chore(deps): refresh pip-compile outputs#171
Open
renovate[bot] wants to merge 1 commit intomasterfrom
Open
Conversation
✅
|
| Descriptor | Linter | Files | Fixed | Errors | Warnings | Elapsed time |
|---|---|---|---|---|---|---|
| ✅ ACTION | actionlint | 4 | 0 | 0 | 0.04s | |
| ✅ BASH | bash-exec | 1 | 0 | 0 | 0.01s | |
| ✅ BASH | shellcheck | 1 | 0 | 0 | 0.17s | |
| shfmt | 1 | 1 | 0 | 0.01s | ||
| ✅ DOCKERFILE | hadolint | 2 | 0 | 0 | 0.07s | |
| ✅ EDITORCONFIG | editorconfig-checker | 56 | 0 | 0 | 0.13s | |
| npm-groovy-lint | 2 | 0 | 10 | 14.2s | ||
| checkstyle | 11 | 0 | 19 | 5.25s | ||
| ✅ JSON | jsonlint | 4 | 0 | 0 | 0.15s | |
| prettier | 4 | 1 | 0 | 0.63s | ||
| ✅ JSON | v8r | 4 | 0 | 0 | 3.45s | |
| ✅ MARKDOWN | markdownlint | 2 | 0 | 0 | 0.79s | |
| ✅ PYTHON | bandit | 1 | 0 | 0 | 1.82s | |
| ✅ PYTHON | black | 1 | 0 | 0 | 1.1s | |
| ✅ PYTHON | flake8 | 1 | 0 | 0 | 0.53s | |
| ✅ PYTHON | isort | 1 | 0 | 0 | 0.34s | |
| ✅ PYTHON | mypy | 1 | 0 | 0 | 9.99s | |
| ✅ PYTHON | ruff | 1 | 0 | 0 | 0.03s | |
| ✅ REPOSITORY | gitleaks | yes | no | no | 0.65s | |
| ✅ REPOSITORY | git_diff | yes | no | no | 0.01s | |
| ✅ REPOSITORY | grype | yes | no | no | 41.32s | |
| kics | yes | no | 24 | 12.81s | ||
| ✅ REPOSITORY | secretlint | yes | no | no | 1.33s | |
| ✅ REPOSITORY | syft | yes | no | no | 2.5s | |
| ✅ REPOSITORY | trivy | yes | no | no | 9.26s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | no | 0.27s | |
| ✅ REPOSITORY | trufflehog | yes | no | no | 5.39s | |
| ✅ XML | xmllint | 1 | 0 | 0 | 0.63s | |
| ✅ YAML | prettier | 16 | 0 | 0 | 0.62s | |
| ✅ YAML | v8r | 16 | 0 | 0 | 9.19s | |
| ✅ YAML | yamllint | 16 | 0 | 0 | 0.68s |
Detailed Issues
⚠️ JAVA / checkstyle - 19 warnings
warning: Using the '.*' form of import should be avoided - software.amazon.awssdk.services.s3.*.
warning: Missing a Javadoc comment.
warning: Missing a Javadoc comment.
warning: Missing a Javadoc comment.
warning: Missing a Javadoc comment.
warning: Line is longer than 100 characters (found 109).
warning: Missing a Javadoc comment.
warning: Missing a Javadoc comment.
warning: Missing a Javadoc comment.
warning: Missing a Javadoc comment.
warning: Missing a Javadoc comment.
warning: Missing a Javadoc comment.
warning: Missing a Javadoc comment.
warning: Missing a Javadoc comment.
warning: Missing a Javadoc comment.
warning: Missing a Javadoc comment.
warning: Missing a Javadoc comment.
warning: Line is longer than 100 characters (found 125).
warning: Abbreviation in name 'merge_whenGivenListWithTwoBundlesWithAResourceWithTheSameRequestUrl_shouldReturnBundleWithOnlyTheMostRecentResource' must contain no more than '1' consecutive capital letters.
warning: 19 warnings emitted
⚠️ REPOSITORY / kics - 24 warnings
warning: Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.
┌─ compose.yml:64:1
│
64 │ minio:
│ ^^^^^^^^
│
= Container Capabilities Unrestricted
= Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.
warning: Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.
┌─ tests/e2e/compose.yml:35:1
│
35 │ test:
│ ^^^^^^^
│
= Container Capabilities Unrestricted
= Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.
warning: Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.
┌─ compose.yml:51:1
│
51 │ mock-data-loader:
│ ^^^^^^^^^^^^^^^^^^^
│
= Container Capabilities Unrestricted
= Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.
warning: Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.
┌─ compose.yml:2:1
│
2 │ fhir:
│ ^^^^^^^
│
= Container Capabilities Unrestricted
= Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.
warning: Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.
