chore(deps): update github-actions #210

renovate · 2024-11-01T01:55:55Z

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	patch	`v4.2.1` -> `v4.2.2`
actions/setup-python	action	minor	`v5.2.0` -> `v5.3.0`
github/codeql-action	action	minor	`v2.26.12` -> `v2.27.4`
miracum/.github	action	patch	`v1.12.4` -> `v1.12.10`

Release Notes

actions/checkout (actions/checkout)

`v4.2.2`

Compare Source

url-helper.ts now leverages well-known environment variables by @jww3 in https://github.com/actions/checkout/pull/1941
Expand unit test coverage for isGhes by @jww3 in https://github.com/actions/checkout/pull/1946

actions/setup-python (actions/setup-python)

github/codeql-action (github/codeql-action)

`v2.27.4`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

2.27.4 - 14 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

`v2.27.3`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

2.27.3 - 12 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

`v2.27.2`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

2.27.2 - 12 Nov 2024

Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #2590

See the full CHANGELOG.md for more information.

`v2.27.1`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

2.27.1 - 08 Nov 2024

The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. #2573
Update default CodeQL bundle version to 2.19.3. #2576

See the full CHANGELOG.md for more information.

`v2.27.0`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

2.27.0 - 22 Oct 2024

Bump the minimum CodeQL bundle version to 2.14.6. #2549
Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. #2557
Update default CodeQL bundle version to 2.19.2. #2552

See the full CHANGELOG.md for more information.

`v2.26.13`

Compare Source

miracum/.github (miracum/.github)

`v1.12.10`

Compare Source

Miscellaneous Chores

deps: update oxsecurity/megalinter action to v8.2.0 (#96) (3a6d6e8)

`v1.12.9`

Compare Source

Miscellaneous Chores

deps: default to .net 9 (2dcefea)
deps: update all non-major dependencies (#93) (1853981)
deps: update gcr.io/distroless/python3-debian12:nonroot docker digest to 97c3cd0 (#92) (d3e9707)
deps: update github-actions (#94) (6b11456)

`v1.12.8`

Compare Source

Miscellaneous Chores

deps: update github-actions (#90) (0549971)

`v1.12.7`

Compare Source

Miscellaneous Chores

deps: trivy version update (fc8f379)

`v1.12.6`

Compare Source

Bug Fixes

use alt mirrors for trivy db (#89) (a609c55)

Miscellaneous Chores

deps: update gcr.io/distroless/python3-debian12:nonroot docker digest to e575731 (#85) (26fdadd)

`v1.12.5`

Compare Source

Miscellaneous Chores

deps: updated default java and .net version for codeql (#88) (1748b6a)

Configuration

📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2024-11-01T01:58:53Z

🦙 MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Errors	Elapsed time
✅ ACTION	actionlint	6	0	0.1s
✅ BASH	bash-exec	2	0	0.02s
✅ BASH	shellcheck	2	0	0.11s
✅ BASH	shfmt	2	0	0.01s
✅ DOCKERFILE	hadolint	2	0	0.19s
✅ EDITORCONFIG	editorconfig-checker	87	0	0.44s
✅ ENV	dotenv-linter	1	0	0.01s
✅ JSON	jsonlint	3	0	0.22s
✅ JSON	prettier	3	0	0.64s
✅ JSON	v8r	3	0	3.36s
⚠️ MARKDOWN	markdownlint	8	89	1.16s
⚠️ MARKDOWN	markdown-table-formatter	8	1	0.41s
✅ PYTHON	bandit	7	0	2.25s
✅ PYTHON	black	7	0	1.91s
✅ PYTHON	flake8	7	0	0.96s
✅ PYTHON	isort	7	0	0.53s
✅ PYTHON	mypy	7	0	3.3s
✅ PYTHON	pyright	7	0	7.3s
✅ PYTHON	ruff	7	0	0.02s
✅ REPOSITORY	checkov	yes	no	21.83s
✅ REPOSITORY	dustilock	yes	no	0.54s
✅ REPOSITORY	gitleaks	yes	no	2.91s
✅ REPOSITORY	git_diff	yes	no	0.05s
✅ REPOSITORY	grype	yes	no	16.91s
✅ REPOSITORY	kics	yes	no	44.09s
✅ REPOSITORY	secretlint	yes	no	1.06s
✅ REPOSITORY	syft	yes	no	2.3s
✅ REPOSITORY	trivy	yes	no	18.74s
✅ REPOSITORY	trivy-sbom	yes	no	0.2s
✅ REPOSITORY	trufflehog	yes	no	4.55s
✅ XML	xmllint	3	0	0.02s
✅ YAML	prettier	28	0	1.26s
✅ YAML	v8r	28	0	46.32s
✅ YAML	yamllint	28	0	1.2s

See detailed report in MegaLinter reports

You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.

