Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency org.apache.maven.plugins:maven-changes-plugin to v3 #305

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Update dependency org.apache.maven.plugins:maven-changes-plugin to v3

9030904
Select commit
Loading
Failed to load commit list.
Open

Update dependency org.apache.maven.plugins:maven-changes-plugin to v3 #305

Update dependency org.apache.maven.plugins:maven-changes-plugin to v3
9030904
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Jan 3, 2025 in 1m 29s

Security Report

25 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2024-25710

Path to dependency file: /modules/roadmap-router-service/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar

Dependency Hierarchy:

-> ❌ commons-compress-1.23.0.jar (Vulnerable Library)

High 8.1 commons-compress-1.23.0.jar Upgrade to version: org.apache.commons:commons-compress:1.26.0 #275
WS-2022-0468

Path to dependency file: /modules/roadmap-router-service/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.12.0/jackson-core-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.12.0/jackson-core-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.12.0/jackson-core-2.12.0.jar

Dependency Hierarchy:

-> logstash-logback-encoder-6.6.jar (Root Library)

   -> jackson-databind-2.12.0.jar

     -> ❌ jackson-core-2.12.0.jar (Vulnerable Library)

High 7.5 jackson-core-2.12.0.jar Upgrade to version: com.fasterxml.jackson.core:jackson-core:2.15.0 None
CVE-2024-7885

Path to dependency file: /modules/roadmap-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar

Dependency Hierarchy:

-> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library)

High 7.5 undertow-core-2.3.0.Alpha1.jar Upgrade to version: io.undertow:undertow-core:2.2.36.Final,2.3.17.Final None
CVE-2024-6162

Path to dependency file: /modules/roadmap-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar

Dependency Hierarchy:

-> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library)

High 7.5 undertow-core-2.3.0.Alpha1.jar Upgrade to version: io.undertow:undertow-core:2.3.14.Final None
CVE-2024-5971

Path to dependency file: /modules/roadmap-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar

Dependency Hierarchy:

-> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library)

High 7.5 undertow-core-2.3.0.Alpha1.jar None
CVE-2024-4109

Path to dependency file: /modules/roadmap-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar

Dependency Hierarchy:

-> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library)

High 7.5 undertow-core-2.3.0.Alpha1.jar None
CVE-2024-1635

Path to dependency file: /modules/roadmap-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar

Dependency Hierarchy:

-> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library)

High 7.5 undertow-core-2.3.0.Alpha1.jar Upgrade to version: io.undertow:undertow-core:2.3.12.Final None
CVE-2023-5685

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar

Dependency Hierarchy:

-> undertow-core-2.3.0.Alpha1.jar (Root Library)

   -> ❌ xnio-api-3.8.7.Final.jar (Vulnerable Library)

High 7.5 xnio-api-3.8.7.Final.jar Upgrade to version: org.jboss.xnio:xnio-api:3.8.14.Final #274
CVE-2023-1108

Path to dependency file: /modules/roadmap-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar

Dependency Hierarchy:

-> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library)

High 7.5 undertow-core-2.3.0.Alpha1.jar Upgrade to version: org.teiid:vdb-base-builder - 1.6.0;io.syndesis.server:server-runtime - 1.3.5,1.13.1;io.syndesis.meta:meta - 1.13.1,1.3.5,1.13.1 #227
CVE-2022-4492

Path to dependency file: /modules/roadmap-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar

Dependency Hierarchy:

-> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library)

High 7.5 undertow-core-2.3.0.Alpha1.jar Upgrade to version: io.undertow:undertow-core:2.2.24.Final,2.3.5.Final, io.undertow:undertow-examples:2.2.24.Final,2.3.5.Final, io.undertow:undertow-benchmarks:2.2.24.Final,2.3.5.Final #226
CVE-2022-42004

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar

Dependency Hierarchy:

-> logstash-logback-encoder-6.6.jar (Root Library)

   -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library)

High 7.5 jackson-databind-2.12.0.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.13.4 #219
CVE-2022-42003

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar

Dependency Hierarchy:

-> logstash-logback-encoder-6.6.jar (Root Library)

   -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library)

High 7.5 jackson-databind-2.12.0.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.7.1,2.13.4.1 #220
CVE-2022-1319

Path to dependency file: /modules/roadmap-commons/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar,/home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.3.0.Alpha1/undertow-core-2.3.0.Alpha1.jar

Dependency Hierarchy:

-> ❌ undertow-core-2.3.0.Alpha1.jar (Vulnerable Library)

High 7.5 undertow-core-2.3.0.Alpha1.jar Upgrade to version: io.undertow:undertow-core:2.2.18.Final,2.3.0.Final #231
CVE-2022-0084

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar,/home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar

Dependency Hierarchy:

-> undertow-core-2.3.0.Alpha1.jar (Root Library)

   -> ❌ xnio-api-3.8.7.Final.jar (Vulnerable Library)

