Skip to content

dependency updates #2426

dependency updates

dependency updates #2426

GitHub Actions / Qodana for JVM completed May 12, 2024 in 0s

1 new problem found by Qodana for JVM

Qodana for JVM

1 new problem were found

Inspection name Severity Problems
Vulnerable declared dependency 🔶 Warning 1

💡 Qodana analysis was run in the pull request mode: only the changed files were checked
☁️ View the detailed Qodana report

Detected 140 dependencies

Third-party software list

This page lists the third-party software dependencies used in caffeine

Dependency Version Licenses
aho-corasick-double-array-trie 1.2.3 Apache-2.0
android-json 0.0.20131108.vaadin1 Apache-2.0
annotations 13.0 Apache-2.0
auto-value-annotations 1.10.4 Apache-2.0
biz.aqute.bnd.embedded-repo 7.0.0 Apache-2.0
biz.aqute.bnd.gradle 7.0.0 Apache-2.0
biz.aqute.bnd.util 7.0.0 Apache-2.0
biz.aqute.bndlib 7.0.0 Apache-2.0
EPL-2.0
biz.aqute.repository 7.0.0 Apache-2.0
biz.aqute.resolve 7.0.0 Apache-2.0
cache-api 1.1.0 Apache-2.0
cache-api 1.1.1 Apache-2.0
checker-qual 3.42.0 MIT
checker-qual 3.43.0 MIT
coherence 22.06.2 UPL-1.0
commons-beanutils 1.9.4 Apache-2.0
commons-codec 1.16.1 Apache-2.0
commons-collections 3.2.2 Apache-2.0
commons-collections4 4.4 Apache-2.0
commons-compress 1.26.1 Apache-2.0
commons-dbcp2 2.11.0 Apache-2.0
commons-digester 2.1 Apache-2.0
commons-io 2.15.1 Apache-2.0
commons-io 2.16.1 Apache-2.0
commons-jcs3-core 3.2 Apache-2.0
commons-lang 2.4 Apache-2.0
commons-lang3 3.14.0 Apache-2.0
commons-logging 1.2 Apache-2.0
commons-math3 3.6.1 Apache-2.0
commons-pool2 2.12.0 Apache-2.0
commons-text 1.12.0 Apache-2.0
commons-validator 1.7 Apache-2.0
compiler 0.9.6 Apache-2.0
cpe-parser 2.0.3 Apache-2.0
dependency-check-core 9.1.0 Apache-2.0
dependency-check-gradle 9.1.0 Apache-2.0
dependency-check-utils 9.1.0 Apache-2.0
ehcache 3.10.8 Apache-2.0
error_prone_annotations 2.26.1 Apache-2.0
error_prone_annotations 2.27.1 Apache-2.0
expiringmap 0.5.11 Apache-2.0
ezmorph 1.0.6 Apache-2.0
failureaccess 1.0.2 Apache-2.0
forbiddenapis 3.7 Apache-2.0
gradle-jmh-report 0.9.6 Apache-2.0
gson 2.10.1 Apache-2.0
guava 33.2.0-jre Apache-2.0
hazelcast 5.3.7 MIT
http-builder 0.7.1 Apache-2.0
httpclient 4.5.14 Apache-2.0
httpclient5 5.2.1 Apache-2.0
httpcore 4.4.16 Apache-2.0
httpcore5-h2 5.2 Apache-2.0
httpcore5 5.2 Apache-2.0
httpmime 4.5.11 Apache-2.0
j2objc-annotations 3.0.0 Apache-2.0
jackson-annotations 2.17.1 Apache-2.0
jackson-core 2.17.1 Apache-2.0
jackson-databind 2.17.1 Apache-2.0
jackson-dataformat-yaml 2.17.1 AML
jackson-datatype-jsr310 2.17.1 Apache-2.0
jackson-module-afterburner 2.17.1 BSD-3-CLAUSE-NO-TRADEMARK
jackson-module-blackbird 2.17.1 BSD-3-CLAUSE-NO-TRADEMARK
jakarta.inject-api 2.0.1 Apache-2.0
jakarta.transaction-api 1.3.3 EPL-2.0
GPL-1.0-or-later
javaewah 1.2.3 Apache-2.0
javapoet 1.13.0 Apache-2.0
javax.activation-api 1.2.0 CDDL-1.1
GPL-2.0-only
javax.inject 1 Apache-2.0
javax.json.bind-api 1.0 CDDL-1.1
GPL-2.0-only
