Open freedom1b2830 opened 1 year ago
useful tools: https://github.com/google/osv-scanner
mvn versions:display-dependency-updates mvn versions:display-plugin-updates
dependencies:
GHSA-269g-pwp5-87pp GHSA-cj7v-27pg-wf7q GHSA-26vr-8j45-3r4w
https://osv.dev/vulnerability/GHSA-269g-pwp5-87pp junit:junit 4.12 bt/bt-dht/the8472/mldht/pom.xml https://osv.dev/vulnerability/GHSA-cj7v-27pg-wf7q org.eclipse.jetty:jetty-http 8.2.0.v20160908 bt/bt-upnp/pom.xml https://osv.dev/vulnerability/GHSA-26vr-8j45-3r4w org.eclipse.jetty:jetty-io 8.2.0.v20160908 bt/bt-upnp/pom.xml
Other dependencies (there are new versions, there is no information about the vulnerability):
Be careful with jetty, it's hard to update it) https://www.eclipse.org/jetty/security_reports.php
Be careful with jetty, it's hard to update it)
all:
----------------< com.github.atomashpolskiy:bt-parent >----------------- com.google.guava:guava .......................... 30.1-jre -> 31.1-jre com.google.inject:guice ............................... 5.0.1 -> 5.1.0 com.google.jimfs:jimfs .................................... 1.1 -> 1.2 junit:junit ........................................... 4.12 -> 4.13.2 org.mockito:mockito-all ........................ 1.10.19 -> 2.0.2-beta org.slf4j:slf4j-api .................................. 1.7.32 -> 2.0.6 org.slf4j:slf4j-simple ............................... 1.7.32 -> 2.0.6 ---------------< com.github.atomashpolskiy:bt-bencoding >--------------- com.google.guava:guava .......................... 30.1-jre -> 31.1-jre com.google.inject:guice ............................... 5.0.1 -> 5.1.0 com.google.jimfs:jimfs .................................... 1.1 -> 1.2 junit:junit ........................................... 4.12 -> 4.13.2 org.mockito:mockito-all ........................ 1.10.19 -> 2.0.2-beta org.slf4j:slf4j-api .................................. 1.7.32 -> 2.0.6 org.slf4j:slf4j-simple ............................... 1.7.32 -> 2.0.6 org.yaml:snakeyaml ...................................... 1.17 -> 1.33 com.google.guava:guava .......................... 30.1-jre -> 31.1-jre junit:junit ........................................... 4.12 -> 4.13.2 org.mockito:mockito-all ........................ 1.10.19 -> 2.0.2-beta org.yaml:snakeyaml ...................................... 1.17 -> 1.33 -----------------< com.github.atomashpolskiy:bt-core >------------------ com.google.guava:guava .......................... 30.1-jre -> 31.1-jre com.google.inject:guice ............................... 5.0.1 -> 5.1.0 com.google.jimfs:jimfs .................................... 1.1 -> 1.2 junit:junit ........................................... 4.12 -> 4.13.2 org.mockito:mockito-all ........................ 1.10.19 -> 2.0.2-beta org.slf4j:slf4j-api .................................. 1.7.32 -> 2.0.6 org.slf4j:slf4j-simple ............................... 1.7.32 -> 2.0.6 com.google.inject:guice ............................... 5.0.1 -> 5.1.0 org.slf4j:slf4j-api .................................. 1.7.32 -> 2.0.6 ----------< com.github.atomashpolskiy:bt-http-tracker-client >---------- com.google.guava:guava .......................... 30.1-jre -> 31.1-jre com.google.inject:guice ............................... 5.0.1 -> 5.1.0 com.google.jimfs:jimfs .................................... 1.1 -> 1.2 junit:junit ........................................... 4.12 -> 4.13.2 org.apache.httpcomponents:httpclient ................ 4.5.13 -> 4.5.14 org.mockito:mockito-all ........................ 1.10.19 -> 2.0.2-beta org.slf4j:slf4j-api .................................. 1.7.32 -> 2.0.6 org.slf4j:slf4j-simple ............................... 1.7.32 -> 2.0.6 junit:junit ........................................... 