Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency Scan Vulnerabilities - Snyk #8

Open
23 tasks
sanjogpandasp opened this issue Mar 3, 2021 · 0 comments
Open
23 tasks

Dependency Scan Vulnerabilities - Snyk #8

sanjogpandasp opened this issue Mar 3, 2021 · 0 comments

Comments

@sanjogpandasp
Copy link

sanjogpandasp commented Mar 3, 2021
edited by ravisuhag

Below are the list of vulnerabilities reported by dependency scan.

Summary

Tested 195 dependencies for known issues, found 127 issues, 479 vulnerable paths.
image

Issues to fix by upgrading:

  • Upgrade ch.qos.logback:logback-classic@1.1.7 to ch.qos.logback:logback-classic@1.2.0 to fix
  • Upgrade com.flipkart.zjsonpatch:zjsonpatch@0.2.1 to com.flipkart.zjsonpatch:zjsonpatch@0.4.10 to fix
  • Upgrade com.github.tomakehurst:wiremock@2.3.1 to com.github.tomakehurst:wiremock@2.26.0 to fix
  • Upgrade com.google.guava:guava@27.0.1-jre to com.google.guava:guava@30.0-jre to fix
  • Upgrade com.squareup.retrofit2:converter-moshi@2.1.0 to com.squareup.retrofit2:converter-moshi@2.5.0 to fix
  • Upgrade com.thoughtworks.xstream:xstream@1.3.1 to com.thoughtworks.xstream:xstream@1.4.15 to fix
  • Upgrade io.grpc:grpc-core@1.18.0 to io.grpc:grpc-core@1.31.0 to fix
  • Upgrade io.grpc:grpc-netty@1.18.0 to io.grpc:grpc-netty@1.29.0 to fix
  • Upgrade io.grpc:grpc-okhttp@1.18.0 to io.grpc:grpc-okhttp@1.28.0 to fix
  • Upgrade io.jaegertracing:jaeger-thrift@1.0.0 to io.jaegertracing:jaeger-thrift@1.1.0 to fix
  • Upgrade junit:junit@4.12 to junit:junit@4.13.1 to fix
  • Upgrade kr.motd.maven:os-maven-plugin@1.2.3.Final to kr.motd.maven:os-maven-plugin@1.6.0 to fix
  • Upgrade org.apache.httpcomponents:httpclient@4.5.6 to org.apache.httpcomponents:httpclient@4.5.13 to fix
  • Upgrade org.apache.maven:maven-plugin-api@3.2.1 to org.apache.maven:maven-plugin-api@3.5.0 to fix
  • Upgrade org.eclipse.jetty:jetty-servlet@9.2.13.v20150730 to org.eclipse.jetty:jetty-servlet@9.3.24.v20180605 to fix
  • Upgrade org.eclipse.jetty:jetty-servlets@9.2.13.v20150730 to org.eclipse.jetty:jetty-servlets@9.3.24.v20180605 to fix
  • Upgrade org.eclipse.jetty:jetty-webapp@9.2.13.v20150730 to org.eclipse.jetty:jetty-webapp@9.4.33.v20201020 to fix
  • Upgrade org.elasticsearch:elasticsearch@6.3.1 to org.elasticsearch:elasticsearch@6.8.14 to fix
  • Upgrade org.elasticsearch:elasticsearch-x-content@6.3.1 to org.elasticsearch:elasticsearch-x-content@7.7.0 to fix
  • Upgrade org.influxdb:influxdb-java@2.5 to org.influxdb:influxdb-java@2.15 to fix
  • Upgrade org.mock-server:mockserver-core@3.10.5 to org.mock-server:mockserver-core@5.11.2 to fix
  • Upgrade org.mock-server:mockserver-netty@3.10.5 to org.mock-server:mockserver-netty@5.11.2 to fix
  • Upgrade org.postgresql:postgresql@9.4.1212 to org.postgresql:postgresql@42.2.13 to fix

A full list of issues is attached in the report below.
Reports attached.
scan report.zip

If there is an exact replica of this repo on source.golabs.io then I can help raising an MR to fix all of these dependencies also. That will help you review the same.
For some reason I am not able to in gitlab.
@ravisuhag ravisuhag added this to Pending in Roadmap 2021 H2 Apr 28, 2021
@ravisuhag ravisuhag removed this from Pending in Roadmap 2021 H2 Oct 7, 2021
@ravisuhag ravisuhag added this to To do in Roadmap 2022 H1 Jan 3, 2022
@ravisuhag ravisuhag removed this from To do in Roadmap 2022 H1 Mar 24, 2022
Meghajit pushed a commit to Meghajit/firehose that referenced this issue May 9, 2023
@lavkesh
Bq storage api (raystack#8)
e744184 
* chore: version bump

* chore: remove default addition of storage api
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sanjogpandasp