search

bzkf / onco-analytics-on-fhir

Onco Analytics on FHIR
GNU Affero General Public License v3.0
6 stars 3 forks source link

chore(deps): update docker.io/obiba/opal:4.6 docker digest to ee627e8 #167

Open renovate[bot] opened 7 months ago

renovate[bot] commented 7 months ago

This PR contains the following updates:

Package Update Change
docker.io/obiba/opal digest 50abaa4 -> ee627e8

Configuration

📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR was generated by Mend Renovate. View the repository job log.

github-actions[bot] commented 7 months ago

🦙 MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
✅ ACTION actionlint 6 0 0.11s
✅ BASH bash-exec 2 0 0.01s
✅ BASH shellcheck 2 0 0.13s
✅ BASH shfmt 2 0 0.02s
✅ DOCKERFILE hadolint 2 0 0.19s
✅ EDITORCONFIG editorconfig-checker 87 0 0.48s
✅ ENV dotenv-linter 1 0 0.01s
✅ JSON jsonlint 3 0 0.21s
✅ JSON prettier 3 0 0.74s
✅ JSON v8r 3 0 3.38s
⚠️ MARKDOWN markdownlint 8 101 1.4s
⚠️ MARKDOWN markdown-table-formatter 8 1 0.5s
✅ PYTHON bandit 7 0 1.36s
✅ PYTHON black 7 0 1.07s
✅ PYTHON flake8 7 0 0.72s
✅ PYTHON isort 7 0 0.39s
✅ PYTHON mypy 7 0 2.52s
✅ PYTHON pyright 7 0 7.88s
✅ PYTHON ruff 7 0 0.04s
✅ REPOSITORY checkov yes no 23.09s
✅ REPOSITORY dustilock yes no 1.39s
✅ REPOSITORY gitleaks yes no 0.98s
✅ REPOSITORY git_diff yes no 0.02s
✅ REPOSITORY grype yes no 13.9s
✅ REPOSITORY kics yes no 41.57s
✅ REPOSITORY secretlint yes no 1.01s
✅ REPOSITORY syft yes no 0.32s
✅ REPOSITORY trivy yes no 11.47s
✅ REPOSITORY trivy-sbom yes no 1.14s
✅ REPOSITORY trufflehog yes no 5.68s
✅ XML xmllint 3 0 0.02s
✅ YAML prettier 28 0 1.37s
✅ YAML v8r 28 0 44.0s
✅ YAML yamllint 28 0 0.74s

See detailed report in MegaLinter reports

You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.

_MegaLinter is graciously provided by OX Security_

github-actions[bot] commented 1 month ago

Trivy image scan report

ghcr.io/bzkf/onco-analytics-on-fhir/obds-fhir-to-opal:pr-167 (debian 12.5)

