┼───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ org.apache.tomcat.embed:tomcat-embed-core        │ CVE-2022-45143      │ HIGH     │ 9.0.46            │ 9.0.69                         │ JsonErrorReportValve injection                               │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-45143                   │
│                                                  ├─────────────────────┼──────────┤                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2021-43980      │ LOW      │                   │                                │ Information disclosure                                       │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2021-43980                   │
├──────────────────────────────────────────────────┤                     │          │                   ├────────────────────────────────┤                                                              │
│ org.apache.tomcat.embed:tomcat-embed-websocket   │                     │          │                   │                                │                                                              │
│                                                  │                     │          │                   │                                │                                                              │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┼───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ org.apache.zookeeper:zookeeper                   │ CVE-2017-5637       │ HIGH     │ 3.4.6             │ 3.4.10, 3.5.3                  │ zookeeper: Incorrect input validation with wchp/wchc four    │
│                                                  │                     │          │                   │                                │ letter words                                                 │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2017-5637                    │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2018-8012       │          │                   │ 3.4.10, 3.5.4                  │ zookeeper: No authentication or authorization is enforced    │
│                                                  │                     │          │                   │                                │ when a server joins a...                                     │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2018-8012                    │
│                                                  ├─────────────────────┼──────────┤                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2019-0201       │ MEDIUM   │                   │ 3.4.14, 3.5.5                  │ zookeeper: Information disclosure in Apache ZooKeeper        │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2019-0201                    │
├──────────────────────────────────────────────────┼─────────────────────┤          ├───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ org.bouncycastle:bcprov-jdk15on                  │ CVE-2020-15522      │          │ 1.52              │ 1.66                           │ bouncycastle: Timing issue within the EC math library        │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2020-15522                   │
├──────────────────────────────────────────────────┼─────────────────────┤          ├───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ org.glassfish:jakarta.el                         │ CVE-2021-28170      │          │ 3.0.3             │                                │ jakarta-el: ELParserTokenManager enables invalid EL          │
│                                                  │                     │          │                   │                                │ expressions to be evaluate                                   │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2021-28170                   │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┼───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ org.json:json                                    │ CVE-2022-45688      │ HIGH     │ 20180130          │ 20230227                       │ json stack overflow vulnerability                            │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-45688                   │
├──────────────────────────────────────────────────┼─────────────────────┤          ├───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ org.scala-lang:scala-compiler                    │ CVE-2017-15288      │          │ 2.11.0            │ 2.10.7, 2.11.12, 2.12.4        │ scala: Privilege escalation in Scala compilation daemon      │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2017-15288                   │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┼───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ org.springframework.boot:spring-boot-starter-web │ CVE-2022-22965      │ CRITICAL │ 2.3.12.RELEASE    │ 2.6.6, 2.5.12                  │ spring-framework: RCE via Data Binding on JDK 9+             │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-22965                   │
│                                                  ├─────────────────────┼──────────┤                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ GHSA-36p3-wjmg-h94x │ UNKNOWN  │                   │ 2.5.12, 2.6.6                  │ Improper Neutralization of Special Elements used in an OS    │
│                                                  │                     │          │                   │                                │ Command ('OS Command...                                      │
│                                                  │                     │          │                   │                                │ https://github.com/advisories/GHSA-36p3-wjmg-h94x            │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┼───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ org.springframework:spring-beans                 │ CVE-2022-22965      │ CRITICAL │ 5.2.15.RELEASE    │ 5.2.20.RELEASE, 5.3.18         │ spring-framework: RCE via Data Binding on JDK 9+             │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-22965                   │
│                                                  ├─────────────────────┼──────────┤                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ GHSA-36p3-wjmg-h94x │ UNKNOWN  │                   │ 5.2.20, 5.3.18                 │ Improper Neutralization of Special Elements used in an OS    │
│                                                  │                     │          │                   │                                │ Command ('OS Command...                                      │
│                                                  │                     │          │                   │                                │ https://github.com/advisories/GHSA-36p3-wjmg-h94x            │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┤                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ org.springframework:spring-core                  │ CVE-2021-22060      │ MEDIUM   │                   │ 5.3.14, 5.3.14                 │ springframework: Additional Log Injection in Spring          │
│                                                  │                     │          │                   │                                │ Framework (follow-up to CVE-2021-22096)                      │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2021-22060                   │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2021-22096      │          │                   │ 5.2.18, 5.3.11                 │ springframework: malicious input leads to insertion of       │
│                                                  │                     │          │                   │                                │ additional log entries                                       │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2021-22096                   │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2022-22950      │          │                   │ 5.2.20.RELEASE, 5.3.17         │ spring-expression: Denial of service via specially crafted   │
│                                                  │                     │          │                   │                                │ SpEL expression                                              │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-22950                   │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2022-22968      │          │                   │ 5.2.21, 5.3.19                 │ Spring Framework: Data Binding Rules Vulnerability           │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-22968                   │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2022-22970      │          │                   │ 5.2.22.RELEASE, 5.3.20         │ DoS via data binding to multipartFile or servlet part        │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-22970                   │
│                                                  ├─────────────────────┤          │                   │                                ├──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2022-22971      │          │                   │                                │ DoS with STOMP over WebSocket                                │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-22971                   │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2023-20861      │          │                   │ 5.3.26, 6.0.7, 5.2.23.RELEASE  │ Spring Expression DoS Vulnerability                          │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2023-20861                   │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2023-20863      │          │                   │ 5.3.27, 6.0.8, 5.2.24.RELEASE  │ Spring Expression DoS Vulnerability                          │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2023-20863                   │