4.12 -> 4.13.2 org.apache.httpcomponents:httpclient ................ 4.5.13 -> 4.5.14 org.mockito:mockito-all ........................ 1.10.19 -> 2.0.2-beta ------------------------< mldht.core:libmldht >------------------------- junit:junit ........................................... 4.12 -> 4.13.2 net.i2p.crypto:eddsa .................................. 0.2.0 -> 0.3.0 org.codehaus.plexus:plexus-compiler-eclipse ............ 2.5 -> 2.13.0 -----------------< com.github.atomashpolskiy:bt-tests >----------------- com.google.guava:guava .......................... 30.1-jre -> 31.1-jre com.google.inject:guice ............................... 5.0.1 -> 5.1.0 com.google.jimfs:jimfs .................................... 1.1 -> 1.2 junit:junit ........................................... 4.12 -> 4.13.2 org.mockito:mockito-all ........................ 1.10.19 -> 2.0.2-beta org.slf4j:slf4j-api .................................. 1.7.32 -> 2.0.6 org.slf4j:slf4j-simple ............................... 1.7.32 -> 2.0.6 com.google.jimfs:jimfs .................................... 1.1 -> 1.2 junit:junit ........................................... 4.12 -> 4.13.2 org.mockito:mockito-all ........................ 1.10.19 -> 2.0.2-beta org.slf4j:slf4j-simple ............................... 1.7.32 -> 2.0.6 --------------< com.github.atomashpolskiy:bt-dht-parent >--------------- com.google.guava:guava .......................... 30.1-jre -> 31.1-jre com.google.inject:guice ............................... 5.0.1 -> 5.1.0 com.google.jimfs:jimfs .................................... 1.1 -> 1.2 junit:junit ........................................... 4.12 -> 4.13.2 org.mockito:mockito-all ........................ 1.10.19 -> 2.0.2-beta org.slf4j:slf4j-api .................................. 1.7.32 -> 2.0.6 org.slf4j:slf4j-simple ............................... 1.7.32 -> 2.0.6 ------------------< com.github.atomashpolskiy:bt-dht >------------------ com.google.guava:guava .......................... 30.1-jre -> 31.1-jre com.google.inject:guice ............................... 5.0.1 -> 5.1.0 com.google.jimfs:jimfs .................................... 1.1 -> 1.2 junit:junit ........................................... 4.12 -> 4.13.2 org.mockito:mockito-all ........................ 1.10.19 -> 2.0.2-beta org.slf4j:slf4j-api .................................. 1.7.32 -> 2.0.6 org.slf4j:slf4j-simple ............................... 1.7.32 -> 2.0.6 -----------------< com.github.atomashpolskiy:bt-upnp >------------------ com.google.guava:guava .......................... 30.1-jre -> 31.1-jre com.google.inject:guice ............................... 5.0.1 -> 5.1.0 com.google.jimfs:jimfs .................................... 1.1 -> 1.2 junit:junit ........................................... 4.12 -> 4.13.2 org.mockito:mockito-all ........................ 1.10.19 -> 2.0.2-beta org.slf4j:slf4j-api .................................. 1.7.32 -> 2.0.6 org.slf4j:slf4j-simple ............................... 1.7.32 -> 2.0.6 org.eclipse.jetty:jetty-client ...... 8.2.0.v20160908 -> 12.0.0.alpha3 org.eclipse.jetty:jetty-http ........ 8.2.0.v20160908 -> 12.0.0.alpha3 org.eclipse.jetty:jetty-io .......... 8.2.0.v20160908 -> 12.0.0.alpha3 org.eclipse.jetty:jetty-servlet ........... 8.2.0.v20160908 -> 11.0.13 org.eclipse.jetty:jetty-util ........ 8.2.0.v20160908 -> 12.0.0.alpha3 ------------------< com.github.atomashpolskiy:bt-cli >------------------ com.google.guava:guava .......................... 30.1-jre -> 31.1-jre com.google.inject:guice ............................... 5.0.1 -> 5.1.0 com.google.jimfs:jimfs .................................... 1.1 -> 1.2 junit:junit ........................................... 4.12 -> 4.13.2 org.mockito:mockito-all ........................ 