Click here to request the new flavor

MegaLinter is graciously provided by

github-actions · 2024-11-18T10:55:46Z

Trivy image scan report

`ghcr.io/bzkf/onco-analytics-on-fhir/decompose-xmls:pr-210 (debian 12.7)`

8 known vulnerabilities found (CRITICAL: 2 HIGH: 2 MEDIUM: 2 LOW: 2)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`libexpat1`	CVE-2024-45491	CRITICAL	2.5.0-1	2.5.0-1+deb12u1
`libexpat1`	CVE-2024-45492	CRITICAL	2.5.0-1	2.5.0-1+deb12u1
`libexpat1`	CVE-2024-45490	HIGH	2.5.0-1	2.5.0-1+deb12u1
`libsqlite3-0`	CVE-2023-7104	HIGH	3.40.1-2	3.40.1-2+deb12u1
`libssl3`	CVE-2024-5535	MEDIUM	3.0.14-1~deb12u2	3.0.15-1~deb12u1
`libssl3`	CVE-2024-9143	LOW	3.0.14-1~deb12u2	3.0.15-1~deb12u1
`openssl`	CVE-2024-5535	MEDIUM	3.0.14-1~deb12u2	3.0.15-1~deb12u1
`openssl`	CVE-2024-9143	LOW	3.0.14-1~deb12u2	3.0.15-1~deb12u1

No Misconfigurations found

`Python`

No Vulnerabilities found

No Misconfigurations found

github-actions · 2024-11-18T10:58:49Z

Trivy image scan report

`ghcr.io/bzkf/onco-analytics-on-fhir/obds-fhir-to-opal:pr-210 (debian 12.5)`

53 known vulnerabilities found (CRITICAL: 4 HIGH: 21 MEDIUM: 24 LOW: 4)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`bsdutils`	CVE-2024-28085	HIGH	1:2.38.1-5+b1	2.38.1-5+deb12u1
`libblkid1`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1
`libc-bin`	CVE-2024-2961	HIGH	2.36-9+deb12u4	2.36-9+deb12u6
`libc-bin`	CVE-2024-33599	HIGH	2.36-9+deb12u4	2.36-9+deb12u7
`libc-bin`	CVE-2024-33600	MEDIUM	2.36-9+deb12u4	2.36-9+deb12u7
`libc-bin`	CVE-2024-33601	MEDIUM	2.36-9+deb12u4	2.36-9+deb12u7
`libc-bin`	CVE-2024-33602	MEDIUM	2.36-9+deb12u4	2.36-9+deb12u7
`libc6`	CVE-2024-2961	HIGH	2.36-9+deb12u4	2.36-9+deb12u6
`libc6`	CVE-2024-33599	HIGH	2.36-9+deb12u4	2.36-9+deb12u7
`libc6`	CVE-2024-33600	MEDIUM	2.36-9+deb12u4	2.36-9+deb12u7
`libc6`	CVE-2024-33601	MEDIUM	2.36-9+deb12u4	2.36-9+deb12u7
`libc6`	CVE-2024-33602	MEDIUM	2.36-9+deb12u4	2.36-9+deb12u7
`libgnutls30`	CVE-2024-28834	MEDIUM	3.7.9-2+deb12u2	3.7.9-2+deb12u3
`libgnutls30`	CVE-2024-28835	MEDIUM	3.7.9-2+deb12u2	3.7.9-2+deb12u3
`libgssapi-krb5-2`	CVE-2024-37371	CRITICAL	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libgssapi-krb5-2`	CVE-2024-37370	HIGH	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libk5crypto3`	CVE-2024-37371	CRITICAL	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libk5crypto3`	CVE-2024-37370	HIGH	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libkrb5-3`	CVE-2024-37371	CRITICAL	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libkrb5-3`	CVE-2024-37370	HIGH	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libkrb5support0`	CVE-2024-37371	CRITICAL	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libkrb5support0`	CVE-2024-37370	HIGH	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libmount1`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1
`libsmartcols1`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1
`libsqlite3-0`	CVE-2023-7104	HIGH	3.40.1-2	3.40.1-2+deb12u1
`libssl3`	CVE-2023-5678	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`libssl3`	CVE-2023-6129	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`libssl3`	CVE-2023-6237	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`libssl3`	CVE-2024-0727	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`libssl3`	CVE-2024-4603	MEDIUM	3.0.11-1~deb12u2	3.0.14-1~deb12u1
`libssl3`	CVE-2024-4741	MEDIUM	3.0.11-1~deb12u2	3.0.14-1~deb12u1
`libssl3`	CVE-2024-5535	MEDIUM	3.0.11-1~deb12u2	3.0.15-1~deb12u1
`libssl3`	CVE-2024-6119	MEDIUM	3.0.11-1~deb12u2	3.0.14-1~deb12u2
`libssl3`	CVE-2024-2511	LOW	3.0.11-1~deb12u2	3.0.14-1~deb12u1
`libssl3`	CVE-2024-9143	LOW	3.0.11-1~deb12u2	3.0.15-1~deb12u1
`libsystemd0`	CVE-2023-50387	HIGH	252.22-1~deb12u1	252.23-1~deb12u1
`libsystemd0`	CVE-2023-50868	HIGH	252.22-1~deb12u1	252.23-1~deb12u1
`libudev1`	CVE-2023-50387	HIGH	252.22-1~deb12u1	252.23-1~deb12u1
`libudev1`	CVE-2023-50868	HIGH	252.22-1~deb12u1	252.23-1~deb12u1
`libuuid1`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1
`mount`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1
`openssl`	CVE-2023-5678	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`openssl`	CVE-2023-6129	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`openssl`	CVE-2023-6237	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`openssl`	CVE-2024-0727	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`openssl`	CVE-2024-4603	MEDIUM	3.0.11-1~deb12u2	3.0.14-1~deb12u1
`openssl`	CVE-2024-4741	MEDIUM	3.0.11-1~deb12u2	3.0.14-1~deb12u1
`openssl`	CVE-2024-5535	MEDIUM	3.0.11-1~deb12u2	3.0.15-1~deb12u1
`openssl`	CVE-2024-6119	MEDIUM	3.0.11-1~deb12u2	3.0.14-1~deb12u2
`openssl`	CVE-2024-2511	LOW	3.0.11-1~deb12u2	3.0.14-1~deb12u1
`openssl`	CVE-2024-9143	LOW	3.0.11-1~deb12u2	3.0.15-1~deb12u1
`util-linux`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1
`util-linux-extra`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1