javax.json 1.1.4 GPL-1.0-or-later
javax.ws.rs-api 2.0.1 GPL-1.0-or-later
jaxb-api 2.3.1 CDDL-1.1
GPL-2.0-only
ORACLE-OPENJDK-EXCEPTION-2.0
jcl-over-slf4j 1.7.28 Apache-2.0
jcs3-slf4j 1.0.5 Apache-2.0
jdiagnostics 1.0.7 Apache-2.0
jfreechart 1.5.4 LGPL-3.0-only
jmh-core 1.37 GPL-2.0-only
ORACLE-OPENJDK-EXCEPTION-2.0
jmh-gradle-plugin 0.7.2 Apache-2.0
jmustache 1.15 BSD-3-Clause
joda-time 2.10.4 Apache-2.0
jopt-simple 5.0.4 MIT
jsoup 1.17.2 MIT
jsr305 3.0.2 Apache-2.0
jul-to-slf4j 1.7.36 MIT
lucene-analyzers-common 8.11.2 Apache-2.0
lucene-core 8.11.2 Apache-2.0
lucene-queries 8.11.2 Apache-2.0
lucene-queryparser 8.11.2 Apache-2.0
lucene-sandbox 8.11.2 Apache-2.0
minlog 1.3.1 BSD-3-Clause
moshi-kotlin 1.12.0 Apache-2.0
moshi 1.12.0 Apache-2.0
nice-xml-messages 3.1 MIT
okhttp 4.12.0 Apache-2.0
okio-jvm 3.9.0 Apache-2.0
open-vulnerability-clients 6.0.1 Apache-2.0
org.eclipse.jgit 6.9.0.202403050737-r BSD-3-Clause
org.osgi.dto 1.0.0 Apache-2.0
org.osgi.framework 1.8.0 Apache-2.0
org.osgi.namespace.extender 1.0.1 Apache-2.0
org.osgi.resource 1.0.0 Apache-2.0
org.osgi.service.component.annotations 1.5.1 Apache-2.0
org.osgi.service.coordinator 1.0.2 Apache-2.0
org.osgi.service.log 1.3.0 Apache-2.0
org.osgi.service.repository 1.1.0 Apache-2.0
org.osgi.service.resolver 1.1.1 Apache-2.0
org.osgi.util.function 1.0.0 Apache-2.0
org.osgi.util.function 1.2.0 Apache-2.0
org.osgi.util.promise 1.0.0 Apache-2.0
org.osgi.util.promise 1.2.0 Apache-2.0
org.osgi.util.tracker 1.5.4 Apache-2.0
osgi.annotation 8.0.1 Apache-2.0
osgi.annotation 8.1.0 Apache-2.0
ossindex-service-api 1.8.2 Apache-2.0
ossindex-service-client 1.8.2 Apache-2.0
package-url-java 1.1.1 Apache-2.0
packager-core 0.19.0 EPL-2.0
packager-rpm 0.19.0 EPL-2.0
packageurl-java 1.4.1 MIT
pcollections 3.2.0 MIT
pecoff4j 0.0.2.1 IC-1.0
pmd-ant 7.1.0 BSD-3-Clause
pmd-core 7.1.0 BSD-3-Clause
publish-plugin 2.0.0 Apache-2.0
semver4j 5.2.2 MIT
slack-webhook 1.4.0 MIT
slf4j-api 1.7.36 MIT
slf4j-api 2.0.13 MIT
slf4j-jdk-platform-logging 2.0.13 MIT
slf4j-jdk14 2.0.13 MIT
snakeyaml 2.2 Apache-2.0
sonar-scanner-api 2.16.2.588 MIT
spotbugs-gradle-plugin 6.0.14 Apache-2.0
stream 2.9.8 Apache-2.0
toml4j 0.7.2 MIT
triava 2.0.1 Apache-2.0
univocity-parsers 2.9.1 Apache-2.0
velocity-engine-core 2.3 Apache-2.0
xml-resolver 1.2 Apache-2.0
Contact Qodana team

Contact us at [email protected]

Details

This result was published with Qodana GitHub Action

Annotations

Check warning on line 32 in gradle/plugins/build.gradle.kts

See this annotation in the file changed.

@github-actions github-actions / Qodana for JVM

Vulnerable declared dependency

Provides transitive vulnerable dependency maven:commons-collections:commons-collections:3.2.2

* [Cx78f40514-81ff](https://devhub.checkmarx.com/cve-details/Cx78f40514-81ff?utm_source=jetbrains&utm_medium=referral) 7.5 Uncontrolled Recursion vulnerability with High severity found

Results powered by [Checkmarx](https://checkmarx.com)(c)