48 known vulnerabilities found (HIGH: 20 MEDIUM: 22 LOW: 2 CRITICAL: 4)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
bsdutils CVE-2024-28085 HIGH 1:2.38.1-5+b1 2.38.1-5+deb12u1
libblkid1 CVE-2024-28085 HIGH 2.38.1-5+b1 2.38.1-5+deb12u1
libc-bin CVE-2024-2961 HIGH 2.36-9+deb12u4 2.36-9+deb12u6
libc-bin CVE-2024-33599 HIGH 2.36-9+deb12u4 2.36-9+deb12u7
libc-bin CVE-2024-33600 MEDIUM 2.36-9+deb12u4 2.36-9+deb12u7
libc-bin CVE-2024-33601 MEDIUM 2.36-9+deb12u4 2.36-9+deb12u7
libc-bin CVE-2024-33602 MEDIUM 2.36-9+deb12u4 2.36-9+deb12u7
libc6 CVE-2024-2961 HIGH 2.36-9+deb12u4 2.36-9+deb12u6
libc6 CVE-2024-33599 HIGH 2.36-9+deb12u4 2.36-9+deb12u7
libc6 CVE-2024-33600 MEDIUM 2.36-9+deb12u4 2.36-9+deb12u7
libc6 CVE-2024-33601 MEDIUM 2.36-9+deb12u4 2.36-9+deb12u7
libc6 CVE-2024-33602 MEDIUM 2.36-9+deb12u4 2.36-9+deb12u7
libgnutls30 CVE-2024-28834 MEDIUM 3.7.9-2+deb12u2 3.7.9-2+deb12u3
libgnutls30 CVE-2024-28835 MEDIUM 3.7.9-2+deb12u2 3.7.9-2+deb12u3
libgssapi-krb5-2 CVE-2024-37371 CRITICAL 1.20.1-2+deb12u1 1.20.1-2+deb12u2
libgssapi-krb5-2 CVE-2024-37370 HIGH 1.20.1-2+deb12u1 1.20.1-2+deb12u2
libk5crypto3 CVE-2024-37371 CRITICAL 1.20.1-2+deb12u1 1.20.1-2+deb12u2
libk5crypto3 CVE-2024-37370 HIGH 1.20.1-2+deb12u1 1.20.1-2+deb12u2
libkrb5-3 CVE-2024-37371 CRITICAL 1.20.1-2+deb12u1 1.20.1-2+deb12u2
libkrb5-3 CVE-2024-37370 HIGH 1.20.1-2+deb12u1 1.20.1-2+deb12u2
libkrb5support0 CVE-2024-37371 CRITICAL 1.20.1-2+deb12u1 1.20.1-2+deb12u2
libkrb5support0 CVE-2024-37370 HIGH 1.20.1-2+deb12u1 1.20.1-2+deb12u2
libmount1 CVE-2024-28085 HIGH 2.38.1-5+b1 2.38.1-5+deb12u1
libsmartcols1 CVE-2024-28085 HIGH 2.38.1-5+b1 2.38.1-5+deb12u1
libssl3 CVE-2023-5678 MEDIUM 3.0.11-1~deb12u2 3.0.13-1~deb12u1
libssl3 CVE-2023-6129 MEDIUM 3.0.11-1~deb12u2 3.0.13-1~deb12u1
libssl3 CVE-2023-6237 MEDIUM 3.0.11-1~deb12u2 3.0.13-1~deb12u1
libssl3 CVE-2024-0727 MEDIUM 3.0.11-1~deb12u2 3.0.13-1~deb12u1
libssl3 CVE-2024-4603 MEDIUM 3.0.11-1~deb12u2 3.0.14-1~deb12u1
libssl3 CVE-2024-4741 MEDIUM 3.0.11-1~deb12u2 3.0.14-1~deb12u1
libssl3 CVE-2024-6119 MEDIUM 3.0.11-1~deb12u2 3.0.14-1~deb12u2
libssl3 CVE-2024-2511 LOW 3.0.11-1~deb12u2 3.0.14-1~deb12u1
libsystemd0 CVE-2023-50387 HIGH 252.22-1~deb12u1 252.23-1~deb12u1
libsystemd0 CVE-2023-50868 HIGH 252.22-1~deb12u1 252.23-1~deb12u1
libudev1 CVE-2023-50387 HIGH 252.22-1~deb12u1 252.23-1~deb12u1
libudev1 CVE-2023-50868 HIGH 252.22-1~deb12u1 252.23-1~deb12u1
libuuid1 CVE-2024-28085 HIGH 2.38.1-5+b1 2.38.1-5+deb12u1
mount CVE-2024-28085 HIGH 2.38.1-5+b1 2.38.1-5+deb12u1
openssl CVE-2023-5678 MEDIUM 3.0.11-1~deb12u2 3.0.13-1~deb12u1
openssl CVE-2023-6129 MEDIUM 3.0.11-1~deb12u2 3.0.13-1~deb12u1
openssl CVE-2023-6237 MEDIUM 3.0.11-1~deb12u2 3.0.13-1~deb12u1
openssl CVE-2024-0727 MEDIUM 3.0.11-1~deb12u2 3.0.13-1~deb12u1
openssl CVE-2024-4603 MEDIUM 3.0.11-1~deb12u2 3.0.14-1~deb12u1
openssl CVE-2024-4741 MEDIUM 3.0.11-1~deb12u2 3.0.14-1~deb12u1
openssl CVE-2024-6119 MEDIUM 3.0.11-1~deb12u2 3.0.14-1~deb12u2
openssl CVE-2024-2511 LOW 3.0.11-1~deb12u2 3.0.14-1~deb12u1
util-linux CVE-2024-28085 HIGH 2.38.1-5+b1 2.38.1-5+deb12u1
util-linux-extra CVE-2024-28085 HIGH 2.38.1-5+b1 2.38.1-5+deb12u1