No Misconfigurations found

`Java`

290 known vulnerabilities found (CRITICAL: 22 HIGH: 151 MEDIUM: 90 LOW: 27)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-45294	HIGH	5.6.971	6.3.23
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-45294	HIGH	5.6.971	6.3.23
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-45294	HIGH	5.6.971	6.3.23
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-51132	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-51132	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-51132	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-52007	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-52007	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-52007	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-45294	HIGH	5.6.971	6.3.23
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-45294	HIGH	5.6.971	6.3.23
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-45294	HIGH	5.6.971	6.3.23
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-51132	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-51132	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-51132	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-52007	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-52007	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-52007	HIGH	5.6.971	6.4.0
`ch.qos.logback:logback-classic`	CVE-2023-6378	HIGH	1.2.11	1.3.12, 1.4.12, 1.2.13
`ch.qos.logback:logback-classic`	CVE-2023-6378	HIGH	1.2.11	1.3.12, 1.4.12, 1.2.13
`ch.qos.logback:logback-core`	CVE-2023-6378	HIGH	1.2.11	1.3.12, 1.4.12, 1.2.13
`ch.qos.logback:logback-core`	CVE-2023-6378	HIGH	1.2.11	1.3.12, 1.4.12, 1.2.13
`com.amazonaws:aws-java-sdk-s3`	CVE-2022-31159	HIGH	1.11.1026	1.12.261
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36518	HIGH	2.11.4	2.13.2.1, 2.12.6.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2021-46877	HIGH	2.11.4	2.12.6, 2.13.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42003	HIGH	2.11.4	2.12.7.1, 2.13.4.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42004	HIGH	2.11.4	2.12.7.1, 2.13.4
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36518	HIGH	2.13.0	2.13.2.1, 2.12.6.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36518	HIGH	2.13.0	2.13.2.1, 2.12.6.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36518	HIGH	2.13.0	2.13.2.1, 2.12.6.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2021-46877	HIGH	2.13.0	2.12.6, 2.13.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2021-46877	HIGH	2.13.0	2.12.6, 2.13.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2021-46877	HIGH	2.13.0	2.12.6, 2.13.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42003	HIGH	2.13.0	2.12.7.1, 2.13.4.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42003	HIGH	2.13.0	2.12.7.1, 2.13.4.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42003	HIGH	2.13.0	2.12.7.1, 2.13.4.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42004	HIGH	2.13.0	2.12.7.1, 2.13.4
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42004	HIGH	2.13.0	2.12.7.1, 2.13.4
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42004	HIGH	2.13.0	2.12.7.1, 2.13.4
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42003	HIGH	2.13.4	2.12.7.1, 2.13.4.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2017-17485	CRITICAL	2.6.7.4	2.9.4, 2.8.11, 2.7.9.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2018-11307	CRITICAL	2.6.7.4	2.7.9.4, 2.8.11.2, 2.9.6
`com.fasterxml.jackson.core:jackson-databind`	CVE-2018-14719	CRITICAL	2.6.7.4	2.9.7, 2.8.11.3, 2.7.9.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2018-7489	CRITICAL	2.6.7.4	2.8.11.1, 2.9.5, 2.7.9.3, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2019-14379	CRITICAL	2.6.7.4	2.9.9.2, 2.8.11.4, 2.7.9.6
`com.fasterxml.jackson.core:jackson-databind`	CVE-2019-17267	CRITICAL	2.6.7.4	2.9.10, 2.8.11.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-9547	CRITICAL	2.6.7.4	2.9.10.4, 2.8.11.6, 2.7.9.7
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-9548	CRITICAL	2.6.7.4	2.9.10.4, 2.8.11.6, 2.7.9.7
`com.fasterxml.jackson.core:jackson-databind`	CVE-2018-12022	HIGH	2.6.7.4	2.7.9.4, 2.8.11.2, 2.9.6