│                                                  ├─────────────────────┼──────────┤                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ GHSA-36p3-wjmg-h94x │ UNKNOWN  │                   │ 5.2.20, 5.3.18                 │ Improper Neutralization of Special Elements used in an OS    │
│                                                  │                     │          │                   │                                │ Command ('OS Command...                                      │
│                                                  │                     │          │                   │                                │ https://github.com/advisories/GHSA-36p3-wjmg-h94x            │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┤                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ org.springframework:spring-expression            │ CVE-2022-22950      │ MEDIUM   │                   │ 5.2.20, 5.3.16                 │ spring-expression: Denial of service via specially crafted   │
│                                                  │                     │          │                   │                                │ SpEL expression                                              │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-22950                   │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┤                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ org.springframework:spring-web                   │ CVE-2016-1000027    │ CRITICAL │                   │ 6.0.0                          │ spring: HttpInvokerServiceExporter readRemoteInvocation      │
│                                                  │                     │          │                   │                                │ method untrusted java deserialization                        │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2016-1000027                 │
├──────────────────────────────────────────────────┼─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ org.springframework:spring-webmvc                │ CVE-2022-22965      │          │                   │ 5.2.20, 5.3.18                 │ spring-framework: RCE via Data Binding on JDK 9+             │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-22965                   │
│                                                  ├─────────────────────┼──────────┤                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2022-22950      │ MEDIUM   │                   │ 5.2.20.RELEASE, 5.3.17         │ spring-expression: Denial of service via specially crafted   │
│                                                  │                     │          │                   │                                │ SpEL expression                                              │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-22950                   │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┼───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ org.yaml:snakeyaml                               │ CVE-2022-1471       │ CRITICAL │ 1.26              │ 2.0                            │ Constructor Deserialization Remote Code Execution            │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-1471                    │
│                                                  ├─────────────────────┼──────────┤                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2022-25857      │ HIGH     │                   │ 1.31                           │ Denial of Service due to missing nested depth limitation for │
│                                                  │                     │          │                   │                                │ collections                                                  │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-25857                   │
│                                                  ├─────────────────────┼──────────┤                   │                                ├──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2022-38749      │ MEDIUM   │                   │                                │ Uncaught exception in                                        │
│                                                  │                     │          │                   │                                │ org.yaml.snakeyaml.composer.Composer.composeSequenceNode     │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-38749                   │
│                                                  ├─────────────────────┤          │                   │                                ├──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2022-38750      │          │                   │                                │ Uncaught exception in                                        │
│                                                  │                     │          │                   │                                │ org.yaml.snakeyaml.constructor.BaseConstructor.constructObj- │
│                                                  │                     │          │                   │                                │ ect                                                          │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-38750                   │
│                                                  ├─────────────────────┤          │                   │                                ├──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2022-38751      │          │                   │                                │ Uncaught exception in                                        │
│                                                  │                     │          │                   │                                │ java.base/java.util.regex.Pattern$Ques.match                 │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-38751                   │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2022-38752      │          │                   │ 1.32                           │ Uncaught exception in java.base/java.util.ArrayList.hashCode │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-38752                   │
│                                                  ├─────────────────────┤          │                   │                                ├──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2022-41854      │          │                   │                                │ DoS via stack overflow                                       │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-41854                   │
├──────────────────────────────────────────────────┼─────────────────────┼──────────┼───────────────────┼────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ xerces:xercesImpl                                │ CVE-2012-0881       │ HIGH     │ 2.9.1             │ 2.12.0                         │ xml: xerces-j2 hash table collisions CPU usage DoS           │
│                                                  │                     │          │                   │                                │ (oCERT-2011-003)                                             │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2012-0881                    │
│                                                  ├─────────────────────┤          │                   │                                ├──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2013-4002       │          │                   │                                │ Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP,      │
│                                                  │                     │          │                   │                                │ 8017298)                                                     │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2013-4002                    │
│                                                  ├─────────────────────┼──────────┤                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2009-2625       │ MEDIUM   │                   │ 2.10.0                         │ xerces-j2, JDK: XML parsing Denial-Of-Service (6845701)      │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2009-2625                    │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2020-14338      │          │                   │ 2.12.0.sp3                     │ wildfly: XML validation manipulation due to incomplete       │
│                                                  │                     │          │                   │                                │ application of use-grammar-pool-only in xercesImpl...        │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2020-14338                   │
│                                                  ├─────────────────────┤          │                   ├────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                                                  │ CVE-2022-23437      │          │                   │ 2.12.2                         │ xerces-j2: infinite loop when handling specially crafted XML │
│                                                  │                     │          │                   │                                │ document payloads                                            │
│                                                  │                     │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-23437                   │
└──────────────────────────────────────────────────┴─────────────────────┴──────────┴───────────────────┴────────────────────────────────┴──────────────────────────────────────────────────────────────┘