No Misconfigurations found

Java

255 known vulnerabilities found (CRITICAL: 18 HIGH: 126 MEDIUM: 84 LOW: 27)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
ca.uhn.hapi.fhir:org.hl7.fhir.r4 CVE-2024-45294 HIGH 5.6.971 6.3.23
ca.uhn.hapi.fhir:org.hl7.fhir.r4 CVE-2024-45294 HIGH 5.6.971 6.3.23
ca.uhn.hapi.fhir:org.hl7.fhir.r4 CVE-2024-45294 HIGH 5.6.971 6.3.23
ca.uhn.hapi.fhir:org.hl7.fhir.utilities CVE-2024-45294 HIGH 5.6.971 6.3.23
ca.uhn.hapi.fhir:org.hl7.fhir.utilities CVE-2024-45294 HIGH 5.6.971 6.3.23
ca.uhn.hapi.fhir:org.hl7.fhir.utilities CVE-2024-45294 HIGH 5.6.971 6.3.23
ch.qos.logback:logback-classic CVE-2023-6378 HIGH 1.2.11 1.3.12, 1.4.12, 1.2.13
ch.qos.logback:logback-classic CVE-2023-6378 HIGH 1.2.11 1.3.12, 1.4.12, 1.2.13
ch.qos.logback:logback-core CVE-2023-6378 HIGH 1.2.11 1.3.12, 1.4.12, 1.2.13
ch.qos.logback:logback-core CVE-2023-6378 HIGH 1.2.11 1.3.12, 1.4.12, 1.2.13
com.amazonaws:aws-java-sdk-s3 CVE-2022-31159 HIGH 1.11.1026 1.12.261
com.fasterxml.jackson.core:jackson-databind CVE-2020-36518 HIGH 2.11.4 2.13.2.1, 2.12.6.1
com.fasterxml.jackson.core:jackson-databind CVE-2021-46877 HIGH 2.11.4 2.12.6, 2.13.1
com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 HIGH 2.11.4 2.12.7.1, 2.13.4.2
com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 HIGH 2.11.4 2.12.7.1, 2.13.4
com.fasterxml.jackson.core:jackson-databind CVE-2020-36518 HIGH 2.13.0 2.13.2.1, 2.12.6.1
com.fasterxml.jackson.core:jackson-databind CVE-2020-36518 HIGH 2.13.0 2.13.2.1, 2.12.6.1
com.fasterxml.jackson.core:jackson-databind CVE-2020-36518 HIGH 2.13.0 2.13.2.1, 2.12.6.1
com.fasterxml.jackson.core:jackson-databind CVE-2021-46877 HIGH 2.13.0 2.12.6, 2.13.1
com.fasterxml.jackson.core:jackson-databind CVE-2021-46877 HIGH 2.13.0 2.12.6, 2.13.1
com.fasterxml.jackson.core:jackson-databind CVE-2021-46877 HIGH 2.13.0 2.12.6, 2.13.1
com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 HIGH 2.13.0 2.12.7.1, 2.13.4.2
com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 HIGH 2.13.0 2.12.7.1, 2.13.4.2
com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 HIGH 2.13.0 2.12.7.1, 2.13.4.2
com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 HIGH 2.13.0 2.12.7.1, 2.13.4
com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 HIGH 2.13.0 2.12.7.1, 2.13.4
com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 HIGH 2.13.0 2.12.7.1, 2.13.4
com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 HIGH 2.13.4 2.12.7.1, 2.13.4.2
com.fasterxml.jackson.core:jackson-databind CVE-2017-17485 CRITICAL 2.6.7.4 2.9.4, 2.8.11, 2.7.9.2
com.fasterxml.jackson.core:jackson-databind CVE-2018-11307 CRITICAL 2.6.7.4 2.7.9.4, 2.8.11.2, 2.9.6
com.fasterxml.jackson.core:jackson-databind CVE-2018-14719 CRITICAL 2.6.7.4 2.9.7, 2.8.11.3, 2.7.9.5
com.fasterxml.jackson.core:jackson-databind CVE-2018-7489 CRITICAL 2.6.7.4 2.8.11.1, 2.9.5, 2.7.9.3, 2.6.7.5
com.fasterxml.jackson.core:jackson-databind CVE-2019-14379 CRITICAL 2.6.7.4 2.9.9.2, 2.8.11.4, 2.7.9.6
com.fasterxml.jackson.core:jackson-databind CVE-2019-17267 CRITICAL 2.6.7.4 2.9.10, 2.8.11.5
com.fasterxml.jackson.core:jackson-databind CVE-2020-9547 CRITICAL 2.6.7.4 2.9.10.4, 2.8.11.6, 2.7.9.7
com.fasterxml.jackson.core:jackson-databind CVE-2020-9548 CRITICAL 2.6.7.4 2.9.10.4, 2.8.11.6, 2.7.9.7
com.fasterxml.jackson.core:jackson-databind CVE-2018-12022 HIGH 2.6.7.4 2.7.9.4, 2.8.11.2, 2.9.6
com.fasterxml.jackson.core:jackson-databind CVE-2018-5968 HIGH 2.6.7.4 2.8.11.1, 2.9.4, 2.7.9.5
com.fasterxml.jackson.core:jackson-databind CVE-2020-10650 HIGH 2.6.7.4 2.9.10.4
com.fasterxml.jackson.core:jackson-databind CVE-2020-24616 HIGH 2.6.7.4 2.9.10.6
com.fasterxml.jackson.core:jackson-databind CVE-2020-24750 HIGH 2.6.7.4 2.6.7.5, 2.9.10.6
com.fasterxml.jackson.core:jackson-databind CVE-2020-35490 HIGH 2.6.7.4 2.9.10.8
com.fasterxml.jackson.core:jackson-databind CVE-2020-35491 HIGH 2.6.7.4 2.9.10.8