`com.fasterxml.jackson.core:jackson-databind`	CVE-2018-5968	HIGH	2.6.7.4	2.8.11.1, 2.9.4, 2.7.9.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-10650	HIGH	2.6.7.4	2.9.10.4
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-24616	HIGH	2.6.7.4	2.9.10.6
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-24750	HIGH	2.6.7.4	2.6.7.5, 2.9.10.6
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-35490	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-35491	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-35728	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36179	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36180	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36181	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36182	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36183	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36184	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36185	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36186	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36187	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36188	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36189	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36518	HIGH	2.6.7.4	2.13.2.1, 2.12.6.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2021-20190	HIGH	2.6.7.4	2.9.10.7, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42003	HIGH	2.6.7.4	2.12.7.1, 2.13.4.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42004	HIGH	2.6.7.4	2.12.7.1, 2.13.4
`com.fasterxml.woodstox:woodstox-core`	CVE-2022-40152	MEDIUM	5.3.0	6.4.0, 5.4.0
`com.fasterxml.woodstox:woodstox-core`	CVE-2022-40152	MEDIUM	5.3.0	6.4.0, 5.4.0
`com.fasterxml.woodstox:woodstox-core`	CVE-2022-40152	MEDIUM	5.3.0	6.4.0, 5.4.0
`com.google.code.gson:gson`	CVE-2022-25647	HIGH	2.2.4	2.8.9
`com.google.code.gson:gson`	CVE-2022-25647	HIGH	2.8.6	2.8.9
`com.google.guava:guava`	CVE-2018-10237	MEDIUM	14.0.1	24.1.1-android
`com.google.guava:guava`	CVE-2018-10237	MEDIUM	14.0.1	24.1.1-android
`com.google.guava:guava`	CVE-2018-10237	MEDIUM	14.0.1	24.1.1-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	14.0.1	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	14.0.1	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	14.0.1	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	14.0.1	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	14.0.1	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	14.0.1	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	31.0.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	31.0.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	31.0.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	31.0.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	31.0.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	31.0.1-jre	32.0.0-android
`com.google.protobuf:protobuf-java`	CVE-2021-22569	HIGH	2.5.0	3.16.1, 3.18.2, 3.19.2
`com.google.protobuf:protobuf-java`	CVE-2021-22570	HIGH	2.5.0	3.15.0
`com.google.protobuf:protobuf-java`	CVE-2022-3509	HIGH	2.5.0	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3510	HIGH	2.5.0	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2024-7254	HIGH	2.5.0	3.25.5, 4.27.5, 4.28.2
`com.google.protobuf:protobuf-java`	CVE-2022-3171	MEDIUM	2.5.0	3.21.7, 3.20.3, 3.19.6, 3.16.3
`com.google.protobuf:protobuf-java`	CVE-2021-22569	HIGH	3.3.0	3.16.1, 3.18.2, 3.19.2
`com.google.protobuf:protobuf-java`	CVE-2021-22570	HIGH	3.3.0	3.15.0
`com.google.protobuf:protobuf-java`	CVE-2022-3509	HIGH	3.3.0	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3510	HIGH	3.3.0	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2024-7254	HIGH	3.3.0	3.25.5, 4.27.5, 4.28.2
`com.google.protobuf:protobuf-java`	CVE-2022-3171	MEDIUM	3.3.0	3.21.7, 3.20.3, 3.19.6, 3.16.3
`com.google.protobuf:protobuf-java`	CVE-2021-22569	HIGH	3.7.1	3.16.1, 3.18.2, 3.19.2
`com.google.protobuf:protobuf-java`	CVE-2021-22569	HIGH	3.7.1	3.16.1, 3.18.2, 3.19.2
`com.google.protobuf:protobuf-java`	CVE-2021-22569	HIGH	3.7.1	3.16.1, 3.18.2, 3.19.2
`com.google.protobuf:protobuf-java`	CVE-2021-22570	HIGH	3.7.1	3.15.0
`com.google.protobuf:protobuf-java`	CVE-2021-22570	HIGH	3.7.1	3.15.0
`com.google.protobuf:protobuf-java`	CVE-2021-22570	HIGH	3.7.1	3.15.0