Operating System

macOS Ventura 13.3.1

Version

Version: dev
Vulnerability DB:
  Version: 2
  UpdatedAt: 2023-05-24 06:08:25.56543888 +0000 UTC
  NextUpdate: 2023-05-24 12:08:25.56543838 +0000 UTC
  DownloadedAt: 2023-05-24 07:13:33.791492 +0000 UTC
Java DB:
  Version: 1
  UpdatedAt: 2023-05-24 00:50:59.432036554 +0000 UTC
  NextUpdate: 2023-05-27 00:50:59.432036054 +0000 UTC
  DownloadedAt: 2023-05-24 04:34:13.285677 +0000 UTC
Policy Bundle:
  Digest: sha256:97988c6fc189faa28aa7fc2fc93fb2605c46d2f6ae4092a70e03697ba1d6e620
  DownloadedAt: 2023-05-18 12:18:20.145788 +0000 UTC

Checklist

Run trivy --reset
Read the troubleshooting

yinonsh-orca · 2023-05-24T08:21:52Z

yinonsh-orca
May 24, 2023
Author

4.0.0

org.springframework.boot
spring-boot-starter-parent
2.3.12.RELEASE

com.orca.example
com-orca-example-services
0.0.1-SNAPSHOT
war
com-orca-example-services
Demo project for Spring Boot

<properties>
	<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
	<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
	<java.version>1.8</java.version>
	<mockito.version>1.10.19</mockito.version>
	
