Hi, We have a command that generates a report of vulnerabilities that occur among dependencies.
./gradlew dependencyCheckUpdate dependencyCheckAggregate [1] https://calcite.apache.org/docs/howto.html#publishing-a-release Julian Hyde <jhyde.apa...@gmail.com> 于2024年10月3日周四 01:01写道: > > Can someone remind me — is there a Gradle task to update dependencies? > (Analogous to 'mvn versions:update-properties’.) > > If so, we should do this every release. > > Julian > > > > > On Oct 2, 2024, at 9:06 AM, Xiong Duan <xi...@apache.org> wrote: > > > > Hi, Hugh Pearse. Thanks for checking the dependency's vulnerabilities > > in Calcite. It is precious. We can create an ISSUE in JIRA. > > > > Hugh Pearse <hughpea...@gmail.com> 于2024年10月2日周三 15:56写道: > >> > >> Our security team found these issues: > >> > >> > >> - Scan of *https://github.com/apache/calcite.git > >> <https://github.com/apache/calcite.git>* on *Sep 27, 2024* > >> Version Scanned: *latest* > >> > >> Vulnerabilities > >> SeverityPkgNameInstalled VersionFixed VersionVulnerability IDReference > >> HIGH webrick 1.7.0 >= 1.8.2 CVE-2024-47220 > >> https://avd.aquasec.com/nvd/cve-2024-47220 > >> MEDIUM nokogiri 1.14.3 1.15.6, 1.16.2 GHSA-vcc3-rw6f-jv97 > >> https://github.com/advisories/GHSA-vcc3-rw6f-jv97 > >> MEDIUM nokogiri 1.14.3 ~> 1.15.6, >= 1.16.2 GHSA-xc9x-jj77-9p9j > >> https://github.com/advisories/GHSA-xc9x-jj77-9p9j > >> MEDIUM rexml 3.2.5 >= 3.2.7 CVE-2024-35176 > >> https://avd.aquasec.com/nvd/cve-2024-35176 > >> MEDIUM rexml 3.2.5 >= 3.3.2 CVE-2024-39908 > >> https://avd.aquasec.com/nvd/cve-2024-39908 > >> MEDIUM rexml 3.2.5 >= 3.3.3 CVE-2024-41123 > >> https://avd.aquasec.com/nvd/cve-2024-41123 > >> MEDIUM rexml 3.2.5 >= 3.3.3 CVE-2024-41946 > >> https://avd.aquasec.com/nvd/cve-2024-41946 > >> MEDIUM rexml 3.2.5 >= 3.3.6 CVE-2024-43398 > >> https://avd.aquasec.com/nvd/cve-2024-43398 > >> > >> From, > >> Hugh Pearse >