`com.google.protobuf:protobuf-java`	CVE-2022-3509	HIGH	3.7.1	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3509	HIGH	3.7.1	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3509	HIGH	3.7.1	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3510	HIGH	3.7.1	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3510	HIGH	3.7.1	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3510	HIGH	3.7.1	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2024-7254	HIGH	3.7.1	3.25.5, 4.27.5, 4.28.2
`com.google.protobuf:protobuf-java`	CVE-2024-7254	HIGH	3.7.1	3.25.5, 4.27.5, 4.28.2
`com.google.protobuf:protobuf-java`	CVE-2024-7254	HIGH	3.7.1	3.25.5, 4.27.5, 4.28.2
`com.google.protobuf:protobuf-java`	CVE-2022-3171	MEDIUM	3.7.1	3.21.7, 3.20.3, 3.19.6, 3.16.3
`com.google.protobuf:protobuf-java`	CVE-2022-3171	MEDIUM	3.7.1	3.21.7, 3.20.3, 3.19.6, 3.16.3
`com.google.protobuf:protobuf-java`	CVE-2022-3171	MEDIUM	3.7.1	3.21.7, 3.20.3, 3.19.6, 3.16.3
`com.nimbusds:nimbus-jose-jwt`	CVE-2023-52428	HIGH	9.8.1	9.37.2
`com.nimbusds:nimbus-jose-jwt`	CVE-2023-52428	HIGH	9.8.1	9.37.2
`com.nimbusds:nimbus-jose-jwt`	CVE-2023-52428	HIGH	9.8.1	9.37.2
`com.squareup.okio:okio`	CVE-2023-3635	MEDIUM	1.14.0	3.4.0, 1.17.6
`com.squareup.okio:okio`	CVE-2023-3635	MEDIUM	1.6.0	3.4.0, 1.17.6
`com.squareup.okio:okio`	CVE-2023-3635	MEDIUM	1.6.0	3.4.0, 1.17.6
`com.squareup.okio:okio`	CVE-2023-3635	MEDIUM	1.6.0	3.4.0, 1.17.6
`com.squareup.okio:okio-jvm`	CVE-2023-3635	MEDIUM	3.2.0	3.4.0
`com.squareup.okio:okio-jvm`	CVE-2023-3635	MEDIUM	3.2.0	3.4.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.11.0	2.14.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.11.0	2.14.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.11.0	2.14.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.11.0	2.14.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.8.0	2.14.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.8.0	2.14.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.8.0	2.14.0
`commons-net:commons-net`	CVE-2021-37533	MEDIUM	3.6	3.9.0
`commons-net:commons-net`	CVE-2021-37533	MEDIUM	3.6	3.9.0
`commons-net:commons-net`	CVE-2021-37533	MEDIUM	3.6	3.9.0
`dnsjava:dnsjava`	CVE-2024-25638	HIGH	2.1.7	3.6.0
`dnsjava:dnsjava`	CVE-2024-25638	HIGH	2.1.7	3.6.0
`dnsjava:dnsjava`	CVE-2024-25638	HIGH	2.1.7	3.6.0
`io.airlift:aircompressor`	CVE-2024-36114	HIGH	0.21	0.27
`io.netty:netty`	CVE-2019-20444	CRITICAL	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2019-20444	CRITICAL	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2015-2156	HIGH	3.7.0.Final	3.10.3.Final, 3.9.8.Final
`io.netty:netty`	CVE-2015-2156	HIGH	3.7.0.Final	3.10.3.Final, 3.9.8.Final
`io.netty:netty`	CVE-2021-37136	HIGH	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-37136	HIGH	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-37137	HIGH	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-37137	HIGH	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2014-0193	MEDIUM	3.7.0.Final	3.6.9.Final, 3.7.1.Final, 3.8.2.Final, 3.9.1.Final, 4.0.19.Final
`io.netty:netty`	CVE-2014-0193	MEDIUM	3.7.0.Final	3.6.9.Final, 3.7.1.Final, 3.8.2.Final, 3.9.1.Final, 4.0.19.Final
`io.netty:netty`	CVE-2019-20445	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2019-20445	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-21290	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-21290	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-21295	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-21295	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-21409	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-21409	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-43797	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-43797	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty-codec`	CVE-2021-37136	HIGH	4.1.61.Final	4.1.68.Final
`io.netty:netty-codec`	CVE-2021-37137	HIGH	4.1.61.Final	4.1.68.Final
`io.netty:netty-codec-http`	CVE-2021-43797	MEDIUM	4.1.61.Final	4.1.71.Final
`io.netty:netty-codec-http`	CVE-2022-24823	MEDIUM	4.1.61.Final	4.1.77.Final
`io.netty:netty-codec-http`	CVE-2024-29025	MEDIUM	4.1.61.Final	4.1.108.Final
`io.netty:netty-common`	CVE-2024-47535	HIGH	4.1.61.Final	4.1.115
`io.netty:netty-common`	CVE-2024-47535	HIGH	4.1.74.Final	4.1.115
`io.netty:netty-common`	CVE-2024-47535	HIGH	4.1.74.Final	4.1.115