	<yuicompressor-maven-plugin.version>1.5.1</yuicompressor-maven-plugin.version>
	<timestamp>${maven.build.timestamp}</timestamp>
	<maven.build.timestamp.format>yyyy-MM-dd HH:mm</maven.build.timestamp.format>
	<dependency.scope>compile</dependency.scope>
	<tomcat.dependency.scope>compile</tomcat.dependency.scope>
	<profile>LOCAL</profile>
	<log4j2.version>2.17.1</log4j2.version>
</properties>

<profiles>
	<profile>
		<id>server-profile</id>
		<properties>
			<war.name>com-orca-example-services</war.name>
			<war.display.name>com-orca-example-services</war.display.name>
			<packagingExcludes>${package.exclusions}</packagingExcludes>
			<dependency.scope>compile</dependency.scope>
			<tomcat.dependency.scope>provided</tomcat.dependency.scope>
			<package.exclusions> en/**,es/**, maintenance/**, errorpages/**,

				%regex[WEB-INF/lib/(?!.*boot.*\.jar).*],
				WEB-INF/classes/properties/cms_cd/**,
				WEB-INF/classes/cd*.*, WEB-INF/classes/cwd*.*,
				WEB-INF/classes/ehcache*.*, WEB-INF/classes/log*.xml,
				WEB-INF/classes/config/ApplicationResources.prop*,
				WEB-INF/classes/messages/*.properties,
				WEB-INF/classes/properties/*.properties,
				WEB-INF/classes/properties/environment.prop*,
				WEB-INF/classes/application.prop*
			</package.exclusions>
			<profile>SERVER</profile>
		</properties>
		<build>
			<plugins>
				<plugin>
	                <groupId>org.apache.maven.plugins</groupId>
	                <artifactId>maven-war-plugin</artifactId>
	                <configuration>
	                    <failOnMissingWebXml>false</failOnMissingWebXml>
	                    <archive>
	                        <manifest>
	                            <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
	                            <addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
	                        </manifest>
	                    </archive>
	                    <packagingExcludes>${package.exclusions}</packagingExcludes>
	                </configuration>
            	</plugin>
            	<plugin>
		    <groupId>org.apache.maven.plugins</groupId>
		    <artifactId>maven-dependency-plugin</artifactId>
		    <executions>
		        <execution>
		            <id>copy-dependencies</id>
		            <phase>prepare-package</phase>
		            <goals>
		                <goal>copy-dependencies</goal>
		            </goals>
		            <configuration>
		                <outputDirectory>${project.build.directory}/lib</outputDirectory>
		                <overWriteReleases>false</overWriteReleases>
		                <overWriteSnapshots>false</overWriteSnapshots>
		                <overWriteIfNewer>true</overWriteIfNewer>
						<includeScope>runtime</includeScope>
		                <excludeGroupIds>org.springframework.boot</excludeGroupIds>
		                <excludeTypes>war,ejb</excludeTypes>
		            </configuration>
        			</execution>
    			</executions>
			</plugin>
			</plugins>
			</build>
	</profile>
	<profile>
		<id>local-profile</id>
		<properties>
			<war.name>com-orca-example-services</war.name>
			<war.display.name>com-orca-example-services</war.display.name>
			<dependency.scope>compile</dependency.scope>
			<tomcat.dependency.scope>provided</tomcat.dependency.scope>
			<profile>LOCAL</profile>
		</properties>
		<activation>
 			<activeByDefault>true</activeByDefault>
		</activation>
	</profile>
</profiles>

 <dependencies>
 <dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-web</artifactId>
		<exclusions>
			<exclusion>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-starter-logging</artifactId>
			</exclusion>
	    </exclusions>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-data-jpa</artifactId>
		<exclusions>
        	<exclusion>
            	<groupId>org.springframework.boot</groupId>
            	<artifactId>spring-boot-starter-logging</artifactId>
        	</exclusion>
		</exclusions>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-log4j2</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-tomcat</artifactId>
		<scope>provided</scope>
		<exclusions>
        	<exclusion>
            	<groupId>org.springframework.boot</groupId>
            	<artifactId>spring-boot-starter-logging</artifactId>
        	</exclusion>
		</exclusions>
	</dependency>
	<dependency>
		<groupId>com.google.code.gson</groupId>
		<artifactId>gson</artifactId>
	</dependency>
	
