Skip to content

Bump org.junit:junit-bom from 5.11.3 to 5.11.4 (#1367) (#1369)

Mend for GitHub.com / WhiteSource Security Check failed Dec 23, 2024 in 11m 27s

Security Report

1 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2024-7254

Path to dependency file: /java-client/build.gradle.kts

Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.22.3/fdee98b8f6abab73f146a4edb4c09e56f8278d03/protobuf-java-3.22.3.jar

Dependency Hierarchy:

-> framework-2.12.0.jar (Root Library)

   -> opensearch-2.12.0.jar

     -> ❌ protobuf-java-3.22.3.jar (Vulnerable Library)

High 7.5 protobuf-java-3.22.3.jar Upgrade to version: com.google.protobuf:protobuf-javalite - 3.25.5,4.28.2,4.27.5;com.google.protobuf:protobuf-java - 4.27.5,3.25.5,4.28.2 None

Base branch total remaining vulnerabilities: 0
Base branch commit: c14325a09e25ec48fb364a5991e7209aa0a8c2bd


Total libraries scanned: 235

Scan token: c16d29746ff444aaadcf92b677098602

View more details on Mend for GitHub.com