`io.netty:netty-handler`	CVE-2023-34462	MEDIUM	4.1.61.Final	4.1.94.Final
`io.netty:netty-handler`	CVE-2023-34462	MEDIUM	4.1.74.Final	4.1.94.Final
`io.netty:netty-handler`	CVE-2023-34462	MEDIUM	4.1.74.Final	4.1.94.Final
`net.minidev:json-smart`	CVE-2021-31684	HIGH	1.3.2	1.3.3, 2.4.4
`net.minidev:json-smart`	CVE-2021-31684	HIGH	1.3.2	1.3.3, 2.4.4
`net.minidev:json-smart`	CVE-2021-31684	HIGH	1.3.2	1.3.3, 2.4.4
`net.minidev:json-smart`	CVE-2023-1370	HIGH	1.3.2	2.4.9
`net.minidev:json-smart`	CVE-2023-1370	HIGH	1.3.2	2.4.9
`net.minidev:json-smart`	CVE-2023-1370	HIGH	1.3.2	2.4.9
`org.apache.avro:avro`	CVE-2024-47561	CRITICAL	1.11.0	1.11.4
`org.apache.avro:avro`	CVE-2023-39410	HIGH	1.11.0	1.11.3
`org.apache.avro:avro`	CVE-2024-47561	CRITICAL	1.7.7	1.11.4
`org.apache.avro:avro`	CVE-2024-47561	CRITICAL	1.7.7	1.11.4
`org.apache.avro:avro`	CVE-2024-47561	CRITICAL	1.7.7	1.11.4
`org.apache.avro:avro`	CVE-2023-39410	HIGH	1.7.7	1.11.3
`org.apache.avro:avro`	CVE-2023-39410	HIGH	1.7.7	1.11.3
`org.apache.avro:avro`	CVE-2023-39410	HIGH	1.7.7	1.11.3
`org.apache.commons:commons-compress`	CVE-2024-25710	HIGH	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-25710	HIGH	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-25710	HIGH	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-25710	HIGH	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-26308	MEDIUM	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-26308	MEDIUM	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-26308	MEDIUM	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-26308	MEDIUM	1.21	1.26.0
`org.apache.commons:commons-configuration2`	CVE-2024-29131	MEDIUM	2.1.1	2.10.1
`org.apache.commons:commons-configuration2`	CVE-2024-29131	MEDIUM	2.1.1	2.10.1
`org.apache.commons:commons-configuration2`	CVE-2024-29131	MEDIUM	2.1.1	2.10.1
`org.apache.commons:commons-configuration2`	CVE-2024-29133	MEDIUM	2.1.1	2.10.1
`org.apache.commons:commons-configuration2`	CVE-2024-29133	MEDIUM	2.1.1	2.10.1
`org.apache.commons:commons-configuration2`	CVE-2024-29133	MEDIUM	2.1.1	2.10.1
`org.apache.derby:derby`	CVE-2022-46337	CRITICAL	10.14.2.0	10.14.3, 10.15.2.1, 10.16.1.2, 10.17.1.0
`org.apache.hadoop:hadoop-common`	CVE-2022-25168	CRITICAL	3.3.2	2.10.2, 3.2.4, 3.3.3
`org.apache.hadoop:hadoop-common`	CVE-2022-25168	CRITICAL	3.3.2	2.10.2, 3.2.4, 3.3.3
`org.apache.hadoop:hadoop-common`	CVE-2022-25168	CRITICAL	3.3.2	2.10.2, 3.2.4, 3.3.3
`org.apache.hadoop:hadoop-common`	CVE-2024-23454	LOW	3.3.2	3.4.0
`org.apache.hadoop:hadoop-common`	CVE-2024-23454	LOW	3.3.2	3.4.0
`org.apache.hadoop:hadoop-common`	CVE-2024-23454	LOW	3.3.2	3.4.0
`org.apache.ivy:ivy`	CVE-2022-46751	HIGH	2.5.1	2.5.2
`org.apache.mesos:mesos`	CVE-2018-1330	HIGH	1.4.3	1.6.0
`org.apache.thrift:libthrift`	CVE-2019-0205	HIGH	0.12.0	0.13.0
`org.apache.thrift:libthrift`	CVE-2020-13949	HIGH	0.12.0	0.14.0
`org.apache.zookeeper:zookeeper`	CVE-2023-44981	CRITICAL	3.4.8	3.7.2, 3.8.3, 3.9.1
`org.apache.zookeeper:zookeeper`	CVE-2023-44981	CRITICAL	3.4.8	3.7.2, 3.8.3, 3.9.1
`org.apache.zookeeper:zookeeper`	CVE-2017-5637	HIGH	3.4.8	3.4.10, 3.5.3
`org.apache.zookeeper:zookeeper`	CVE-2017-5637	HIGH	3.4.8	3.4.10, 3.5.3
`org.apache.zookeeper:zookeeper`	CVE-2018-8012	HIGH	3.4.8	3.4.10, 3.5.4-beta
`org.apache.zookeeper:zookeeper`	CVE-2018-8012	HIGH	3.4.8	3.4.10, 3.5.4-beta
`org.apache.zookeeper:zookeeper`	CVE-2019-0201	MEDIUM	3.4.8	3.4.14, 3.5.5
`org.apache.zookeeper:zookeeper`	CVE-2019-0201	MEDIUM	3.4.8	3.4.14, 3.5.5
`org.apache.zookeeper:zookeeper`	CVE-2023-44981	CRITICAL	3.6.2	3.7.2, 3.8.3, 3.9.1
`org.apache.zookeeper:zookeeper`	CVE-2023-44981	CRITICAL	3.6.2	3.7.2, 3.8.3, 3.9.1
`org.apache.zookeeper:zookeeper`	CVE-2024-23944	MEDIUM	3.6.2	3.8.4, 3.9.2
`org.apache.zookeeper:zookeeper`	CVE-2024-23944	MEDIUM	3.6.2	3.8.4, 3.9.2
`org.eclipse.jetty:jetty-http`	CVE-2023-40167	MEDIUM	9.4.43.v20210629	9.4.52, 10.0.16, 11.0.16, 12.0.1
`org.eclipse.jetty:jetty-http`	CVE-2023-40167	MEDIUM	9.4.43.v20210629	9.4.52, 10.0.16, 11.0.16, 12.0.1
`org.eclipse.jetty:jetty-http`	CVE-2023-40167	MEDIUM	9.4.43.v20210629	9.4.52, 10.0.16, 11.0.16, 12.0.1
`org.eclipse.jetty:jetty-http`	CVE-2024-6763	MEDIUM	9.4.43.v20210629	12.0.12
`org.eclipse.jetty:jetty-http`	CVE-2024-6763	MEDIUM	9.4.43.v20210629	12.0.12