	<!-- https://mvnrepository.com/artifact/org.json/json -->
	<dependency>
		<groupId>org.json</groupId>
		<artifactId>json</artifactId>
		<version>20180130</version>
	</dependency>
	<dependency>
		<groupId>com.microsoft.sqlserver</groupId>
		<artifactId>mssql-jdbc</artifactId>
		<exclusions>
			<exclusion>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-starter-logging</artifactId>
			</exclusion>
	    </exclusions>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-test</artifactId>
		<scope>test</scope>
		<exclusions>
			<exclusion>
				<groupId>com.vaadin.external.google</groupId>
				<artifactId>android-json</artifactId>
			</exclusion>
			<exclusion>
            	<groupId>org.springframework.boot</groupId>
            	<artifactId>spring-boot-starter-logging</artifactId>
        	</exclusion>
		</exclusions>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-jdbc</artifactId>
		<exclusions>
        	<exclusion>
            	<groupId>org.springframework.boot</groupId>
            	<artifactId>spring-boot-starter-logging</artifactId>
        	</exclusion>
		</exclusions>
	</dependency>
	<dependency>
		<groupId>com.oracle.ojdbc</groupId>
		<artifactId>ojdbc8</artifactId>
		<version>19.3.0.0</version>
	</dependency>   
	<!-- https://mvnrepository.com/artifact/com.oracle/ojdbc14 -->
	<!-- <dependency>
	    <groupId>com.oracle.jdbc</groupId>
		<artifactId>ojdbc7</artifactId>
		<version>12.1.0.2.0</version>
	</dependency> -->
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-configuration-processor</artifactId>
		<optional>true</optional>
	 	<exclusions>
        	<exclusion>
            	<groupId>org.springframework.boot</groupId>
            	<artifactId>spring-boot-starter-logging</artifactId>
        	</exclusion>
		</exclusions>
	</dependency>

	<dependency>
		<groupId>org.apache.spark</groupId>
		<artifactId>spark-sql_2.11</artifactId>
		<version>2.3.1</version>
		<exclusions>
		    <exclusion>
		        <groupId>org.slf4j</groupId>
		        <artifactId>slf4j-log4j12</artifactId>
		    </exclusion>
		</exclusions> 
	</dependency>
	<!-- For Swagger -->
	<dependency>
		<groupId>io.springfox</groupId>
		<artifactId>springfox-swagger2</artifactId>
		<version>2.8.0</version>
	</dependency>
	<dependency>
		<groupId>io.springfox</groupId>
		<artifactId>springfox-swagger-ui</artifactId>
		<version>2.8.0</version>
	</dependency>
	<!-- For Swagger -->
	<dependency>
	    <groupId>org.apache.tomcat</groupId>
	    <artifactId>tomcat-dbcp</artifactId>
	    <version>9.0.17</version>
	</dependency>
	
	 <dependency>
		<groupId>org.mockito</groupId>
		<artifactId>mockito-all</artifactId>
		<version>1.10.19</version>
		<scope>test</scope>
	</dependency>
	
	<dependency>
		<groupId>org.powermock</groupId>
		<artifactId>powermock-mockito-release-full</artifactId>
		<version>1.6.4</version>
		<type>pom</type>
		<scope>test</scope>
	</dependency>	
    <dependency>
		<groupId>org.junit.jupiter</groupId>
		<artifactId>junit-jupiter</artifactId>
		<version>5.6.2</version>
		<scope>test</scope>
	</dependency>

    <dependency>
        <groupId>org.junit.platform</groupId>
        <artifactId>junit-platform-runner</artifactId>
        <scope>test</scope>
    </dependency>
    
	<dependency>
		<groupId>org.apache.commons</groupId>
		<artifactId>commons-text</artifactId>
		<version>1.10.0</version>
	</dependency>
	<dependency>
	    <groupId>org.mockito</groupId>
	    <artifactId>mockito-junit-jupiter</artifactId>
	    <version>5.2.0</version>
	    <scope>test</scope>
	</dependency>
	
	<!-- Configcat changes Start -->
	<dependency>
		<groupId>io.lettuce</groupId>
		<artifactId>lettuce-core</artifactId>
		<version>6.1.8.RELEASE</version>
	</dependency>
	<!-- https://mvnrepository.com/artifact/org.springframework.data/spring-data-redis -->
	<dependency>
	    <groupId>org.springframework.data</groupId>
	    <artifactId>spring-data-redis</artifactId>
	    <version>2.6.3</version>
	</dependency>
	<dependency>
		<groupId>com.configcat</groupId>
		<artifactId>configcat-java-client</artifactId>
		<version>7.0.6</version>
	</dependency>

	<!-- Configcat changes End -->
	
</dependencies> 

<build>
	<finalName>com-orca-example-services</finalName>
	<sourceDirectory>src/main/java</sourceDirectory>
	<resources>
		<resource>
			<directory>src/main/java</directory>
			<includes>
				<include>**</include>
			</includes>
			<excludes>
				<exclude>**/*.java</exclude>
			</excludes>
		</resource>
		<resource>
			<directory>src/main/resources</directory>
			<includes>
				<include>**</include>
			</includes>
			<excludes>
				<exclude>**/*.java</exclude>
			</excludes>
		</resource>
	</resources>
	<outputDirectory>target/classes</outputDirectory>
	<testSourceDirectory>src/test/java</testSourceDirectory>
	<testResources>
		<testResource>
			<directory>src/test/java</directory>
			<includes>
				<include>**</include>
			</includes>
			<excludes>
				<exclude>**/*.java</exclude>
			</excludes>
		</testResource>
		<testResource>
			<directory>src/test</directory>
			<includes>
				<include>**</include>
			</includes>
			<excludes>
				<exclude>**/*.java</exclude>
			</excludes>
		</testResource>
	</testResources>
	<testOutputDirectory>target/test-classes</testOutputDirectory>
	<plugins>
		
		<plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-war-plugin</artifactId>
            <configuration>
                <failOnMissingWebXml>false</failOnMissingWebXml>
                <archive>
                    <manifest>
                        <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
                        <addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
                    </manifest>
                </archive>
                 <packagingExcludes>${package.exclusions}</packagingExcludes> 
            </configuration>
        </plugin>

		<plugin>
			<groupId>org.jacoco</groupId>
			<artifactId>jacoco-maven-plugin</artifactId>
			<version>0.8.5</version>
			<executions>
				<!--
					Prepares the property pointing to the JaCoCo runtime agent which
					is passed as VM argument when Maven the Surefire plugin is executed.
				-->
				<execution>
					<id>pre-unit-test</id>
					<goals>
						<goal>prepare-agent</goal>
					</goals>
					<configuration>
						<!-- Sets the path to the file which contains the execution data. -->
						<destFile>${basedir}/target/coverage-reports/jacoco-ut.exec</destFile>