com.fasterxml.jackson.core:jackson-databind CVE-2020-35728 HIGH 2.6.7.4 2.9.10.8
com.fasterxml.jackson.core:jackson-databind CVE-2020-36179 HIGH 2.6.7.4 2.9.10.8, 2.6.7.5
com.fasterxml.jackson.core:jackson-databind CVE-2020-36180 HIGH 2.6.7.4 2.9.10.8, 2.6.7.5
com.fasterxml.jackson.core:jackson-databind CVE-2020-36181 HIGH 2.6.7.4 2.9.10.8, 2.6.7.5
com.fasterxml.jackson.core:jackson-databind CVE-2020-36182 HIGH 2.6.7.4 2.9.10.8, 2.6.7.5
com.fasterxml.jackson.core:jackson-databind CVE-2020-36183 HIGH 2.6.7.4 2.9.10.8, 2.6.7.5
com.fasterxml.jackson.core:jackson-databind CVE-2020-36184 HIGH 2.6.7.4 2.9.10.8
com.fasterxml.jackson.core:jackson-databind CVE-2020-36185 HIGH 2.6.7.4 2.9.10.8
com.fasterxml.jackson.core:jackson-databind CVE-2020-36186 HIGH 2.6.7.4 2.9.10.8
com.fasterxml.jackson.core:jackson-databind CVE-2020-36187 HIGH 2.6.7.4 2.9.10.8
com.fasterxml.jackson.core:jackson-databind CVE-2020-36188 HIGH 2.6.7.4 2.9.10.8, 2.6.7.5
com.fasterxml.jackson.core:jackson-databind CVE-2020-36189 HIGH 2.6.7.4 2.9.10.8, 2.6.7.5
com.fasterxml.jackson.core:jackson-databind CVE-2020-36518 HIGH 2.6.7.4 2.13.2.1, 2.12.6.1
com.fasterxml.jackson.core:jackson-databind CVE-2021-20190 HIGH 2.6.7.4 2.9.10.7, 2.6.7.5
com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 HIGH 2.6.7.4 2.12.7.1, 2.13.4.2
com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 HIGH 2.6.7.4 2.12.7.1, 2.13.4
com.fasterxml.woodstox:woodstox-core CVE-2022-40152 MEDIUM 5.3.0 6.4.0, 5.4.0
com.fasterxml.woodstox:woodstox-core CVE-2022-40152 MEDIUM 5.3.0 6.4.0, 5.4.0
com.fasterxml.woodstox:woodstox-core CVE-2022-40152 MEDIUM 5.3.0 6.4.0, 5.4.0
com.google.code.gson:gson CVE-2022-25647 HIGH 2.2.4 2.8.9
com.google.code.gson:gson CVE-2022-25647 HIGH 2.8.6 2.8.9
com.google.guava:guava CVE-2018-10237 MEDIUM 14.0.1 24.1.1-android
com.google.guava:guava CVE-2018-10237 MEDIUM 14.0.1 24.1.1-android
com.google.guava:guava CVE-2018-10237 MEDIUM 14.0.1 24.1.1-android
com.google.guava:guava CVE-2023-2976 MEDIUM 14.0.1 32.0.0-android
com.google.guava:guava CVE-2023-2976 MEDIUM 14.0.1 32.0.0-android
com.google.guava:guava CVE-2023-2976 MEDIUM 14.0.1 32.0.0-android
com.google.guava:guava CVE-2020-8908 LOW 14.0.1 32.0.0-android
com.google.guava:guava CVE-2020-8908 LOW 14.0.1 32.0.0-android
com.google.guava:guava CVE-2020-8908 LOW 14.0.1 32.0.0-android
com.google.guava:guava CVE-2023-2976 MEDIUM 30.1.1-jre 32.0.0-android
com.google.guava:guava CVE-2023-2976 MEDIUM 30.1.1-jre 32.0.0-android
com.google.guava:guava CVE-2023-2976 MEDIUM 30.1.1-jre 32.0.0-android
com.google.guava:guava CVE-2023-2976 MEDIUM 30.1.1-jre 32.0.0-android
com.google.guava:guava CVE-2020-8908 LOW 30.1.1-jre 32.0.0-android
com.google.guava:guava CVE-2020-8908 LOW 30.1.1-jre 32.0.0-android
com.google.guava:guava CVE-2020-8908 LOW 30.1.1-jre 32.0.0-android
com.google.guava:guava CVE-2020-8908 LOW 30.1.1-jre 32.0.0-android
com.google.guava:guava CVE-2023-2976 MEDIUM 31.0.1-jre 32.0.0-android
com.google.guava:guava CVE-2023-2976 MEDIUM 31.0.1-jre 32.0.0-android
com.google.guava:guava CVE-2023-2976 MEDIUM 31.0.1-jre 32.0.0-android
com.google.guava:guava CVE-2020-8908 LOW 31.0.1-jre 32.0.0-android
com.google.guava:guava CVE-2020-8908 LOW 31.0.1-jre 32.0.0-android
com.google.guava:guava CVE-2020-8908 LOW 31.0.1-jre 32.0.0-android
com.google.protobuf:protobuf-java CVE-2021-22569 HIGH 2.5.0 3.16.1, 3.18.2, 3.19.2
com.google.protobuf:protobuf-java CVE-2021-22570 HIGH 2.5.0 3.15.0
com.google.protobuf:protobuf-java CVE-2022-3509 HIGH 2.5.0 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2022-3510 HIGH 2.5.0 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2024-7254 HIGH 2.5.0 3.25.5, 4.27.5, 4.28.2
com.google.protobuf:protobuf-java CVE-2022-3171 MEDIUM 2.5.0 3.21.7, 3.20.3, 3.19.6, 3.16.3
com.google.protobuf:protobuf-java CVE-2021-22569 HIGH 3.3.0 3.16.1, 3.18.2, 3.19.2