`org.eclipse.jetty:jetty-http`	CVE-2024-6763	MEDIUM	9.4.43.v20210629	12.0.12
`org.eclipse.jetty:jetty-http`	CVE-2022-2047	LOW	9.4.43.v20210629	9.4.47, 10.0.10, 11.0.10
`org.eclipse.jetty:jetty-http`	CVE-2022-2047	LOW	9.4.43.v20210629	9.4.47, 10.0.10, 11.0.10
`org.eclipse.jetty:jetty-http`	CVE-2022-2047	LOW	9.4.43.v20210629	9.4.47, 10.0.10, 11.0.10
`org.eclipse.jetty:jetty-http`	CVE-2023-40167	MEDIUM	9.4.48.v20220622	9.4.52, 10.0.16, 11.0.16, 12.0.1
`org.eclipse.jetty:jetty-http`	CVE-2024-6763	MEDIUM	9.4.48.v20220622	12.0.12
`org.eclipse.jetty:jetty-server`	CVE-2023-26048	MEDIUM	9.4.48.v20220622	9.4.51.v20230217, 10.0.14, 11.0.14
`org.eclipse.jetty:jetty-server`	CVE-2024-8184	MEDIUM	9.4.48.v20220622	12.0.9, 10.0.24, 11.0.24, 9.4.56
`org.eclipse.jetty:jetty-server`	CVE-2023-26049	LOW	9.4.48.v20220622	9.4.51.v20230217, 10.0.14, 11.0.14, 12.0.0.beta0
`org.eclipse.jetty:jetty-servlets`	CVE-2024-9823	MEDIUM	9.4.48.v20220622	9.4.54, 10.0.18, 11.0.18
`org.eclipse.jetty:jetty-servlets`	CVE-2023-36479	LOW	9.4.48.v20220622	9.4.52, 10.0.16, 11.0.16
`org.eclipse.jetty:jetty-xml`	GHSA-58qw-p7qm-5rvh	LOW	9.4.43.v20210629	10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823
`org.eclipse.jetty:jetty-xml`	GHSA-58qw-p7qm-5rvh	LOW	9.4.43.v20210629	10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823
`org.eclipse.jetty:jetty-xml`	GHSA-58qw-p7qm-5rvh	LOW	9.4.43.v20210629	10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823
`org.hibernate.validator:hibernate-validator`	CVE-2020-10693	MEDIUM	6.0.13.Final	6.1.5.Final, 6.0.20.Final
`org.hibernate.validator:hibernate-validator`	CVE-2020-10693	MEDIUM	6.0.13.Final	6.1.5.Final, 6.0.20.Final
`org.hibernate.validator:hibernate-validator`	CVE-2020-10693	MEDIUM	6.0.13.Final	6.1.5.Final, 6.0.20.Final
`org.hibernate.validator:hibernate-validator`	CVE-2023-1932	MEDIUM	6.0.13.Final	6.2.0.Final
`org.hibernate.validator:hibernate-validator`	CVE-2023-1932	MEDIUM	6.0.13.Final	6.2.0.Final
`org.hibernate.validator:hibernate-validator`	CVE-2023-1932	MEDIUM	6.0.13.Final	6.2.0.Final
`org.infinispan.protostream:protostream`	CVE-2023-5236	MEDIUM	4.6.0.Final	4.6.2.Final
`org.infinispan.protostream:protostream`	CVE-2023-5236	MEDIUM	4.6.0.Final	4.6.2.Final
`org.infinispan.protostream:protostream`	CVE-2023-5236	MEDIUM	4.6.0.Final	4.6.2.Final
`org.infinispan:infinispan-commons`	CVE-2023-5384	LOW	14.0.5.Final	15.0.0.Dev07, 14.0.25.Final
`org.infinispan:infinispan-commons`	CVE-2023-5384	LOW	14.0.5.Final	15.0.0.Dev07, 14.0.25.Final
`org.infinispan:infinispan-commons`	CVE-2023-5384	LOW	14.0.5.Final	15.0.0.Dev07, 14.0.25.Final
`org.infinispan:infinispan-core`	CVE-2023-5384	LOW	14.0.5.Final	15.0.0.Dev07, 14.0.25.Final
`org.infinispan:infinispan-core`	CVE-2023-5384	LOW	14.0.5.Final	15.0.0.Dev07, 14.0.25.Final
`org.infinispan:infinispan-core`	CVE-2023-5384	LOW	14.0.5.Final	15.0.0.Dev07, 14.0.25.Final
`org.json:json`	CVE-2022-45688	HIGH	20220924	20230227
`org.json:json`	CVE-2022-45688	HIGH	20220924	20230227
`org.json:json`	CVE-2022-45688	HIGH	20220924	20230227
`org.json:json`	CVE-2023-5072	HIGH	20220924	20231013
`org.json:json`	CVE-2023-5072	HIGH	20220924	20231013
`org.json:json`	CVE-2023-5072	HIGH	20220924	20231013
`org.xerial.snappy:snappy-java`	CVE-2023-34455	HIGH	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34455	HIGH	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34455	HIGH	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-43642	HIGH	1.1.8.4	1.1.10.4
`org.xerial.snappy:snappy-java`	CVE-2023-43642	HIGH	1.1.8.4	1.1.10.4
`org.xerial.snappy:snappy-java`	CVE-2023-43642	HIGH	1.1.8.4	1.1.10.4
`org.xerial.snappy:snappy-java`	CVE-2023-34453	MEDIUM	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34453	MEDIUM	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34453	MEDIUM	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34454	MEDIUM	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34454	MEDIUM	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34454	MEDIUM	1.1.8.4	1.1.10.1
`org.yaml:snakeyaml`	CVE-2022-1471	HIGH	1.31	2.0
`org.yaml:snakeyaml`	CVE-2022-38752	MEDIUM	1.31	1.32
`org.yaml:snakeyaml`	CVE-2022-41854	MEDIUM	1.31	1.32
`software.amazon.ion:ion-java`	CVE-2024-21634	HIGH	1.0.2	1.10.5