High 7.5 xnio-api-3.8.7.Final.jar Upgrade to version: org.jboss.xnio:xnio-api:3.8.8.Final #212
CVE-2021-46877

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar

Dependency Hierarchy:

-> logstash-logback-encoder-6.6.jar (Root Library)

   -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library)

High 7.5 jackson-databind-2.12.0.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6,2.13.1 None
CVE-2020-36518

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar

Dependency Hierarchy:

-> logstash-logback-encoder-6.6.jar (Root Library)

   -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library)

High 7.5 jackson-databind-2.12.0.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6.1,2.13.2.1 #200
CVE-2023-6378

Path to dependency file: /modules/roadmap-router-service/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.4.8/logback-classic-1.4.8.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.4.8/logback-classic-1.4.8.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.4.8/logback-classic-1.4.8.jar

Dependency Hierarchy:

-> ❌ logback-classic-1.4.8.jar (Vulnerable Library)

High 7.1 logback-classic-1.4.8.jar Upgrade to version: ch.qos.logback:logback-classic:1.3.12,1.4.12 None
CVE-2024-12798

Path to dependency file: /modules/roadmap-router-service/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.4.8/logback-classic-1.4.8.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.4.8/logback-classic-1.4.8.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.4.8/logback-classic-1.4.8.jar

Dependency Hierarchy:

-> ❌ logback-classic-1.4.8.jar (Vulnerable Library)

Medium 6.6 logback-classic-1.4.8.jar Upgrade to version: ch.qos.logback:logback-core:1.5.13, ch.qos.logback:logback-classic:1.5.13 None
CVE-2024-12798

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.4.8/logback-core-1.4.8.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.4.8/logback-core-1.4.8.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.4.8/logback-core-1.4.8.jar

Dependency Hierarchy:

-> ❌ logback-core-1.4.8.jar (Vulnerable Library)

Medium 6.6 logback-core-1.4.8.jar Upgrade to version: ch.qos.logback:logback-core:1.5.13, ch.qos.logback:logback-classic:1.5.13 None
WS-2021-0616

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar

Dependency Hierarchy:

-> logstash-logback-encoder-6.6.jar (Root Library)

   -> ❌ jackson-databind-2.12.0.jar (Vulnerable Library)

Medium 5.9 jackson-databind-2.12.0.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6, 2.13.1; com.fasterxml.jackson.core:jackson-core:2.12.6, 2.13.1 None
WS-2021-0616

Path to dependency file: /modules/roadmap-router-service/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.12.0/jackson-core-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.12.0/jackson-core-2.12.0.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.12.0/jackson-core-2.12.0.jar

Dependency Hierarchy:

-> logstash-logback-encoder-6.6.jar (Root Library)

   -> jackson-databind-2.12.0.jar

     -> ❌ jackson-core-2.12.0.jar (Vulnerable Library)

Medium 5.9 jackson-core-2.12.0.jar Upgrade to version: com.fasterxml.jackson.core:jackson-databind:2.12.6, 2.13.1; com.fasterxml.jackson.core:jackson-core:2.12.6, 2.13.1 None
CVE-2024-26308

Path to dependency file: /modules/roadmap-router-service/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar

Dependency Hierarchy:

-> ❌ commons-compress-1.23.0.jar (Vulnerable Library)

Medium 5.5 commons-compress-1.23.0.jar Upgrade to version: org.apache.commons:commons-compress:1.26.0 #272
CVE-2023-42503

Path to dependency file: /modules/roadmap-router-service/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar,/home/wss-scanner/.m2/repository/org/apache/commons/commons-compress/1.23.0/commons-compress-1.23.0.jar

Dependency Hierarchy:

-> ❌ commons-compress-1.23.0.jar (Vulnerable Library)

Medium 5.5 commons-compress-1.23.0.jar Upgrade to version: org.apache.commons:commons-compress:1.24.0 #271
CVE-2023-2976

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/guava/guava/30.1.1-jre/guava-30.1.1-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/30.1.1-jre/guava-30.1.1-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/30.1.1-jre/guava-30.1.1-jre.jar

Dependency Hierarchy:

-> ❌ guava-30.1.1-jre.jar (Vulnerable Library)

Medium 5.5 guava-30.1.1-jre.jar Upgrade to version: com.google.guava:guava:32.0.1-android,32.0.1-jre #273
CVE-2024-12801

Path to dependency file: /modules/roadmap-all/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.4.8/logback-core-1.4.8.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.4.8/logback-core-1.4.8.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.4.8/logback-core-1.4.8.jar

Dependency Hierarchy:

-> ❌ logback-core-1.4.8.jar (Vulnerable Library)

Medium 4.4 logback-core-1.4.8.jar Upgrade to version: ch.qos.logback:logback-core:1.5.13 None

Base branch total remaining vulnerabilities: 0
Base branch commit: 4aeb0ef98df9663437b823e7139ba8458da43cdb


Total libraries scanned: 52

Scan token: 37c886f250bb4ccca0b6b04448f7a48f

View more details on Mend Bolt for GitHub