com.google.protobuf:protobuf-java CVE-2021-22570 HIGH 3.3.0 3.15.0
com.google.protobuf:protobuf-java CVE-2022-3509 HIGH 3.3.0 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2022-3510 HIGH 3.3.0 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2024-7254 HIGH 3.3.0 3.25.5, 4.27.5, 4.28.2
com.google.protobuf:protobuf-java CVE-2022-3171 MEDIUM 3.3.0 3.21.7, 3.20.3, 3.19.6, 3.16.3
com.google.protobuf:protobuf-java CVE-2021-22569 HIGH 3.7.1 3.16.1, 3.18.2, 3.19.2
com.google.protobuf:protobuf-java CVE-2021-22569 HIGH 3.7.1 3.16.1, 3.18.2, 3.19.2
com.google.protobuf:protobuf-java CVE-2021-22569 HIGH 3.7.1 3.16.1, 3.18.2, 3.19.2
com.google.protobuf:protobuf-java CVE-2021-22570 HIGH 3.7.1 3.15.0
com.google.protobuf:protobuf-java CVE-2021-22570 HIGH 3.7.1 3.15.0
com.google.protobuf:protobuf-java CVE-2021-22570 HIGH 3.7.1 3.15.0
com.google.protobuf:protobuf-java CVE-2022-3509 HIGH 3.7.1 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2022-3509 HIGH 3.7.1 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2022-3509 HIGH 3.7.1 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2022-3510 HIGH 3.7.1 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2022-3510 HIGH 3.7.1 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2022-3510 HIGH 3.7.1 3.16.3, 3.19.6, 3.20.3, 3.21.7
com.google.protobuf:protobuf-java CVE-2024-7254 HIGH 3.7.1 3.25.5, 4.27.5, 4.28.2
com.google.protobuf:protobuf-java CVE-2024-7254 HIGH 3.7.1 3.25.5, 4.27.5, 4.28.2
com.google.protobuf:protobuf-java CVE-2024-7254 HIGH 3.7.1 3.25.5, 4.27.5, 4.28.2
com.google.protobuf:protobuf-java CVE-2022-3171 MEDIUM 3.7.1 3.21.7, 3.20.3, 3.19.6, 3.16.3
com.google.protobuf:protobuf-java CVE-2022-3171 MEDIUM 3.7.1 3.21.7, 3.20.3, 3.19.6, 3.16.3
com.google.protobuf:protobuf-java CVE-2022-3171 MEDIUM 3.7.1 3.21.7, 3.20.3, 3.19.6, 3.16.3
com.nimbusds:nimbus-jose-jwt CVE-2023-52428 MEDIUM 9.8.1 9.37.2
com.nimbusds:nimbus-jose-jwt CVE-2023-52428 MEDIUM 9.8.1 9.37.2
com.nimbusds:nimbus-jose-jwt CVE-2023-52428 MEDIUM 9.8.1 9.37.2
com.squareup.okio:okio CVE-2023-3635 MEDIUM 1.14.0 3.4.0, 1.17.6
com.squareup.okio:okio CVE-2023-3635 MEDIUM 1.6.0 3.4.0, 1.17.6
com.squareup.okio:okio CVE-2023-3635 MEDIUM 1.6.0 3.4.0, 1.17.6
com.squareup.okio:okio CVE-2023-3635 MEDIUM 1.6.0 3.4.0, 1.17.6
com.squareup.okio:okio-jvm CVE-2023-3635 MEDIUM 3.2.0 3.4.0
com.squareup.okio:okio-jvm CVE-2023-3635 MEDIUM 3.2.0 3.4.0
commons-net:commons-net CVE-2021-37533 MEDIUM 3.6 3.9.0
commons-net:commons-net CVE-2021-37533 MEDIUM 3.6 3.9.0
commons-net:commons-net CVE-2021-37533 MEDIUM 3.6 3.9.0
dnsjava:dnsjava CVE-2024-25638 HIGH 2.1.7 3.6.0
dnsjava:dnsjava CVE-2024-25638 HIGH 2.1.7 3.6.0
dnsjava:dnsjava CVE-2024-25638 HIGH 2.1.7 3.6.0
io.airlift:aircompressor CVE-2024-36114 HIGH 0.21 0.27
io.netty:netty CVE-2019-20444 CRITICAL 3.7.0.Final 4.0.0
io.netty:netty CVE-2019-20444 CRITICAL 3.7.0.Final 4.0.0
io.netty:netty CVE-2015-2156 HIGH 3.7.0.Final 3.10.3.Final, 3.9.8.Final
io.netty:netty CVE-2015-2156 HIGH 3.7.0.Final 3.10.3.Final, 3.9.8.Final
io.netty:netty CVE-2021-37136 HIGH 3.7.0.Final 4.0.0
io.netty:netty CVE-2021-37136 HIGH 3.7.0.Final 4.0.0
io.netty:netty CVE-2021-37137 HIGH 3.7.0.Final 4.0.0
io.netty:netty CVE-2021-37137 HIGH 3.7.0.Final 4.0.0
io.netty:netty CVE-2014-0193 MEDIUM 3.7.0.Final 3.6.9.Final, 3.7.1.Final, 3.8.2.Final, 3.9.1.Final, 4.0.19.Final
io.netty:netty CVE-2014-0193 MEDIUM 3.7.0.Final 3.6.9.Final, 3.7.1.Final, 3.8.2.Final, 3.9.1.Final, 4.0.19.Final
io.netty:netty CVE-2019-20445 MEDIUM 3.7.0.Final 4.0.0
io.netty:netty CVE-2019-20445 MEDIUM 3.7.0.Final 4.0.0
io.netty:netty CVE-2021-21290 MEDIUM 3.7.0.Final 4.0.0
io.netty:netty CVE-2021-21290 MEDIUM 3.7.0.Final 4.0.0
io.netty:netty CVE-2021-21295 MEDIUM 3.7.0.Final 4.0.0
io.netty:netty CVE-2021-21295 MEDIUM 3.7.0.Final 4.0.0
io.netty:netty CVE-2021-21409 MEDIUM 3.7.0.Final 4.0.0
io.netty:netty CVE-2021-21409 MEDIUM 3.7.0.Final 4.0.0
