Vulnerabilities detected against dsbulk 1.11.0

[alberto-bortolan]

The following vulnerabilities have been reported against dsbulk 1.11 from "Open Source Scanning in Visual Studio Team Services". It would be desirable if as many as possible are resolved.

CVE-2019-10202 snyk Score: 9.8 org.codehaus.jackson:jackson-core-asl Recommendation: Fix unavailable

CVE-2022-42889 Score: 9.8 org.apache.commons:commons-text Recommendation: Upgrade to 1.10.0

CVE-2023-6378 Score: 7.5 ch.qos.logback:logback-classic Recommendation: Upgrade to 1.2.13

CVE-2023-6481 Score: 7.5 ch.qos.logback:logback-core Recommendation : Upgrade to 1.2.13

CVE-2023-34455 Score: 7.5 org.xerial.snappy:snappy-java Recommendation: Upgrade to 1.1.10.4

CVE-2023-34453 Score: 7.5 org.xerial.snappy:snappy-java Recommendation: Upgrade to 1.1.10.4

CVE-2022-42003 Score: 7.5 com.fasterxml.jackson.core:jackson-databind Recommendation: Upgrade to 2.13.4.redhat-00002

CVE-2022-42004 Score: 7.5 com.fasterxml.jackson.core:jackson-databind Recommendation : Upgrade to 2.13.4.redhat-00002

CVE-2022-45688 Score: 7.5 org.json:json Recommendation : Upgrade to 20231013

CVE-2023-5072 Score: 7.5 org.json:json Recommendation : Upgrade to 20231013

CVE-2023-34454 Score: 5.9 org.xerial.snappy:snappy-java Recommendation: Upgrade to 1.1.10.4

CVE-2024-26308 Score: 5.5 org.apache.commons:commons-compress Recommendation: Upgrade to 1.26.0

CVE-2024-25710 Score: 5.5 org.apache.commons:commons-compress Recommendation: Upgrade to 1.26.0

[dbapramod882]

Hi Team,

Do we have any time line, when these vulnerabilities be resolved.