No Misconfigurations found

`Python`

1 known vulnerabilities found (CRITICAL: 0 HIGH: 1 MEDIUM: 0 LOW: 0)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`setuptools`	CVE-2024-6345	HIGH	68.2.2	70.0.0

No Misconfigurations found

`opt/bitnami/java`

No Vulnerabilities found

No Misconfigurations found

`opt/bitnami/python`

12 known vulnerabilities found (CRITICAL: 0 HIGH: 7 MEDIUM: 5 LOW: 0)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`python`	CVE-2023-36632	HIGH	3.10.13-20	3.11.4
`python`	CVE-2023-6597	HIGH	3.10.13-20	3.12.3, 3.11.9, 3.10.14, 3.9.19, 3.8.19
`python`	CVE-2024-0397	HIGH	3.10.13-20	3.12.3, 3.11.9, 3.10.14, 3.9.20, 3.8.20
`python`	CVE-2024-4032	HIGH	3.10.13-20	3.12.4, 3.11.10, 3.10.15, 3.9.20, 3.8.20
`python`	CVE-2024-6232	HIGH	3.10.13-20	3.12.6, 3.11.10, 3.10.15, 3.9.20, 3.8.20
`python`	CVE-2024-7592	HIGH	3.10.13-20	3.12.6, 3.11.10, 3.10.15, 3.9.20, 3.8.20
`python`	CVE-2023-27043	MEDIUM	3.10.13-20	3.8.20, 3.12.6, 3.11.10, 3.10.15, 3.9.20
`python`	CVE-2024-0450	MEDIUM	3.10.13-20	3.12.3, 3.11.9, 3.10.14, 3.9.19, 3.8.19
`python`	CVE-2024-6923	MEDIUM	3.10.13-20	3.12.5, 3.11.10, 3.10.15, 3.9.20, 3.8.20
`python`	CVE-2024-8088	MEDIUM	3.10.13-20	3.12.6, 3.11.10, 3.10.15, 3.9.20, 3.8.20
`python`	CVE-2024-9287	MEDIUM	3.10.13-20	3.13.0
`setuptools`	CVE-2024-6345	HIGH	68.2.2	70.0.0

No Misconfigurations found

`opt/bitnami/spark`

No Vulnerabilities found

No Misconfigurations found

renovate bot force-pushed the renovate/github-actions branch 4 times, most recently from 6d05e26 to d5a43fc Compare November 14, 2024 18:46

renovate bot force-pushed the renovate/github-actions branch from d5a43fc to b691a01 Compare November 17, 2024 19:42

chore(deps): update github-actions

a68fd31

renovate bot force-pushed the renovate/github-actions branch from b691a01 to a68fd31 Compare November 18, 2024 10:55

chgl approved these changes Nov 19, 2024

View reviewed changes

chgl merged commit 1d6eb68 into master Nov 19, 2024
23 checks passed

miracum-bot mentioned this pull request Nov 19, 2024

chore: release 2.3.2 #215

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update github-actions #210

chore(deps): update github-actions #210

renovate bot commented Nov 1, 2024 •

edited

Loading

github-actions bot commented Nov 1, 2024 •

edited

Loading

github-actions bot commented Nov 18, 2024

github-actions bot commented Nov 18, 2024

chore(deps): update github-actions #210

chore(deps): update github-actions #210

Conversation

renovate bot commented Nov 1, 2024 • edited Loading

Release Notes

What's Changed

Bug Fixes:

Enhancements:

New Contributors

CodeQL Action Changelog

2.27.4 - 14 Nov 2024

CodeQL Action Changelog

2.27.3 - 12 Nov 2024

CodeQL Action Changelog

2.27.2 - 12 Nov 2024

CodeQL Action Changelog

2.27.1 - 08 Nov 2024

CodeQL Action Changelog

2.27.0 - 22 Oct 2024

Miscellaneous Chores

Miscellaneous Chores

Miscellaneous Chores

Miscellaneous Chores

Bug Fixes

Miscellaneous Chores

Miscellaneous Chores

Configuration

github-actions bot commented Nov 1, 2024 • edited Loading

🦙 MegaLinter status: ⚠️ WARNING

github-actions bot commented Nov 18, 2024

Trivy image scan report

ghcr.io/bzkf/onco-analytics-on-fhir/decompose-xmls:pr-210 (debian 12.7)

8 known vulnerabilities found (CRITICAL: 2 HIGH: 2 MEDIUM: 2 LOW: 2)

No Misconfigurations found

Python

No Vulnerabilities found

No Misconfigurations found

github-actions bot commented Nov 18, 2024

Trivy image scan report

ghcr.io/bzkf/onco-analytics-on-fhir/obds-fhir-to-opal:pr-210 (debian 12.5)

53 known vulnerabilities found (CRITICAL: 4 HIGH: 21 MEDIUM: 24 LOW: 4)

No Misconfigurations found

Java

290 known vulnerabilities found (CRITICAL: 22 HIGH: 151 MEDIUM: 90 LOW: 27)

No Misconfigurations found

Python

1 known vulnerabilities found (CRITICAL: 0 HIGH: 1 MEDIUM: 0 LOW: 0)

No Misconfigurations found

opt/bitnami/java

No Vulnerabilities found

No Misconfigurations found

opt/bitnami/python

12 known vulnerabilities found (CRITICAL: 0 HIGH: 7 MEDIUM: 5 LOW: 0)

No Misconfigurations found

opt/bitnami/spark

No Vulnerabilities found

No Misconfigurations found

renovate bot commented Nov 1, 2024 •

edited

Loading

github-actions bot commented Nov 1, 2024 •

edited

Loading

`ghcr.io/bzkf/onco-analytics-on-fhir/decompose-xmls:pr-210 (debian 12.7)`

`Python`

`ghcr.io/bzkf/onco-analytics-on-fhir/obds-fhir-to-opal:pr-210 (debian 12.5)`

`Java`

`Python`

`opt/bitnami/java`

`opt/bitnami/python`

`opt/bitnami/spark`