io.netty:netty CVE-2021-43797 MEDIUM 3.7.0.Final 4.0.0
io.netty:netty CVE-2021-43797 MEDIUM 3.7.0.Final 4.0.0
io.netty:netty-codec CVE-2021-37136 HIGH 4.1.61.Final 4.1.68.Final
io.netty:netty-codec CVE-2021-37137 HIGH 4.1.61.Final 4.1.68.Final
io.netty:netty-codec-http CVE-2021-43797 MEDIUM 4.1.61.Final 4.1.71.Final
io.netty:netty-codec-http CVE-2022-24823 MEDIUM 4.1.61.Final 4.1.77.Final
io.netty:netty-codec-http CVE-2024-29025 MEDIUM 4.1.61.Final 4.1.108.Final
io.netty:netty-handler CVE-2023-34462 MEDIUM 4.1.61.Final 4.1.94.Final
io.netty:netty-handler CVE-2023-34462 MEDIUM 4.1.74.Final 4.1.94.Final
io.netty:netty-handler CVE-2023-34462 MEDIUM 4.1.74.Final 4.1.94.Final
net.minidev:json-smart CVE-2021-31684 HIGH 1.3.2 1.3.3, 2.4.4
net.minidev:json-smart CVE-2021-31684 HIGH 1.3.2 1.3.3, 2.4.4
net.minidev:json-smart CVE-2021-31684 HIGH 1.3.2 1.3.3, 2.4.4
net.minidev:json-smart CVE-2023-1370 HIGH 1.3.2 2.4.9
net.minidev:json-smart CVE-2023-1370 HIGH 1.3.2 2.4.9
net.minidev:json-smart CVE-2023-1370 HIGH 1.3.2 2.4.9
org.apache.avro:avro CVE-2023-39410 HIGH 1.11.0 1.11.3
org.apache.avro:avro CVE-2023-39410 HIGH 1.7.7 1.11.3
org.apache.avro:avro CVE-2023-39410 HIGH 1.7.7 1.11.3
org.apache.avro:avro CVE-2023-39410 HIGH 1.7.7 1.11.3
org.apache.commons:commons-compress CVE-2024-25710 HIGH 1.21 1.26.0
org.apache.commons:commons-compress CVE-2024-25710 HIGH 1.21 1.26.0
org.apache.commons:commons-compress CVE-2024-25710 HIGH 1.21 1.26.0
org.apache.commons:commons-compress CVE-2024-25710 HIGH 1.21 1.26.0
org.apache.commons:commons-compress CVE-2024-26308 MEDIUM 1.21 1.26.0
org.apache.commons:commons-compress CVE-2024-26308 MEDIUM 1.21 1.26.0
org.apache.commons:commons-compress CVE-2024-26308 MEDIUM 1.21 1.26.0
org.apache.commons:commons-compress CVE-2024-26308 MEDIUM 1.21 1.26.0
org.apache.commons:commons-configuration2 CVE-2024-29131 MEDIUM 2.1.1 2.10.1
org.apache.commons:commons-configuration2 CVE-2024-29131 MEDIUM 2.1.1 2.10.1
org.apache.commons:commons-configuration2 CVE-2024-29131 MEDIUM 2.1.1 2.10.1
org.apache.commons:commons-configuration2 CVE-2024-29133 MEDIUM 2.1.1 2.10.1
org.apache.commons:commons-configuration2 CVE-2024-29133 MEDIUM 2.1.1 2.10.1
org.apache.commons:commons-configuration2 CVE-2024-29133 MEDIUM 2.1.1 2.10.1
org.apache.derby:derby CVE-2022-46337 CRITICAL 10.14.2.0 10.14.3, 10.15.2.1, 10.16.1.2, 10.17.1.0
org.apache.hadoop:hadoop-common CVE-2022-25168 CRITICAL 3.3.2 2.10.2, 3.2.4, 3.3.3
org.apache.hadoop:hadoop-common CVE-2022-25168 CRITICAL 3.3.2 2.10.2, 3.2.4, 3.3.3
org.apache.hadoop:hadoop-common CVE-2022-25168 CRITICAL 3.3.2 2.10.2, 3.2.4, 3.3.3
org.apache.hadoop:hadoop-common CVE-2024-23454 LOW 3.3.2 3.4.0
org.apache.hadoop:hadoop-common CVE-2024-23454 LOW 3.3.2 3.4.0
org.apache.hadoop:hadoop-common CVE-2024-23454 LOW 3.3.2 3.4.0
org.apache.ivy:ivy CVE-2022-46751 HIGH 2.5.1 2.5.2
org.apache.mesos:mesos CVE-2018-1330 HIGH 1.4.3 1.6.0
org.apache.thrift:libthrift CVE-2019-0205 HIGH 0.12.0 0.13.0
org.apache.thrift:libthrift CVE-2020-13949 HIGH 0.12.0 0.14.0
org.apache.zookeeper:zookeeper CVE-2023-44981 CRITICAL 3.4.8 3.7.2, 3.8.3, 3.9.1
org.apache.zookeeper:zookeeper CVE-2023-44981 CRITICAL 3.4.8 3.7.2, 3.8.3, 3.9.1
org.apache.zookeeper:zookeeper CVE-2017-5637 HIGH 3.4.8 3.4.10, 3.5.3
org.apache.zookeeper:zookeeper CVE-2017-5637 HIGH 3.4.8 3.4.10, 3.5.3
org.apache.zookeeper:zookeeper CVE-2018-8012 HIGH 3.4.8 3.4.10, 3.5.4-beta
org.apache.zookeeper:zookeeper CVE-2018-8012 HIGH 3.4.8 3.4.10, 3.5.4-beta
org.apache.zookeeper:zookeeper CVE-2019-0201 MEDIUM 3.4.8 3.4.14, 3.5.5
org.apache.zookeeper:zookeeper CVE-2019-0201 MEDIUM 3.4.8 3.4.14, 3.5.5
org.apache.zookeeper:zookeeper CVE-2023-44981 CRITICAL 3.6.2 3.7.2, 3.8.3, 3.9.1
org.apache.zookeeper:zookeeper CVE-2023-44981 CRITICAL 3.6.2 3.7.2, 3.8.3, 3.9.1
org.apache.zookeeper:zookeeper CVE-2024-23944 MEDIUM 3.6.2 3.8.4, 3.9.2
