Re: vulnerabilities: dependency scan

Wed, 02 Oct 2024 15:48:29 -0700 

It looks like these are all ruby dependencies in the site directory.

https://github.com/apache/calcite/blob/main/site/Gemfile#L18

https://github.com/apache/calcite/blob/main/site/Gemfile.lock#L56

Used for the website documentation, not the exported jar files.

On Wed, 2 Oct 2024, 23:41 Xiong Duan, <xi...@apache.org> wrote:

> Hi, We have a command that generates a report of vulnerabilities that
> occur among dependencies.
>
> ./gradlew dependencyCheckUpdate dependencyCheckAggregate
>
> [1] https://calcite.apache.org/docs/howto.html#publishing-a-release
>
> Julian Hyde <jhyde.apa...@gmail.com> 于2024年10月3日周四 01:01写道:
> >
> > Can someone remind me — is there a Gradle task to update dependencies?
> (Analogous to 'mvn versions:update-properties’.)
> >
> > If so, we should do this every release.
> >
> > Julian
> >
> >
> >
> > > On Oct 2, 2024, at 9:06 AM, Xiong Duan <xi...@apache.org> wrote:
> > >
> > > Hi, Hugh Pearse. Thanks for checking the dependency's vulnerabilities
> > > in Calcite. It is precious. We can create an ISSUE in JIRA.
> > >
> > > Hugh Pearse <hughpea...@gmail.com> 于2024年10月2日周三 15:56写道:
> > >>
> > >> Our security team found these issues:
> > >>
> > >>
> > >>   - Scan of *https://github.com/apache/calcite.git
> > >>   <https://github.com/apache/calcite.git>* on *Sep 27, 2024*
> > >>   Version Scanned: *latest*
> > >>
> > >> Vulnerabilities
> > >> SeverityPkgNameInstalled VersionFixed VersionVulnerability IDReference
> > >> HIGH webrick 1.7.0 >= 1.8.2 CVE-2024-47220
> > >> https://avd.aquasec.com/nvd/cve-2024-47220
> > >> MEDIUM nokogiri 1.14.3 1.15.6, 1.16.2 GHSA-vcc3-rw6f-jv97
> > >> https://github.com/advisories/GHSA-vcc3-rw6f-jv97
> > >> MEDIUM nokogiri 1.14.3 ~> 1.15.6, >= 1.16.2 GHSA-xc9x-jj77-9p9j
> > >> https://github.com/advisories/GHSA-xc9x-jj77-9p9j
> > >> MEDIUM rexml 3.2.5 >= 3.2.7 CVE-2024-35176
> > >> https://avd.aquasec.com/nvd/cve-2024-35176
> > >> MEDIUM rexml 3.2.5 >= 3.3.2 CVE-2024-39908
> > >> https://avd.aquasec.com/nvd/cve-2024-39908
> > >> MEDIUM rexml 3.2.5 >= 3.3.3 CVE-2024-41123
> > >> https://avd.aquasec.com/nvd/cve-2024-41123
> > >> MEDIUM rexml 3.2.5 >= 3.3.3 CVE-2024-41946
> > >> https://avd.aquasec.com/nvd/cve-2024-41946
> > >> MEDIUM rexml 3.2.5 >= 3.3.6 CVE-2024-43398
> > >> https://avd.aquasec.com/nvd/cve-2024-43398
> > >>
> > >> From,
> > >> Hugh Pearse
> >
>

Reply via email to