Can someone remind me — is there a Gradle task to update dependencies? (Analogous to 'mvn versions:update-properties’.)
If so, we should do this every release. Julian > On Oct 2, 2024, at 9:06 AM, Xiong Duan <xi...@apache.org> wrote: > > Hi, Hugh Pearse. Thanks for checking the dependency's vulnerabilities > in Calcite. It is precious. We can create an ISSUE in JIRA. > > Hugh Pearse <hughpea...@gmail.com> 于2024年10月2日周三 15:56写道: >> >> Our security team found these issues: >> >> >> - Scan of *https://github.com/apache/calcite.git >> <https://github.com/apache/calcite.git>* on *Sep 27, 2024* >> Version Scanned: *latest* >> >> Vulnerabilities >> SeverityPkgNameInstalled VersionFixed VersionVulnerability IDReference >> HIGH webrick 1.7.0 >= 1.8.2 CVE-2024-47220 >> https://avd.aquasec.com/nvd/cve-2024-47220 >> MEDIUM nokogiri 1.14.3 1.15.6, 1.16.2 GHSA-vcc3-rw6f-jv97 >> https://github.com/advisories/GHSA-vcc3-rw6f-jv97 >> MEDIUM nokogiri 1.14.3 ~> 1.15.6, >= 1.16.2 GHSA-xc9x-jj77-9p9j >> https://github.com/advisories/GHSA-xc9x-jj77-9p9j >> MEDIUM rexml 3.2.5 >= 3.2.7 CVE-2024-35176 >> https://avd.aquasec.com/nvd/cve-2024-35176 >> MEDIUM rexml 3.2.5 >= 3.3.2 CVE-2024-39908 >> https://avd.aquasec.com/nvd/cve-2024-39908 >> MEDIUM rexml 3.2.5 >= 3.3.3 CVE-2024-41123 >> https://avd.aquasec.com/nvd/cve-2024-41123 >> MEDIUM rexml 3.2.5 >= 3.3.3 CVE-2024-41946 >> https://avd.aquasec.com/nvd/cve-2024-41946 >> MEDIUM rexml 3.2.5 >= 3.3.6 CVE-2024-43398 >> https://avd.aquasec.com/nvd/cve-2024-43398 >> >> From, >> Hugh Pearse