org.apache.zookeeper:zookeeper CVE-2024-23944 MEDIUM 3.6.2 3.8.4, 3.9.2
org.eclipse.jetty:jetty-http CVE-2023-40167 MEDIUM 9.4.43.v20210629 9.4.52, 10.0.16, 11.0.16, 12.0.1
org.eclipse.jetty:jetty-http CVE-2023-40167 MEDIUM 9.4.43.v20210629 9.4.52, 10.0.16, 11.0.16, 12.0.1
org.eclipse.jetty:jetty-http CVE-2023-40167 MEDIUM 9.4.43.v20210629 9.4.52, 10.0.16, 11.0.16, 12.0.1
org.eclipse.jetty:jetty-http CVE-2022-2047 LOW 9.4.43.v20210629 9.4.47, 10.0.10, 11.0.10
org.eclipse.jetty:jetty-http CVE-2022-2047 LOW 9.4.43.v20210629 9.4.47, 10.0.10, 11.0.10
org.eclipse.jetty:jetty-http CVE-2022-2047 LOW 9.4.43.v20210629 9.4.47, 10.0.10, 11.0.10
org.eclipse.jetty:jetty-http CVE-2023-40167 MEDIUM 9.4.48.v20220622 9.4.52, 10.0.16, 11.0.16, 12.0.1
org.eclipse.jetty:jetty-server CVE-2023-26048 MEDIUM 9.4.48.v20220622 9.4.51.v20230217, 10.0.14, 11.0.14
org.eclipse.jetty:jetty-server CVE-2023-26049 LOW 9.4.48.v20220622 9.4.51.v20230217, 10.0.14, 11.0.14, 12.0.0.beta0
org.eclipse.jetty:jetty-servlets CVE-2023-36479 LOW 9.4.48.v20220622 9.4.52, 10.0.16, 11.0.16
org.eclipse.jetty:jetty-xml GHSA-58qw-p7qm-5rvh LOW 9.4.43.v20210629 10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823
org.eclipse.jetty:jetty-xml GHSA-58qw-p7qm-5rvh LOW 9.4.43.v20210629 10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823
org.eclipse.jetty:jetty-xml GHSA-58qw-p7qm-5rvh LOW 9.4.43.v20210629 10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823
org.hibernate.validator:hibernate-validator CVE-2020-10693 MEDIUM 6.0.13.Final 6.1.5.Final, 6.0.20.Final
org.hibernate.validator:hibernate-validator CVE-2020-10693 MEDIUM 6.0.13.Final 6.1.5.Final, 6.0.20.Final
org.hibernate.validator:hibernate-validator CVE-2020-10693 MEDIUM 6.0.13.Final 6.1.5.Final, 6.0.20.Final
org.infinispan.protostream:protostream CVE-2023-5236 MEDIUM 4.6.0.Final 4.6.2.Final
org.infinispan.protostream:protostream CVE-2023-5236 MEDIUM 4.6.0.Final 4.6.2.Final
org.infinispan.protostream:protostream CVE-2023-5236 MEDIUM 4.6.0.Final 4.6.2.Final
org.infinispan:infinispan-commons CVE-2023-5384 LOW 14.0.5.Final 15.0.0.Dev07, 14.0.25.Final
org.infinispan:infinispan-commons CVE-2023-5384 LOW 14.0.5.Final 15.0.0.Dev07, 14.0.25.Final
org.infinispan:infinispan-commons CVE-2023-5384 LOW 14.0.5.Final 15.0.0.Dev07, 14.0.25.Final
org.infinispan:infinispan-core CVE-2023-5384 LOW 14.0.5.Final 15.0.0.Dev07, 14.0.25.Final
org.infinispan:infinispan-core CVE-2023-5384 LOW 14.0.5.Final 15.0.0.Dev07, 14.0.25.Final
org.infinispan:infinispan-core CVE-2023-5384 LOW 14.0.5.Final 15.0.0.Dev07, 14.0.25.Final
org.json:json CVE-2022-45688 HIGH 20220924 20230227
org.json:json CVE-2022-45688 HIGH 20220924 20230227
org.json:json CVE-2022-45688 HIGH 20220924 20230227
org.json:json CVE-2023-5072 HIGH 20220924 20231013
org.json:json CVE-2023-5072 HIGH 20220924 20231013
org.json:json CVE-2023-5072 HIGH 20220924 20231013
org.xerial.snappy:snappy-java CVE-2023-34455 HIGH 1.1.8.4 1.1.10.1
org.xerial.snappy:snappy-java CVE-2023-34455 HIGH 1.1.8.4 1.1.10.1
org.xerial.snappy:snappy-java CVE-2023-34455 HIGH 1.1.8.4 1.1.10.1
org.xerial.snappy:snappy-java CVE-2023-43642 HIGH 1.1.8.4 1.1.10.4
org.xerial.snappy:snappy-java CVE-2023-43642 HIGH 1.1.8.4 1.1.10.4
org.xerial.snappy:snappy-java CVE-2023-43642 HIGH 1.1.8.4 1.1.10.4
org.xerial.snappy:snappy-java CVE-2023-34453 MEDIUM 1.1.8.4 1.1.10.1
org.xerial.snappy:snappy-java CVE-2023-34453 MEDIUM 1.1.8.4 1.1.10.1
org.xerial.snappy:snappy-java CVE-2023-34453 MEDIUM 1.1.8.4 1.1.10.1
org.xerial.snappy:snappy-java CVE-2023-34454 MEDIUM 1.1.8.4 1.1.10.1
org.xerial.snappy:snappy-java CVE-2023-34454 MEDIUM 1.1.8.4 1.1.10.1
org.xerial.snappy:snappy-java CVE-2023-34454 MEDIUM 1.1.8.4 1.1.10.1
org.yaml:snakeyaml CVE-2022-1471 HIGH 1.31 2.0
org.yaml:snakeyaml CVE-2022-38752 MEDIUM 1.31 1.32
org.yaml:snakeyaml CVE-2022-41854 MEDIUM 1.31 1.32
software.amazon.ion:ion-java CVE-2024-21634 HIGH 1.0.2 1.10.5