1.10.19 -> 2.0.2-beta org.slf4j:slf4j-api .................................. 1.7.32 -> 2.0.6 org.slf4j:slf4j-simple ............................... 1.7.32 -> 2.0.6 com.googlecode.lanterna:lanterna ............... 3.1.1 -> 3.2.0-alpha1 net.sf.jopt-simple:jopt-simple .................. 5.0.2 -> 6.0-alpha-3 org.apache.logging.log4j:log4j-core ................. 2.17.0 -> 2.19.0 org.apache.logging.log4j:log4j-slf4j-impl ........... 2.17.0 -> 2.19.0 org.slf4j:jul-to-slf4j ............................... 1.7.32 -> 2.0.6 -----------------< com.github.atomashpolskiy:examples >----------------- com.google.guava:guava .......................... 30.1-jre -> 31.1-jre com.google.inject:guice ............................... 5.0.1 -> 5.1.0 com.google.jimfs:jimfs .................................... 1.1 -> 1.2 junit:junit ........................................... 4.12 -> 4.13.2 org.mockito:mockito-all ........................ 1.10.19 -> 2.0.2-beta org.slf4j:slf4j-api .................................. 1.7.32 -> 2.0.6 org.slf4j:slf4j-simple ............................... 1.7.32 -> 2.0.6 com.google.jimfs:jimfs .................................... 1.1 -> 1.2 org.apache.logging.log4j:log4j-core ................. 2.17.0 -> 2.19.0 org.apache.logging.log4j:log4j-slf4j-impl ........... 2.17.0 -> 2.19.0 --------------< com.github.atomashpolskiy:jacoco-report >--------------- com.google.guava:guava .......................... 30.1-jre -> 31.1-jre com.google.inject:guice ............................... 5.0.1 -> 5.1.0 com.google.jimfs:jimfs .................................... 1.1 -> 1.2 junit:junit ........................................... 4.12 -> 4.13.2 org.mockito:mockito-all ........................ 1.10.19 -> 2.0.2-beta org.slf4j:slf4j-api .................................. 1.7.32 -> 2.0.6 org.slf4j:slf4j-simple ............................... 1.7.32 -> 2.0.6
summary info:
com.googlecode.lanterna:lanterna ............... 3.1.1 -> 3.2.0-alpha1 com.google.guava:guava .......................... 30.1-jre -> 31.1-jre com.google.inject:guice ............................... 5.0.1 -> 5.1.0 com.google.jimfs:jimfs .................................... 1.1 -> 1.2 junit:junit ........................................... 4.12 -> 4.13.2 net.i2p.crypto:eddsa .................................. 0.2.0 -> 0.3.0 net.sf.jopt-simple:jopt-simple .................. 5.0.2 -> 6.0-alpha-3 org.apache.httpcomponents:httpclient ................ 4.5.13 -> 4.5.14 org.apache.logging.log4j:log4j-core ................. 2.17.0 -> 2.19.0 org.apache.logging.log4j:log4j-slf4j-impl ........... 2.17.0 -> 2.19.0 org.codehaus.plexus:plexus-compiler-eclipse ............ 2.5 -> 2.13.0 org.eclipse.jetty:jetty-client ...... 8.2.0.v20160908 -> 12.0.0.alpha3 org.eclipse.jetty:jetty-http ........ 8.2.0.v20160908 -> 12.0.0.alpha3 org.eclipse.jetty:jetty-io .......... 8.2.0.v20160908 -> 12.0.0.alpha3 org.eclipse.jetty:jetty-servlet ........... 8.2.0.v20160908 -> 11.0.13 org.eclipse.jetty:jetty-util ........ 8.2.0.v20160908 -> 12.0.0.alpha3 org.mockito:mockito-all ........................ 1.10.19 -> 2.0.2-beta org.slf4j:jul-to-slf4j ............................... 1.7.32 -> 2.0.6 org.slf4j:slf4j-api .................................. 1.7.32 -> 2.0.6 org.slf4j:slf4j-simple ............................... 1.7.32 -> 2.0.6 org.yaml:snakeyaml ...................................... 1.17 -> 1.33
useful tools: https://github.com/google/osv-scanner
dependencies:
GHSA-269g-pwp5-87pp GHSA-cj7v-27pg-wf7q GHSA-26vr-8j45-3r4w
Other dependencies (there are new versions, there is no information about the vulnerability):
Be careful with jetty, it's hard to update it)https://www.eclipse.org/jetty/security_reports.phpall:
summary info: