chore(deps): update github-actions (major) #146

renovate · 2024-01-11T21:45:59Z

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	major	`v3.6.0` -> `v4.2.2`
actions/download-artifact	action	major	`v3` -> `v4`
actions/upload-artifact	action	major	`v3.2.1` -> `v4.4.3`
github/codeql-action	action	major	`v2.27.4` -> `v3.27.9`
google-github-actions/release-please-action	action	major	`v3.7.13` -> `v4.1.1`
slsa-framework/slsa-github-generator	action	major	`v1.10.0` -> `v2.0.0`
softprops/action-gh-release	action	major	`v1` -> `v2`
ubuntu	github-runner	major	`22.04` -> `24.04`

Release Notes

actions/checkout (actions/checkout)

`v4.2.2`

Compare Source

url-helper.ts now leverages well-known environment variables by @jww3 in https://github.com/actions/checkout/pull/1941
Expand unit test coverage for isGhes by @jww3 in https://github.com/actions/checkout/pull/1946

`v4.2.1`

Compare Source

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in https://github.com/actions/checkout/pull/1924

`v4.2.0`

Compare Source

Add Ref and Commit outputs by @lucacome in https://github.com/actions/checkout/pull/1180
Dependency updates by @dependabot- https://github.com/actions/checkout/pull/1777, https://github.com/actions/checkout/pull/1872

`v4.1.7`

Compare Source

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in https://github.com/actions/checkout/pull/1739
Bump actions/checkout from 3 to 4 by @dependabot in https://github.com/actions/checkout/pull/1697
Check out other refs/* by commit by @orhantoy in https://github.com/actions/checkout/pull/1774
Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in https://github.com/actions/checkout/pull/1776

`v4.1.6`

Compare Source

Check platform to set archive extension appropriately by @cory-miller in https://github.com/actions/checkout/pull/1732

What's Changed

Update actions/checkout version in update-main-version.yml by @jww3 in https://github.com/actions/checkout/pull/1650
Check git version before attempting to disable sparse-checkout by @jww3 in https://github.com/actions/checkout/pull/1656
Add SSH user parameter by @cory-miller in https://github.com/actions/checkout/pull/1685

Full Changelog: actions/checkout@v4.1.2...v4.1.3

`v4.1.2`

Compare Source

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in https://github.com/actions/checkout/pull/1598

`v4.1.1`

Compare Source

What's Changed

Update CODEOWNERS to Launch team by @joshmgross in https://github.com/actions/checkout/pull/1510
Correct link to GitHub Docs by @peterbe in https://github.com/actions/checkout/pull/1511
Link to release page from what's new section by @cory-miller in https://github.com/actions/checkout/pull/1514

New Contributors

@joshmgross made their first contribution in https://github.com/actions/checkout/pull/1510
@peterbe made their first contribution in https://github.com/actions/checkout/pull/1511

Full Changelog: actions/checkout@v4.1.0...v4.1.1

`v4.1.0`

Compare Source

Add support for partial checkout filters

`v4.0.0`

Compare Source

actions/download-artifact (actions/download-artifact)

`v4`

Compare Source

actions/upload-artifact (actions/upload-artifact)

`v4.4.3`

Compare Source

What's Changed

Undo indirect dependency updates from #627 by @joshmgross in https://github.com/actions/upload-artifact/pull/632

Full Changelog: actions/upload-artifact@v4.4.2...v4.4.3

`v4.4.2`

Compare Source

What's Changed

Bump @actions/artifact to 2.1.11 by @robherley in https://github.com/actions/upload-artifact/pull/627
- Includes fix for relative symlinks not resolving properly

Full Changelog: actions/upload-artifact@v4.4.1...v4.4.2

`v4.4.1`

Compare Source

What's Changed

Add a section about hidden files by @joshmgross in https://github.com/actions/upload-artifact/pull/607
Add workflow file for publishing releases to immutable action package by @Jcambass in https://github.com/actions/upload-artifact/pull/621
Update @actions/artifact to latest version, includes symlink and timeout fixes by @robherley in https://github.com/actions/upload-artifact/pull/625

New Contributors

@Jcambass made their first contribution in https://github.com/actions/upload-artifact/pull/621

Full Changelog: actions/upload-artifact@v4.4.0...v4.4.1

`v4.4.0`

Compare Source

`v4.3.6`

Compare Source

`v4.3.5`

Compare Source

`v4.3.4`

Compare Source

What's Changed

Update @actions/artifact version, bump dependencies by @robherley in https://github.com/actions/upload-artifact/pull/584

Full Changelog: actions/upload-artifact@v4.3.3...v4.3.4

`v4.3.3`

Compare Source

What's Changed

updating @actions/artifact dependency to v2.1.6 by @eggyhead in https://github.com/actions/upload-artifact/pull/565

Full Changelog: actions/upload-artifact@v4.3.2...v4.3.3

`v4.3.2`

Compare Source

What's Changed

Update release-new-action-version.yml by @konradpabjan in https://github.com/actions/upload-artifact/pull/516
Minor fix to the migration readme by @andrewakim in https://github.com/actions/upload-artifact/pull/523
Update readme with v3/v2/v1 deprecation notice by @robherley in https://github.com/actions/upload-artifact/pull/561
updating @actions/artifact dependency to v2.1.5 and @actions/core to v1.0.1 by @eggyhead in https://github.com/actions/upload-artifact/pull/562

New Contributors

@andrewakim made their first contribution in https://github.com/actions/upload-artifact/pull/523

Full Changelog: actions/upload-artifact@v4.3.1...v4.3.2

`v4.3.1`

Compare Source

Bump @actions/artifacts to latest version to include updated GHES host check

`v4.3.0`

Compare Source

What's Changed

Reorganize upload code in prep for merge logic & add more tests by @robherley in https://github.com/actions/upload-artifact/pull/504
Add sub-action to merge artifacts by @robherley in https://github.com/actions/upload-artifact/pull/505

Full Changelog: actions/upload-artifact@v4...v4.3.0

`v4.2.0`

Compare Source

What's Changed

Ability to overwrite an Artifact by @robherley in https://github.com/actions/upload-artifact/pull/501

Full Changelog: actions/upload-artifact@v4...v4.2.0

`v4.1.0`

Compare Source

What's Changed

Add migrations docs by @robherley in https://github.com/actions/upload-artifact/pull/482
Update README.md by @samuelwine in https://github.com/actions/upload-artifact/pull/492
Support artifact-url output by @konradpabjan in https://github.com/actions/upload-artifact/pull/496
Update readme to reflect new 500 artifact per job limit by @robherley in https://github.com/actions/upload-artifact/pull/497

New Contributors

@samuelwine made their first contribution in https://github.com/actions/upload-artifact/pull/492

Full Changelog: actions/upload-artifact@v4...v4.1.0

`v4.0.0`

Compare Source

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

For more information, see the @actions/artifact documentation.

New Contributors

@vmjoseph made their first contribution in https://github.com/actions/upload-artifact/pull/464

Full Changelog: actions/upload-artifact@v3...v4.0.0

github/codeql-action (github/codeql-action)

`v3.27.9`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

`v3.27.8`

Compare Source

`v3.27.7`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.7 - 10 Dec 2024

We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631
Update default CodeQL bundle version to 2.20.0. #2636

See the full CHANGELOG.md for more information.

`v3.27.6`

Compare Source

`v3.27.5`

Compare Source

`v3.27.4`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.4 - 14 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

`v3.27.3`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.3 - 12 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

`v3.27.2`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.2 - 12 Nov 2024

Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #2590

See the full CHANGELOG.md for more information.

`v3.27.1`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.1 - 08 Nov 2024

The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. #2573
Update default CodeQL bundle version to 2.19.3. #2576

See the full CHANGELOG.md for more information.

`v3.27.0`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.0 - 22 Oct 2024

Bump the minimum CodeQL bundle version to 2.14.6. #2549
Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. #2557
Update default CodeQL bundle version to 2.19.2. #2552

See the full CHANGELOG.md for more information.

`v3.26.13`

Compare Source

`v3.26.12`

Compare Source

`v3.26.11`

Compare Source

`v3.26.10`

Compare Source

`v3.26.9`

Compare Source

`v3.26.8`

Compare Source

`v3.26.7`

Compare Source

`v3.26.6`

Compare Source

`v3.26.5`

Compare Source

`v3.26.4`

Compare Source

`v3.26.3`

Compare Source

`v3.26.2`

Compare Source

`v3.26.1`

Compare Source

`v3.26.0`

Compare Source

`v3.25.15`

Compare Source

`v3.25.14`

Compare Source

`v3.25.13`

Compare Source

`v3.25.12`

Compare Source

`v3.25.11`

Compare Source

`v3.25.10`

Compare Source

`v3.25.9`

Compare Source

`v3.25.8`

Compare Source

`v3.25.7`

Compare Source

`v3.25.6`

Compare Source

`v3.25.5`

Compare Source

`v3.25.4`

Compare Source

`v3.25.3`

Compare Source

`v3.25.2`

Compare Source

`v3.25.1`

Compare Source

`v3.25.0`

Compare Source

`v3.24.11`

Compare Source

`v3.24.10`

Compare Source

`v3.24.9`

Compare Source

`v3.24.8`

Compare Source

`v3.24.7`

Compare Source

`v3.24.6`

Compare Source

`v3.24.5`

Compare Source

`v3.24.4`

Compare Source

`v3.24.3`

Compare Source

`v3.24.2`

Compare Source

`v3.24.1`

Compare Source

`v3.24.0`

Compare Source

`v3.23.2`

Compare Source

`v3.23.1`

Compare Source

`v3.23.0`

Compare Source

`v3.22.12`

Compare Source

`v3.22.11`

Compare Source

`v2.27.9`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

2.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

`v2.27.8`

Compare Source

`v2.27.7`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

2.27.7 - 10 Dec 2024

We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631
Update default CodeQL bundle version to 2.20.0. #2636

See the full CHANGELOG.md for more information.

`v2.27.6`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

2.27.6 - 03 Dec 2024

Update default CodeQL bundle version to 2.19.4. #2626

See the full CHANGELOG.md for more information.

`v2.27.5`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

2.27.5 - 19 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

google-github-actions/release-please-action (google-github-actions/release-please-action)

`v4.1.1`

Compare Source

Bug Fixes

add deprecation warning to workflow run (#1) (edb78cf)

`v4.1.0`

Compare Source

Features

add changelog-host input to action.yml (#948) (863b06f)

`v4.0.3`

Compare Source

Bug Fixes

bump release-please from 16.5.0 to 16.10.0 (#953) (d7e88e0)

`v4.0.2`

Compare Source

Bug Fixes

bump release-please from 16.4.0 to 16.5.0 (#905) (df71963)
log release-please version (#910) (2a496d1), closes #325

`v4.0.1`

Compare Source

Bug Fixes

bump release-please from 16.3.1 to 16.4.0 (#897) (2463dad)

`v4.0.0`

Compare Source

slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator)

`v2.0.0`

Compare Source

v2.0.0: Breaking Change: upload-artifact and download-artifact

Our workflows now use the new @v4s of actions/upload-artifact and
actions/download-artifact, which are incompatiblle with the prior @v3. See
Our docs on the generic generator
for more information and how to upgrade.

v2.0.0: Breaking Change: attestation-name Workflow Input and Output

attestation-name as a workflow input to
.github/workflows/generator_generic_slsa3.yml is now removed. Use
provenance-name instead.

v2.0.0: DSSE Rekor Type

When uploading signed provenance to the log, the entry created in the log is now
a DSSE Rekor type. This fixes a bug where the current intoto type does not
persist provenance signatures. The attestation will no longer be persisted
in Rekor (#3299)

softprops/action-gh-release (softprops/action-gh-release)

`v2`

Compare Source

Configuration

📅 Schedule: Branch creation - "* 0-3 1 * *" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2024-01-11T21:50:00Z

🦙 MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Errors	Elapsed time
✅ ACTION	actionlint	6	0	0.09s
✅ BASH	bash-exec	2	0	0.01s
✅ BASH	shellcheck	2	0	0.13s
✅ BASH	shfmt	2	0	0.01s
✅ DOCKERFILE	hadolint	2	0	0.27s
✅ EDITORCONFIG	editorconfig-checker	89	0	0.49s
✅ ENV	dotenv-linter	1	0	0.01s
✅ JSON	jsonlint	3	0	0.3s
✅ JSON	prettier	3	0	0.51s
✅ JSON	v8r	3	0	3.75s
⚠️ MARKDOWN	markdownlint	8	89	1.18s
⚠️ MARKDOWN	markdown-table-formatter	8	1	0.5s
✅ PYTHON	bandit	7	0	2.36s
✅ PYTHON	black	7	0	2.07s
✅ PYTHON	flake8	7	0	1.09s
✅ PYTHON	isort	7	0	0.56s
✅ PYTHON	mypy	7	0	3.32s
✅ PYTHON	pyright	7	0	7.55s
✅ PYTHON	ruff	7	0	0.02s
✅ REPOSITORY	checkov	yes	no	26.38s
✅ REPOSITORY	dustilock	yes	no	0.57s
✅ REPOSITORY	gitleaks	yes	no	2.87s
✅ REPOSITORY	git_diff	yes	no	0.04s
✅ REPOSITORY	grype	yes	no	16.79s
✅ REPOSITORY	kics	yes	no	45.51s
✅ REPOSITORY	secretlint	yes	no	1.26s
✅ REPOSITORY	syft	yes	no	2.86s
✅ REPOSITORY	trivy	yes	no	12.76s
✅ REPOSITORY	trivy-sbom	yes	no	0.18s
✅ REPOSITORY	trufflehog	yes	no	4.02s
✅ XML	xmllint	3	0	0.03s
✅ YAML	prettier	28	0	1.35s
✅ YAML	v8r	28	0	48.39s
✅ YAML	yamllint	28	0	1.01s

See detailed report in MegaLinter reports

You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.

Click here to request the new flavor

MegaLinter is graciously provided by

github-actions · 2024-12-13T01:21:36Z

Trivy image scan report

`ghcr.io/bzkf/onco-analytics-on-fhir/decompose-xmls:pr-146 (debian 12.7)`

8 known vulnerabilities found (CRITICAL: 2 HIGH: 2 MEDIUM: 2 LOW: 2)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`libexpat1`	CVE-2024-45491	CRITICAL	2.5.0-1	2.5.0-1+deb12u1
`libexpat1`	CVE-2024-45492	CRITICAL	2.5.0-1	2.5.0-1+deb12u1
`libexpat1`	CVE-2024-45490	HIGH	2.5.0-1	2.5.0-1+deb12u1
`libsqlite3-0`	CVE-2023-7104	HIGH	3.40.1-2	3.40.1-2+deb12u1
`libssl3`	CVE-2024-5535	MEDIUM	3.0.14-1~deb12u2	3.0.15-1~deb12u1
`libssl3`	CVE-2024-9143	LOW	3.0.14-1~deb12u2	3.0.15-1~deb12u1
`openssl`	CVE-2024-5535	MEDIUM	3.0.14-1~deb12u2	3.0.15-1~deb12u1
`openssl`	CVE-2024-9143	LOW	3.0.14-1~deb12u2	3.0.15-1~deb12u1

No Misconfigurations found

`Python`

No Vulnerabilities found

No Misconfigurations found

github-actions · 2024-12-13T01:23:36Z

Trivy image scan report

`ghcr.io/bzkf/onco-analytics-on-fhir/obds-fhir-to-opal:pr-146 (debian 12.5)`

53 known vulnerabilities found (CRITICAL: 4 HIGH: 21 MEDIUM: 24 LOW: 4)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`bsdutils`	CVE-2024-28085	HIGH	1:2.38.1-5+b1	2.38.1-5+deb12u1
`libblkid1`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1
`libc-bin`	CVE-2024-2961	HIGH	2.36-9+deb12u4	2.36-9+deb12u6
`libc-bin`	CVE-2024-33599	HIGH	2.36-9+deb12u4	2.36-9+deb12u7
`libc-bin`	CVE-2024-33600	MEDIUM	2.36-9+deb12u4	2.36-9+deb12u7
`libc-bin`	CVE-2024-33601	MEDIUM	2.36-9+deb12u4	2.36-9+deb12u7
`libc-bin`	CVE-2024-33602	MEDIUM	2.36-9+deb12u4	2.36-9+deb12u7
`libc6`	CVE-2024-2961	HIGH	2.36-9+deb12u4	2.36-9+deb12u6
`libc6`	CVE-2024-33599	HIGH	2.36-9+deb12u4	2.36-9+deb12u7
`libc6`	CVE-2024-33600	MEDIUM	2.36-9+deb12u4	2.36-9+deb12u7
`libc6`	CVE-2024-33601	MEDIUM	2.36-9+deb12u4	2.36-9+deb12u7
`libc6`	CVE-2024-33602	MEDIUM	2.36-9+deb12u4	2.36-9+deb12u7
`libgnutls30`	CVE-2024-28834	MEDIUM	3.7.9-2+deb12u2	3.7.9-2+deb12u3
`libgnutls30`	CVE-2024-28835	MEDIUM	3.7.9-2+deb12u2	3.7.9-2+deb12u3
`libgssapi-krb5-2`	CVE-2024-37371	CRITICAL	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libgssapi-krb5-2`	CVE-2024-37370	HIGH	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libk5crypto3`	CVE-2024-37371	CRITICAL	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libk5crypto3`	CVE-2024-37370	HIGH	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libkrb5-3`	CVE-2024-37371	CRITICAL	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libkrb5-3`	CVE-2024-37370	HIGH	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libkrb5support0`	CVE-2024-37371	CRITICAL	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libkrb5support0`	CVE-2024-37370	HIGH	1.20.1-2+deb12u1	1.20.1-2+deb12u2
`libmount1`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1
`libsmartcols1`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1
`libsqlite3-0`	CVE-2023-7104	HIGH	3.40.1-2	3.40.1-2+deb12u1
`libssl3`	CVE-2023-5678	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`libssl3`	CVE-2023-6129	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`libssl3`	CVE-2023-6237	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`libssl3`	CVE-2024-0727	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`libssl3`	CVE-2024-4603	MEDIUM	3.0.11-1~deb12u2	3.0.14-1~deb12u1
`libssl3`	CVE-2024-4741	MEDIUM	3.0.11-1~deb12u2	3.0.14-1~deb12u1
`libssl3`	CVE-2024-5535	MEDIUM	3.0.11-1~deb12u2	3.0.15-1~deb12u1
`libssl3`	CVE-2024-6119	MEDIUM	3.0.11-1~deb12u2	3.0.14-1~deb12u2
`libssl3`	CVE-2024-2511	LOW	3.0.11-1~deb12u2	3.0.14-1~deb12u1
`libssl3`	CVE-2024-9143	LOW	3.0.11-1~deb12u2	3.0.15-1~deb12u1
`libsystemd0`	CVE-2023-50387	HIGH	252.22-1~deb12u1	252.23-1~deb12u1
`libsystemd0`	CVE-2023-50868	HIGH	252.22-1~deb12u1	252.23-1~deb12u1
`libudev1`	CVE-2023-50387	HIGH	252.22-1~deb12u1	252.23-1~deb12u1
`libudev1`	CVE-2023-50868	HIGH	252.22-1~deb12u1	252.23-1~deb12u1
`libuuid1`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1
`mount`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1
`openssl`	CVE-2023-5678	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`openssl`	CVE-2023-6129	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`openssl`	CVE-2023-6237	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`openssl`	CVE-2024-0727	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`openssl`	CVE-2024-4603	MEDIUM	3.0.11-1~deb12u2	3.0.14-1~deb12u1
`openssl`	CVE-2024-4741	MEDIUM	3.0.11-1~deb12u2	3.0.14-1~deb12u1
`openssl`	CVE-2024-5535	MEDIUM	3.0.11-1~deb12u2	3.0.15-1~deb12u1
`openssl`	CVE-2024-6119	MEDIUM	3.0.11-1~deb12u2	3.0.14-1~deb12u2
`openssl`	CVE-2024-2511	LOW	3.0.11-1~deb12u2	3.0.14-1~deb12u1
`openssl`	CVE-2024-9143	LOW	3.0.11-1~deb12u2	3.0.15-1~deb12u1
`util-linux`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1
`util-linux-extra`	CVE-2024-28085	HIGH	2.38.1-5+b1	2.38.1-5+deb12u1

No Misconfigurations found

`Java`

292 known vulnerabilities found (CRITICAL: 22 HIGH: 151 MEDIUM: 98 LOW: 21)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-45294	HIGH	5.6.971	6.3.23
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-45294	HIGH	5.6.971	6.3.23
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-45294	HIGH	5.6.971	6.3.23
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-51132	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-51132	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-51132	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-52007	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-52007	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2024-52007	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-45294	HIGH	5.6.971	6.3.23
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-45294	HIGH	5.6.971	6.3.23
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-45294	HIGH	5.6.971	6.3.23
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-51132	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-51132	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-51132	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-52007	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-52007	HIGH	5.6.971	6.4.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2024-52007	HIGH	5.6.971	6.4.0
`ch.qos.logback:logback-classic`	CVE-2023-6378	HIGH	1.2.11	1.3.12, 1.4.12, 1.2.13
`ch.qos.logback:logback-classic`	CVE-2023-6378	HIGH	1.2.11	1.3.12, 1.4.12, 1.2.13
`ch.qos.logback:logback-core`	CVE-2023-6378	HIGH	1.2.11	1.3.12, 1.4.12, 1.2.13
`ch.qos.logback:logback-core`	CVE-2023-6378	HIGH	1.2.11	1.3.12, 1.4.12, 1.2.13
`com.amazonaws:aws-java-sdk-s3`	CVE-2022-31159	HIGH	1.11.1026	1.12.261
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36518	HIGH	2.11.4	2.13.2.1, 2.12.6.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2021-46877	HIGH	2.11.4	2.12.6, 2.13.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42003	HIGH	2.11.4	2.12.7.1, 2.13.4.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42004	HIGH	2.11.4	2.12.7.1, 2.13.4
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36518	HIGH	2.13.0	2.13.2.1, 2.12.6.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36518	HIGH	2.13.0	2.13.2.1, 2.12.6.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36518	HIGH	2.13.0	2.13.2.1, 2.12.6.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2021-46877	HIGH	2.13.0	2.12.6, 2.13.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2021-46877	HIGH	2.13.0	2.12.6, 2.13.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2021-46877	HIGH	2.13.0	2.12.6, 2.13.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42003	HIGH	2.13.0	2.12.7.1, 2.13.4.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42003	HIGH	2.13.0	2.12.7.1, 2.13.4.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42003	HIGH	2.13.0	2.12.7.1, 2.13.4.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42004	HIGH	2.13.0	2.12.7.1, 2.13.4
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42004	HIGH	2.13.0	2.12.7.1, 2.13.4
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42004	HIGH	2.13.0	2.12.7.1, 2.13.4
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42003	HIGH	2.13.4	2.12.7.1, 2.13.4.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2017-17485	CRITICAL	2.6.7.4	2.9.4, 2.8.11, 2.7.9.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2018-11307	CRITICAL	2.6.7.4	2.7.9.4, 2.8.11.2, 2.9.6
`com.fasterxml.jackson.core:jackson-databind`	CVE-2018-14719	CRITICAL	2.6.7.4	2.9.7, 2.8.11.3, 2.7.9.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2018-7489	CRITICAL	2.6.7.4	2.8.11.1, 2.9.5, 2.7.9.3, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2019-14379	CRITICAL	2.6.7.4	2.9.9.2, 2.8.11.4, 2.7.9.6
`com.fasterxml.jackson.core:jackson-databind`	CVE-2019-17267	CRITICAL	2.6.7.4	2.9.10, 2.8.11.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-9547	CRITICAL	2.6.7.4	2.9.10.4, 2.8.11.6, 2.7.9.7
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-9548	CRITICAL	2.6.7.4	2.9.10.4, 2.8.11.6, 2.7.9.7
`com.fasterxml.jackson.core:jackson-databind`	CVE-2018-12022	HIGH	2.6.7.4	2.7.9.4, 2.8.11.2, 2.9.6
`com.fasterxml.jackson.core:jackson-databind`	CVE-2018-5968	HIGH	2.6.7.4	2.8.11.1, 2.9.4, 2.7.9.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-10650	HIGH	2.6.7.4	2.9.10.4
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-24616	HIGH	2.6.7.4	2.9.10.6
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-24750	HIGH	2.6.7.4	2.6.7.5, 2.9.10.6
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-35490	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-35491	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-35728	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36179	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36180	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36181	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36182	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36183	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36184	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36185	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36186	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36187	HIGH	2.6.7.4	2.9.10.8
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36188	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36189	HIGH	2.6.7.4	2.9.10.8, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2020-36518	HIGH	2.6.7.4	2.13.2.1, 2.12.6.1
`com.fasterxml.jackson.core:jackson-databind`	CVE-2021-20190	HIGH	2.6.7.4	2.9.10.7, 2.6.7.5
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42003	HIGH	2.6.7.4	2.12.7.1, 2.13.4.2
`com.fasterxml.jackson.core:jackson-databind`	CVE-2022-42004	HIGH	2.6.7.4	2.12.7.1, 2.13.4
`com.fasterxml.woodstox:woodstox-core`	CVE-2022-40152	MEDIUM	5.3.0	6.4.0, 5.4.0
`com.fasterxml.woodstox:woodstox-core`	CVE-2022-40152	MEDIUM	5.3.0	6.4.0, 5.4.0
`com.fasterxml.woodstox:woodstox-core`	CVE-2022-40152	MEDIUM	5.3.0	6.4.0, 5.4.0
`com.google.code.gson:gson`	CVE-2022-25647	HIGH	2.2.4	2.8.9
`com.google.code.gson:gson`	CVE-2022-25647	HIGH	2.8.6	2.8.9
`com.google.guava:guava`	CVE-2018-10237	MEDIUM	14.0.1	24.1.1-android
`com.google.guava:guava`	CVE-2018-10237	MEDIUM	14.0.1	24.1.1-android
`com.google.guava:guava`	CVE-2018-10237	MEDIUM	14.0.1	24.1.1-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	14.0.1	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	14.0.1	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	14.0.1	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	14.0.1	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	14.0.1	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	14.0.1	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	30.1.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	31.0.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	31.0.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2023-2976	MEDIUM	31.0.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	31.0.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	31.0.1-jre	32.0.0-android
`com.google.guava:guava`	CVE-2020-8908	LOW	31.0.1-jre	32.0.0-android
`com.google.protobuf:protobuf-java`	CVE-2021-22569	HIGH	2.5.0	3.16.1, 3.18.2, 3.19.2
`com.google.protobuf:protobuf-java`	CVE-2021-22570	HIGH	2.5.0	3.15.0
`com.google.protobuf:protobuf-java`	CVE-2022-3509	HIGH	2.5.0	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3510	HIGH	2.5.0	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2024-7254	HIGH	2.5.0	3.25.5, 4.27.5, 4.28.2
`com.google.protobuf:protobuf-java`	CVE-2022-3171	MEDIUM	2.5.0	3.21.7, 3.20.3, 3.19.6, 3.16.3
`com.google.protobuf:protobuf-java`	CVE-2021-22569	HIGH	3.3.0	3.16.1, 3.18.2, 3.19.2
`com.google.protobuf:protobuf-java`	CVE-2021-22570	HIGH	3.3.0	3.15.0
`com.google.protobuf:protobuf-java`	CVE-2022-3509	HIGH	3.3.0	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3510	HIGH	3.3.0	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2024-7254	HIGH	3.3.0	3.25.5, 4.27.5, 4.28.2
`com.google.protobuf:protobuf-java`	CVE-2022-3171	MEDIUM	3.3.0	3.21.7, 3.20.3, 3.19.6, 3.16.3
`com.google.protobuf:protobuf-java`	CVE-2021-22569	HIGH	3.7.1	3.16.1, 3.18.2, 3.19.2
`com.google.protobuf:protobuf-java`	CVE-2021-22569	HIGH	3.7.1	3.16.1, 3.18.2, 3.19.2
`com.google.protobuf:protobuf-java`	CVE-2021-22569	HIGH	3.7.1	3.16.1, 3.18.2, 3.19.2
`com.google.protobuf:protobuf-java`	CVE-2021-22570	HIGH	3.7.1	3.15.0
`com.google.protobuf:protobuf-java`	CVE-2021-22570	HIGH	3.7.1	3.15.0
`com.google.protobuf:protobuf-java`	CVE-2021-22570	HIGH	3.7.1	3.15.0
`com.google.protobuf:protobuf-java`	CVE-2022-3509	HIGH	3.7.1	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3509	HIGH	3.7.1	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3509	HIGH	3.7.1	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3510	HIGH	3.7.1	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3510	HIGH	3.7.1	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2022-3510	HIGH	3.7.1	3.16.3, 3.19.6, 3.20.3, 3.21.7
`com.google.protobuf:protobuf-java`	CVE-2024-7254	HIGH	3.7.1	3.25.5, 4.27.5, 4.28.2
`com.google.protobuf:protobuf-java`	CVE-2024-7254	HIGH	3.7.1	3.25.5, 4.27.5, 4.28.2
`com.google.protobuf:protobuf-java`	CVE-2024-7254	HIGH	3.7.1	3.25.5, 4.27.5, 4.28.2
`com.google.protobuf:protobuf-java`	CVE-2022-3171	MEDIUM	3.7.1	3.21.7, 3.20.3, 3.19.6, 3.16.3
`com.google.protobuf:protobuf-java`	CVE-2022-3171	MEDIUM	3.7.1	3.21.7, 3.20.3, 3.19.6, 3.16.3
`com.google.protobuf:protobuf-java`	CVE-2022-3171	MEDIUM	3.7.1	3.21.7, 3.20.3, 3.19.6, 3.16.3
`com.nimbusds:nimbus-jose-jwt`	CVE-2023-52428	HIGH	9.8.1	9.37.2
`com.nimbusds:nimbus-jose-jwt`	CVE-2023-52428	HIGH	9.8.1	9.37.2
`com.nimbusds:nimbus-jose-jwt`	CVE-2023-52428	HIGH	9.8.1	9.37.2
`com.squareup.okio:okio`	CVE-2023-3635	MEDIUM	1.14.0	3.4.0, 1.17.6
`com.squareup.okio:okio`	CVE-2023-3635	MEDIUM	1.6.0	3.4.0, 1.17.6
`com.squareup.okio:okio`	CVE-2023-3635	MEDIUM	1.6.0	3.4.0, 1.17.6
`com.squareup.okio:okio`	CVE-2023-3635	MEDIUM	1.6.0	3.4.0, 1.17.6
`com.squareup.okio:okio-jvm`	CVE-2023-3635	MEDIUM	3.2.0	3.4.0
`com.squareup.okio:okio-jvm`	CVE-2023-3635	MEDIUM	3.2.0	3.4.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.11.0	2.14.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.11.0	2.14.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.11.0	2.14.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.11.0	2.14.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.8.0	2.14.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.8.0	2.14.0
`commons-io:commons-io`	CVE-2024-47554	HIGH	2.8.0	2.14.0
`commons-net:commons-net`	CVE-2021-37533	MEDIUM	3.6	3.9.0
`commons-net:commons-net`	CVE-2021-37533	MEDIUM	3.6	3.9.0
`commons-net:commons-net`	CVE-2021-37533	MEDIUM	3.6	3.9.0
`dnsjava:dnsjava`	CVE-2024-25638	HIGH	2.1.7	3.6.0
`dnsjava:dnsjava`	CVE-2024-25638	HIGH	2.1.7	3.6.0
`dnsjava:dnsjava`	CVE-2024-25638	HIGH	2.1.7	3.6.0
`io.airlift:aircompressor`	CVE-2024-36114	HIGH	0.21	0.27
`io.netty:netty`	CVE-2019-20444	CRITICAL	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2019-20444	CRITICAL	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2015-2156	HIGH	3.7.0.Final	3.10.3.Final, 3.9.8.Final
`io.netty:netty`	CVE-2015-2156	HIGH	3.7.0.Final	3.10.3.Final, 3.9.8.Final
`io.netty:netty`	CVE-2021-37136	HIGH	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-37136	HIGH	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-37137	HIGH	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-37137	HIGH	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2014-0193	MEDIUM	3.7.0.Final	3.6.9.Final, 3.7.1.Final, 3.8.2.Final, 3.9.1.Final, 4.0.19.Final
`io.netty:netty`	CVE-2014-0193	MEDIUM	3.7.0.Final	3.6.9.Final, 3.7.1.Final, 3.8.2.Final, 3.9.1.Final, 4.0.19.Final
`io.netty:netty`	CVE-2019-20445	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2019-20445	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-21290	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-21290	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-21295	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-21295	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-21409	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-21409	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-43797	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty`	CVE-2021-43797	MEDIUM	3.7.0.Final	4.0.0
`io.netty:netty-codec`	CVE-2021-37136	HIGH	4.1.61.Final	4.1.68.Final
`io.netty:netty-codec`	CVE-2021-37137	HIGH	4.1.61.Final	4.1.68.Final
`io.netty:netty-codec-http`	CVE-2021-43797	MEDIUM	4.1.61.Final	4.1.71.Final
`io.netty:netty-codec-http`	CVE-2022-24823	MEDIUM	4.1.61.Final	4.1.77.Final
`io.netty:netty-codec-http`	CVE-2024-29025	MEDIUM	4.1.61.Final	4.1.108.Final
`io.netty:netty-common`	CVE-2024-47535	MEDIUM	4.1.61.Final	4.1.115
`io.netty:netty-common`	CVE-2024-47535	MEDIUM	4.1.74.Final	4.1.115
`io.netty:netty-common`	CVE-2024-47535	MEDIUM	4.1.74.Final	4.1.115
`io.netty:netty-handler`	CVE-2023-34462	MEDIUM	4.1.61.Final	4.1.94.Final
`io.netty:netty-handler`	CVE-2023-34462	MEDIUM	4.1.74.Final	4.1.94.Final
`io.netty:netty-handler`	CVE-2023-34462	MEDIUM	4.1.74.Final	4.1.94.Final
`net.minidev:json-smart`	CVE-2021-31684	HIGH	1.3.2	1.3.3, 2.4.4
`net.minidev:json-smart`	CVE-2021-31684	HIGH	1.3.2	1.3.3, 2.4.4
`net.minidev:json-smart`	CVE-2021-31684	HIGH	1.3.2	1.3.3, 2.4.4
`net.minidev:json-smart`	CVE-2023-1370	HIGH	1.3.2	2.4.9
`net.minidev:json-smart`	CVE-2023-1370	HIGH	1.3.2	2.4.9
`net.minidev:json-smart`	CVE-2023-1370	HIGH	1.3.2	2.4.9
`org.apache.avro:avro`	CVE-2024-47561	CRITICAL	1.11.0	1.11.4
`org.apache.avro:avro`	CVE-2023-39410	HIGH	1.11.0	1.11.3
`org.apache.avro:avro`	CVE-2024-47561	CRITICAL	1.7.7	1.11.4
`org.apache.avro:avro`	CVE-2024-47561	CRITICAL	1.7.7	1.11.4
`org.apache.avro:avro`	CVE-2024-47561	CRITICAL	1.7.7	1.11.4
`org.apache.avro:avro`	CVE-2023-39410	HIGH	1.7.7	1.11.3
`org.apache.avro:avro`	CVE-2023-39410	HIGH	1.7.7	1.11.3
`org.apache.avro:avro`	CVE-2023-39410	HIGH	1.7.7	1.11.3
`org.apache.commons:commons-compress`	CVE-2024-25710	HIGH	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-25710	HIGH	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-25710	HIGH	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-25710	HIGH	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-26308	MEDIUM	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-26308	MEDIUM	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-26308	MEDIUM	1.21	1.26.0
`org.apache.commons:commons-compress`	CVE-2024-26308	MEDIUM	1.21	1.26.0
`org.apache.commons:commons-configuration2`	CVE-2024-29131	MEDIUM	2.1.1	2.10.1
`org.apache.commons:commons-configuration2`	CVE-2024-29131	MEDIUM	2.1.1	2.10.1
`org.apache.commons:commons-configuration2`	CVE-2024-29131	MEDIUM	2.1.1	2.10.1
`org.apache.commons:commons-configuration2`	CVE-2024-29133	MEDIUM	2.1.1	2.10.1
`org.apache.commons:commons-configuration2`	CVE-2024-29133	MEDIUM	2.1.1	2.10.1
`org.apache.commons:commons-configuration2`	CVE-2024-29133	MEDIUM	2.1.1	2.10.1
`org.apache.derby:derby`	CVE-2022-46337	CRITICAL	10.14.2.0	10.14.3, 10.15.2.1, 10.16.1.2, 10.17.1.0
`org.apache.hadoop:hadoop-common`	CVE-2022-25168	CRITICAL	3.3.2	2.10.2, 3.2.4, 3.3.3
`org.apache.hadoop:hadoop-common`	CVE-2022-25168	CRITICAL	3.3.2	2.10.2, 3.2.4, 3.3.3
`org.apache.hadoop:hadoop-common`	CVE-2022-25168	CRITICAL	3.3.2	2.10.2, 3.2.4, 3.3.3
`org.apache.hadoop:hadoop-common`	CVE-2024-23454	LOW	3.3.2	3.4.0
`org.apache.hadoop:hadoop-common`	CVE-2024-23454	LOW	3.3.2	3.4.0
`org.apache.hadoop:hadoop-common`	CVE-2024-23454	LOW	3.3.2	3.4.0
`org.apache.ivy:ivy`	CVE-2022-46751	HIGH	2.5.1	2.5.2
`org.apache.kafka:kafka-clients`	CVE-2024-31141	MEDIUM	2.8.1	3.7.1
`org.apache.kafka:kafka-clients`	CVE-2024-31141	MEDIUM	2.8.1	3.7.1
`org.apache.mesos:mesos`	CVE-2018-1330	HIGH	1.4.3	1.6.0
`org.apache.thrift:libthrift`	CVE-2019-0205	HIGH	0.12.0	0.13.0
`org.apache.thrift:libthrift`	CVE-2020-13949	HIGH	0.12.0	0.14.0
`org.apache.zookeeper:zookeeper`	CVE-2023-44981	CRITICAL	3.4.8	3.7.2, 3.8.3, 3.9.1
`org.apache.zookeeper:zookeeper`	CVE-2023-44981	CRITICAL	3.4.8	3.7.2, 3.8.3, 3.9.1
`org.apache.zookeeper:zookeeper`	CVE-2017-5637	HIGH	3.4.8	3.4.10, 3.5.3
`org.apache.zookeeper:zookeeper`	CVE-2017-5637	HIGH	3.4.8	3.4.10, 3.5.3
`org.apache.zookeeper:zookeeper`	CVE-2018-8012	HIGH	3.4.8	3.4.10, 3.5.4-beta
`org.apache.zookeeper:zookeeper`	CVE-2018-8012	HIGH	3.4.8	3.4.10, 3.5.4-beta
`org.apache.zookeeper:zookeeper`	CVE-2019-0201	MEDIUM	3.4.8	3.4.14, 3.5.5
`org.apache.zookeeper:zookeeper`	CVE-2019-0201	MEDIUM	3.4.8	3.4.14, 3.5.5
`org.apache.zookeeper:zookeeper`	CVE-2023-44981	CRITICAL	3.6.2	3.7.2, 3.8.3, 3.9.1
`org.apache.zookeeper:zookeeper`	CVE-2023-44981	CRITICAL	3.6.2	3.7.2, 3.8.3, 3.9.1
`org.apache.zookeeper:zookeeper`	CVE-2024-23944	MEDIUM	3.6.2	3.8.4, 3.9.2
`org.apache.zookeeper:zookeeper`	CVE-2024-23944	MEDIUM	3.6.2	3.8.4, 3.9.2
`org.eclipse.jetty:jetty-http`	CVE-2023-40167	MEDIUM	9.4.43.v20210629	9.4.52, 10.0.16, 11.0.16, 12.0.1
`org.eclipse.jetty:jetty-http`	CVE-2023-40167	MEDIUM	9.4.43.v20210629	9.4.52, 10.0.16, 11.0.16, 12.0.1
`org.eclipse.jetty:jetty-http`	CVE-2023-40167	MEDIUM	9.4.43.v20210629	9.4.52, 10.0.16, 11.0.16, 12.0.1
`org.eclipse.jetty:jetty-http`	CVE-2024-6763	MEDIUM	9.4.43.v20210629	12.0.12
`org.eclipse.jetty:jetty-http`	CVE-2024-6763	MEDIUM	9.4.43.v20210629	12.0.12
`org.eclipse.jetty:jetty-http`	CVE-2024-6763	MEDIUM	9.4.43.v20210629	12.0.12
`org.eclipse.jetty:jetty-http`	CVE-2022-2047	LOW	9.4.43.v20210629	9.4.47, 10.0.10, 11.0.10
`org.eclipse.jetty:jetty-http`	CVE-2022-2047	LOW	9.4.43.v20210629	9.4.47, 10.0.10, 11.0.10
`org.eclipse.jetty:jetty-http`	CVE-2022-2047	LOW	9.4.43.v20210629	9.4.47, 10.0.10, 11.0.10
`org.eclipse.jetty:jetty-http`	CVE-2023-40167	MEDIUM	9.4.48.v20220622	9.4.52, 10.0.16, 11.0.16, 12.0.1
`org.eclipse.jetty:jetty-http`	CVE-2024-6763	MEDIUM	9.4.48.v20220622	12.0.12
`org.eclipse.jetty:jetty-server`	CVE-2023-26048	MEDIUM	9.4.48.v20220622	9.4.51.v20230217, 10.0.14, 11.0.14
`org.eclipse.jetty:jetty-server`	CVE-2024-8184	MEDIUM	9.4.48.v20220622	12.0.9, 10.0.24, 11.0.24, 9.4.56
`org.eclipse.jetty:jetty-server`	CVE-2023-26049	LOW	9.4.48.v20220622	9.4.51.v20230217, 10.0.14, 11.0.14, 12.0.0.beta0
`org.eclipse.jetty:jetty-servlets`	CVE-2024-9823	MEDIUM	9.4.48.v20220622	9.4.54, 10.0.18, 11.0.18
`org.eclipse.jetty:jetty-servlets`	CVE-2023-36479	LOW	9.4.48.v20220622	9.4.52, 10.0.16, 11.0.16
`org.eclipse.jetty:jetty-xml`	GHSA-58qw-p7qm-5rvh	LOW	9.4.43.v20210629	10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823
`org.eclipse.jetty:jetty-xml`	GHSA-58qw-p7qm-5rvh	LOW	9.4.43.v20210629	10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823
`org.eclipse.jetty:jetty-xml`	GHSA-58qw-p7qm-5rvh	LOW	9.4.43.v20210629	10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823
`org.hibernate.validator:hibernate-validator`	CVE-2020-10693	MEDIUM	6.0.13.Final	6.1.5.Final, 6.0.20.Final
`org.hibernate.validator:hibernate-validator`	CVE-2020-10693	MEDIUM	6.0.13.Final	6.1.5.Final, 6.0.20.Final
`org.hibernate.validator:hibernate-validator`	CVE-2020-10693	MEDIUM	6.0.13.Final	6.1.5.Final, 6.0.20.Final
`org.hibernate.validator:hibernate-validator`	CVE-2023-1932	MEDIUM	6.0.13.Final	6.2.0.Final
`org.hibernate.validator:hibernate-validator`	CVE-2023-1932	MEDIUM	6.0.13.Final	6.2.0.Final
`org.hibernate.validator:hibernate-validator`	CVE-2023-1932	MEDIUM	6.0.13.Final	6.2.0.Final
`org.infinispan.protostream:protostream`	CVE-2023-5236	HIGH	4.6.0.Final	4.6.2.Final
`org.infinispan.protostream:protostream`	CVE-2023-5236	HIGH	4.6.0.Final	4.6.2.Final
`org.infinispan.protostream:protostream`	CVE-2023-5236	HIGH	4.6.0.Final	4.6.2.Final
`org.infinispan:infinispan-commons`	CVE-2023-5384	MEDIUM	14.0.5.Final	15.0.0.Dev07, 14.0.25.Final
`org.infinispan:infinispan-commons`	CVE-2023-5384	MEDIUM	14.0.5.Final	15.0.0.Dev07, 14.0.25.Final
`org.infinispan:infinispan-commons`	CVE-2023-5384	MEDIUM	14.0.5.Final	15.0.0.Dev07, 14.0.25.Final
`org.infinispan:infinispan-core`	CVE-2023-5384	MEDIUM	14.0.5.Final	15.0.0.Dev07, 14.0.25.Final
`org.infinispan:infinispan-core`	CVE-2023-5384	MEDIUM	14.0.5.Final	15.0.0.Dev07, 14.0.25.Final
`org.infinispan:infinispan-core`	CVE-2023-5384	MEDIUM	14.0.5.Final	15.0.0.Dev07, 14.0.25.Final
`org.json:json`	CVE-2022-45688	HIGH	20220924	20230227
`org.json:json`	CVE-2022-45688	HIGH	20220924	20230227
`org.json:json`	CVE-2022-45688	HIGH	20220924	20230227
`org.json:json`	CVE-2023-5072	HIGH	20220924	20231013
`org.json:json`	CVE-2023-5072	HIGH	20220924	20231013
`org.json:json`	CVE-2023-5072	HIGH	20220924	20231013
`org.xerial.snappy:snappy-java`	CVE-2023-34455	HIGH	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34455	HIGH	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34455	HIGH	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-43642	HIGH	1.1.8.4	1.1.10.4
`org.xerial.snappy:snappy-java`	CVE-2023-43642	HIGH	1.1.8.4	1.1.10.4
`org.xerial.snappy:snappy-java`	CVE-2023-43642	HIGH	1.1.8.4	1.1.10.4
`org.xerial.snappy:snappy-java`	CVE-2023-34453	MEDIUM	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34453	MEDIUM	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34453	MEDIUM	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34454	MEDIUM	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34454	MEDIUM	1.1.8.4	1.1.10.1
`org.xerial.snappy:snappy-java`	CVE-2023-34454	MEDIUM	1.1.8.4	1.1.10.1
`org.yaml:snakeyaml`	CVE-2022-1471	HIGH	1.31	2.0
`org.yaml:snakeyaml`	CVE-2022-38752	MEDIUM	1.31	1.32
`org.yaml:snakeyaml`	CVE-2022-41854	MEDIUM	1.31	1.32
`software.amazon.ion:ion-java`	CVE-2024-21634	HIGH	1.0.2	1.10.5