No Misconfigurations found

Python

1 known vulnerabilities found (HIGH: 1 MEDIUM: 0 LOW: 0 CRITICAL: 0)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
setuptools CVE-2024-6345 HIGH 68.2.2 70.0.0

No Misconfigurations found

opt/bitnami/java

No Vulnerabilities found

No Misconfigurations found

opt/bitnami/python

11 known vulnerabilities found (CRITICAL: 0 HIGH: 7 MEDIUM: 4 LOW: 0)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
python CVE-2023-36632 HIGH 3.10.13-20 3.11.4
python CVE-2023-6597 HIGH 3.10.13-20 3.12.3, 3.11.9, 3.10.14, 3.9.19, 3.8.19
python CVE-2024-0397 HIGH 3.10.13-20 3.12.3, 3.11.9, 3.10.14
python CVE-2024-4032 HIGH 3.10.13-20 3.12.4, 3.11.10, 3.10.15, 3.9.20, 3.8.20
python CVE-2024-6232 HIGH 3.10.13-20 3.12.6, 3.11.10, 3.10.15, 3.9.20, 3.8.20
python CVE-2024-7592 HIGH 3.10.13-20 3.12.6, 3.11.10, 3.10.15, 3.9.20, 3.8.20
python CVE-2023-27043 MEDIUM 3.10.13-20 2.7.18, 3.11.0
python CVE-2024-0450 MEDIUM 3.10.13-20 3.12.3, 3.11.9, 3.10.14, 3.9.19, 3.8.19
python CVE-2024-6923 MEDIUM 3.10.13-20 3.12.5, 3.11.10, 3.10.15, 3.9.20, 3.8.20
python CVE-2024-8088 MEDIUM 3.10.13-20 3.12.6, 3.11.10, 3.10.15, 3.9.20, 3.8.20
setuptools CVE-2024-6345 HIGH 68.2.2 70.0.0

No Misconfigurations found

opt/bitnami/spark

No Vulnerabilities found

No Misconfigurations found

github-actions[bot] commented 3 weeks ago

Trivy image scan report

ghcr.io/bzkf/onco-analytics-on-fhir/decompose-xmls:pr-167 (debian 12.7)

3 known vulnerabilities found (LOW: 0 CRITICAL: 3 HIGH: 0 MEDIUM: 0)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
libexpat1 CVE-2024-45490 CRITICAL 2.5.0-1 2.5.0-1+deb12u1
libexpat1 CVE-2024-45491 CRITICAL 2.5.0-1 2.5.0-1+deb12u1
libexpat1 CVE-2024-45492 CRITICAL 2.5.0-1 2.5.0-1+deb12u1

No Misconfigurations found

Python

No Vulnerabilities found

No Misconfigurations found