It looks like these are all ruby dependencies in the site directory. https://github.com/apache/calcite/blob/main/site/Gemfile#L18
https://github.com/apache/calcite/blob/main/site/Gemfile.lock#L56 Used for the website documentation, not the exported jar files. On Wed, 2 Oct 2024, 23:41 Xiong Duan, <xi...@apache.org> wrote: > Hi, We have a command that generates a report of vulnerabilities that > occur among dependencies. > > ./gradlew dependencyCheckUpdate dependencyCheckAggregate > > [1] https://calcite.apache.org/docs/howto.html#publishing-a-release > > Julian Hyde <jhyde.apa...@gmail.com> 于2024年10月3日周四 01:01写道: > > > > Can someone remind me — is there a Gradle task to update dependencies? > (Analogous to 'mvn versions:update-properties’.) > > > > If so, we should do this every release. > > > > Julian > > > > > > > > > On Oct 2, 2024, at 9:06 AM, Xiong Duan <xi...@apache.org> wrote: > > > > > > Hi, Hugh Pearse. Thanks for checking the dependency's vulnerabilities > > > in Calcite. It is precious. We can create an ISSUE in JIRA. > > > > > > Hugh Pearse <hughpea...@gmail.com> 于2024年10月2日周三 15:56写道: > > >> > > >> Our security team found these issues: > > >> > > >> > > >> - Scan of *https://github.com/apache/calcite.git > > >> <https://github.com/apache/calcite.git>* on *Sep 27, 2024* > > >> Version Scanned: *latest* > > >> > > >> Vulnerabilities > > >> SeverityPkgNameInstalled VersionFixed VersionVulnerability IDReference > > >> HIGH webrick 1.7.0 >= 1.8.2 CVE-2024-47220 > > >> https://avd.aquasec.com/nvd/cve-2024-47220 > > >> MEDIUM nokogiri 1.14.3 1.15.6, 1.16.2 GHSA-vcc3-rw6f-jv97 > > >> https://github.com/advisories/GHSA-vcc3-rw6f-jv97 > > >> MEDIUM nokogiri 1.14.3 ~> 1.15.6, >= 1.16.2 GHSA-xc9x-jj77-9p9j > > >> https://github.com/advisories/GHSA-xc9x-jj77-9p9j > > >> MEDIUM rexml 3.2.5 >= 3.2.7 CVE-2024-35176 > > >> https://avd.aquasec.com/nvd/cve-2024-35176 > > >> MEDIUM rexml 3.2.5 >= 3.3.2 CVE-2024-39908 > > >> https://avd.aquasec.com/nvd/cve-2024-39908 > > >> MEDIUM rexml 3.2.5 >= 3.3.3 CVE-2024-41123 > > >> https://avd.aquasec.com/nvd/cve-2024-41123 > > >> MEDIUM rexml 3.2.5 >= 3.3.3 CVE-2024-41946 > > >> https://avd.aquasec.com/nvd/cve-2024-41946 > > >> MEDIUM rexml 3.2.5 >= 3.3.6 CVE-2024-43398 > > >> https://avd.aquasec.com/nvd/cve-2024-43398 > > >> > > >> From, > > >> Hugh Pearse > > >