No Misconfigurations found

`Python`

1 known vulnerabilities found (LOW: 0 CRITICAL: 0 HIGH: 1 MEDIUM: 0)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`setuptools`	CVE-2024-6345	HIGH	68.2.2	70.0.0

No Misconfigurations found

`opt/bitnami/java`

No Vulnerabilities found

No Misconfigurations found

`opt/bitnami/python`

12 known vulnerabilities found (LOW: 1 CRITICAL: 1 HIGH: 6 MEDIUM: 4)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`python`	CVE-2023-36632	HIGH	3.10.13-20	3.11.4
`python`	CVE-2024-0397	HIGH	3.10.13-20	3.8.20, 3.9.20, 3.10.14, 3.11.9, 3.12.3
`python`	CVE-2024-4032	HIGH	3.10.13-20	3.8.20, 3.9.20, 3.10.15, 3.11.10, 3.12.4
`python`	CVE-2024-6232	HIGH	3.10.13-20	3.12.6, 3.11.10, 3.10.15, 3.9.20, 3.8.20
`python`	CVE-2024-7592	HIGH	3.10.13-20	3.12.6, 3.11.10, 3.10.15, 3.9.20, 3.8.20
`python`	CVE-2023-27043	MEDIUM	3.10.13-20	3.8.20, 3.12.6, 3.11.10, 3.10.15, 3.9.20
`python`	CVE-2024-50602	MEDIUM	3.10.13-20	3.13.1, 3.12.8, 3.11.11, 3.10.16, 3.9.21
`python`	CVE-2024-6923	MEDIUM	3.10.13-20	3.8.20, 3.9.20, 3.10.15, 3.11.10, 3.12.5
`python`	CVE-2024-8088	MEDIUM	3.10.13-20	3.8.20, 3.9.20, 3.10.15, 3.11.10, 3.12.6
`python`	CVE-2024-11168	LOW	3.10.13-20	3.9.21, 3.10.16, 3.11.4
`setuptools`	CVE-2024-6345	HIGH	68.2.2	70.0.0
`virtualenv`	CVE-2024-53899	CRITICAL	20.25.1	20.26.6

No Misconfigurations found

`opt/bitnami/spark`

No Vulnerabilities found

No Misconfigurations found

renovate bot force-pushed the renovate/major-github-actions branch 4 times, most recently from 2cfe18e to 2c514d3 Compare January 18, 2024 23:03

renovate bot force-pushed the renovate/major-github-actions branch 3 times, most recently from 538c4ed to 1afadb9 Compare January 26, 2024 17:43

renovate bot force-pushed the renovate/major-github-actions branch 4 times, most recently from 11e9684 to 50c9875 Compare February 2, 2024 22:58

renovate bot force-pushed the renovate/major-github-actions branch 2 times, most recently from 8fd5382 to 9aa330e Compare February 6, 2024 01:39

renovate bot force-pushed the renovate/major-github-actions branch 4 times, most recently from e00ffd2 to e952e23 Compare February 20, 2024 10:20

renovate bot force-pushed the renovate/major-github-actions branch 5 times, most recently from 83e478c to 6c99dc3 Compare February 26, 2024 23:06

renovate bot force-pushed the renovate/major-github-actions branch 2 times, most recently from e24395d to a81e1d9 Compare March 1, 2024 20:01

renovate bot force-pushed the renovate/major-github-actions branch 5 times, most recently from 7439dea to 9f7e2b1 Compare March 11, 2024 19:27

renovate bot force-pushed the renovate/major-github-actions branch 3 times, most recently from 359b151 to ccec601 Compare September 30, 2024 15:57

renovate bot force-pushed the renovate/major-github-actions branch 7 times, most recently from cf74fd5 to 74d6b4b Compare October 9, 2024 19:35

renovate bot force-pushed the renovate/major-github-actions branch from 74d6b4b to 2ed2388 Compare October 14, 2024 20:19

renovate bot force-pushed the renovate/major-github-actions branch 2 times, most recently from a23d970 to 114b0b1 Compare October 23, 2024 15:54

renovate bot force-pushed the renovate/major-github-actions branch from 114b0b1 to 3d01ed8 Compare October 31, 2024 19:17

renovate bot force-pushed the renovate/major-github-actions branch 4 times, most recently from 201f36e to 900ba47 Compare November 14, 2024 16:03

renovate bot force-pushed the renovate/major-github-actions branch 5 times, most recently from 98e3163 to 3a1dd2b Compare November 20, 2024 17:25

renovate bot force-pushed the renovate/major-github-actions branch from 3a1dd2b to d206ae2 Compare December 3, 2024 14:32

renovate bot force-pushed the renovate/major-github-actions branch 2 times, most recently from e433561 to c7f76e3 Compare December 12, 2024 21:21

chore(deps): update github-actions

96fc30d

renovate bot force-pushed the renovate/major-github-actions branch from c7f76e3 to 96fc30d Compare December 13, 2024 01:20

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update github-actions (major) #146

chore(deps): update github-actions (major) #146

renovate bot commented Jan 11, 2024 •

edited

Loading

github-actions bot commented Jan 11, 2024 •

edited

Loading

github-actions bot commented Dec 13, 2024

github-actions bot commented Dec 13, 2024

chore(deps): update github-actions (major) #146

Are you sure you want to change the base?

chore(deps): update github-actions (major) #146

Conversation

renovate bot commented Jan 11, 2024 • edited Loading

Release Notes

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

CodeQL Action Changelog

3.27.9 - 12 Dec 2024

CodeQL Action Changelog

3.27.7 - 10 Dec 2024

CodeQL Action Changelog

3.27.4 - 14 Nov 2024

CodeQL Action Changelog

3.27.3 - 12 Nov 2024

CodeQL Action Changelog

3.27.2 - 12 Nov 2024

CodeQL Action Changelog

3.27.1 - 08 Nov 2024

CodeQL Action Changelog

3.27.0 - 22 Oct 2024

CodeQL Action Changelog

2.27.9 - 12 Dec 2024

CodeQL Action Changelog

2.27.7 - 10 Dec 2024

CodeQL Action Changelog

2.27.6 - 03 Dec 2024

CodeQL Action Changelog

2.27.5 - 19 Nov 2024

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

renovate bot commented Jan 11, 2024 •

edited

Loading