						<!-- Sets the output directory for the code coverage report. -->
					</configuration>
				</execution>
				<execution>
					<!--
						Ensures that the code coverage report for unit tests is created after
						unit tests have been run.
   					-->
					<id>post-unit-test</id>
					<phase>test</phase>
					<goals>
						<goal>report</goal>
					</goals>
					<configuration>
						<!-- Sets the path to the file which contains the execution data. -->
						<dataFile>${basedir}/target/coverage-reports/jacoco-ut.exec</dataFile>
						<!-- Sets the output directory for the code coverage report. -->
						<!--<outputDirectory>${project.reporting.outputDirectory}/jacoco-ut</outputDirectory>-->
					</configuration>
				</execution>
				<!--
				   Prepares the property pointing to the JaCoCo runtime agent which
				   is passed as VM argument when Maven the Failsafe plugin is executed.
   				-->
				<execution>
					<id>pre-integration-test</id>
					<phase>pre-integration-test</phase>
					<goals>
						<goal>prepare-agent</goal>
					</goals>
					<configuration>
						<!-- Sets the path to the file which contains the execution data. -->
						<destFile>${basedir}/target/coverage-reports/jacoco-it.exec</destFile>
						<!--
                            Sets the name of the property containing the settings
                            for JaCoCo runtime agent.
                        -->
						<!--<propertyName>failsafeArgLine</propertyName>-->
					</configuration>
				</execution>
				<!--
                    Ensures that the code coverage report for integration tests after
                    integration tests have been run.
                -->
				<execution>
					<id>post-integration-test</id>
					<phase>post-integration-test</phase>
					<goals>
						<goal>report</goal>
					</goals>
					<configuration>
						<!-- Sets the path to the file which contains the execution data. -->
						<dataFile>${basedir}/target/coverage-reports/jacoco-it.exec</dataFile>
						<!-- Sets the output directory for the code coverage report. -->
						<outputDirectory>${project.reporting.outputDirectory}/jacoco-it</outputDirectory>
					</configuration>
				</execution>
			</executions>
		</plugin>
<!-- For running Unit Tests -->
		<plugin>
			<groupId>org.apache.maven.plugins</groupId>
			<artifactId>maven-surefire-plugin</artifactId>
			<version>3.0.0-M3</version>
			<configuration>
				<!-- <properties>
					<argLine>@{argLine} -XX:-UseSplitVerifier -Xmx128m</argLine>
				</properties> -->
				<reportsDirectory>${basedir}/target/surefire-reports/</reportsDirectory>
				<testFailureIgnore>false</testFailureIgnore>
				<skipTests>${skip.unit.tests}</skipTests>
				<parallel>classes</parallel>
				<threadCount>10</threadCount>
			</configuration>
			<dependencies>
                <dependency>
                <groupId>org.apache.maven.surefire</groupId>
                <artifactId>surefire-junit47</artifactId>
                <version>3.0.0-M3</version>
                </dependency>
            </dependencies>
		</plugin> 
		<!-- For running Integration Tests -->
		<plugin>
			<groupId>org.apache.maven.plugins</groupId>
			<artifactId>maven-failsafe-plugin</artifactId>
			<version>3.0.0-M5</version>
			<executions>
				<execution>
					<id>integration-test</id>
					<goals>
						<goal>integration-test</goal>
					</goals>
				</execution>
				<execution>
					<id>verify</id>
					<goals>
						<goal>verify</goal>
					</goals>
				</execution>
			</executions>
		</plugin>   		
	</plugins>
</build>

0 replies

yinonsh-orca · 2023-05-24T09:11:00Z

yinonsh-orca
May 24, 2023
Author

There's an open PR that seems to solve the issue, and make transitive dependencies looks much more accurate:

aquasecurity/go-dep-parser#205
cc @DmitriyLewen (author)

1 reply

knqyf263 Jun 1, 2023
Maintainer

merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Scanning of pom files leads to wrong transitive dependencies #4458

{{title}}

Replies: 2 comments 1 reply

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

Scanning of pom files leads to wrong transitive dependencies #4458

yinonsh-orca May 24, 2023

Description

Desired Behavior

Actual Behavior

Reproduction Steps

Target

Scanner

Output Format

Mode

Debug Output

Operating System

Version

Checklist

Replies: 2 comments · 1 reply

yinonsh-orca May 24, 2023 Author

yinonsh-orca May 24, 2023 Author

knqyf263 Jun 1, 2023 Maintainer

yinonsh-orca
May 24, 2023

Replies: 2 comments 1 reply

yinonsh-orca
May 24, 2023
Author

yinonsh-orca
May 24, 2023
Author

knqyf263 Jun 1, 2023
Maintainer