┌─ compose.yml:37:1
│
37 │ akhq:
│ ^^^^^^^
│
= Container Capabilities Unrestricted
= Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.
warning: Docker compose file doesn't have 'cap_drop' attribute. Make sure your container only has necessary capabilities.
┌─ tests/e2e/compose.yml:2:1
│
2 │ kafka-fhir-to-server:
│ ^^^^^^^^^^^^^^^^^^^^^^^
│
= Container Capabilities Unrestricted
= Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.
warning: Healthcheck is not defined.
┌─ compose.yml:13:1
│
13 │ kafka:
│ ^^^^^^^^
│
= Healthcheck Not Set
= Check containers periodically to see if they are running properly.
warning: Healthcheck is not defined.
┌─ tests/e2e/compose.yml:2:1
│
2 │ kafka-fhir-to-server:
│ ^^^^^^^^^^^^^^^^^^^^^^^
│
= Healthcheck Not Set
= Check containers periodically to see if they are running properly.
warning: Healthcheck is not defined.
┌─ compose.yml:2:1
│
2 │ fhir:
│ ^^^^^^^
│
= Healthcheck Not Set
= Check containers periodically to see if they are running properly.
warning: Healthcheck is not defined.
┌─ tests/e2e/compose.yml:13:1
│
13 │ wait-for-fhir-server:
│ ^^^^^^^^^^^^^^^^^^^^^^^
│
= Healthcheck Not Set
= Check containers periodically to see if they are running properly.
warning: Healthcheck is not defined.
┌─ compose.yml:64:1
│
64 │ minio:
│ ^^^^^^^^
│
= Healthcheck Not Set
= Check containers periodically to see if they are running properly.
warning: Healthcheck is not defined.
┌─ compose.yml:51:1
│
51 │ mock-data-loader:
│ ^^^^^^^^^^^^^^^^^^^
│
= Healthcheck Not Set
= Check containers periodically to see if they are running properly.
warning: Healthcheck is not defined.
┌─ compose.yml:37:1
│
37 │ akhq:
│ ^^^^^^^
│
= Healthcheck Not Set
= Check containers periodically to see if they are running properly.
warning: Healthcheck is not defined.
┌─ tests/e2e/compose.yml:35:1
│
35 │ test:
│ ^^^^^^^
│
= Healthcheck Not Set
= Check containers periodically to see if they are running properly.
warning: Docker compose file does not have 'security_opt' attribute
┌─ compose.yml:37:1
│
37 │ akhq:
│ ^^^^^^^
│
= Security Opt Not Set
= Attribute 'security_opt' should be defined.
warning: Docker compose file does not have 'security_opt' attribute
┌─ compose.yml:51:1
│
51 │ mock-data-loader:
│ ^^^^^^^^^^^^^^^^^^^
│
= Security Opt Not Set
= Attribute 'security_opt' should be defined.
warning: Docker compose file does not have 'security_opt' attribute
┌─ tests/e2e/compose.yml:2:1
│
2 │ kafka-fhir-to-server:
│ ^^^^^^^^^^^^^^^^^^^^^^^
│
= Security Opt Not Set
= Attribute 'security_opt' should be defined.
warning: Docker compose file does not have 'security_opt' attribute
┌─ compose.yml:2:1
│
2 │ fhir:
│ ^^^^^^^
│
= Security Opt Not Set
= Attribute 'security_opt' should be defined.
warning: Docker compose file does not have 'security_opt' attribute
┌─ compose.yml:64:1
│
64 │ minio:
│ ^^^^^^^^
│
= Security Opt Not Set
= Attribute 'security_opt' should be defined.
warning: Docker compose file does not have 'security_opt' attribute
┌─ tests/e2e/compose.yml:35:1
│
35 │ test:
│ ^^^^^^^
│
= Security Opt Not Set
= Attribute 'security_opt' should be defined.
warning: The 'Dockerfile' contains the 'chown' flag
┌─ Dockerfile:4:1
│
4 │ COPY --chown=gradle:gradle . .
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
│
= Chown Flag Exists
= It is considered a best practice for every executable in a container to be owned by the root user even if it is executed by a non-root user, only execution permissions are required on the file, not ownership
warning: Dockerfile doesn't contain instruction 'HEALTHCHECK'
┌─ tests/e2e/Dockerfile:1:1
│
1 │ FROM docker.io/library/python:3.13-alpine@sha256:9ba6d8cbebf0fb6546ae71f2a1c14f6ffd2fdab83af7fa5669734ef30ad48844
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
│
= Healthcheck Instruction Missing
= Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
warning: Dockerfile doesn't contain instruction 'HEALTHCHECK'
┌─ Dockerfile:18:1
│
18 │ FROM gcr.io/distroless/java21-debian12:nonroot@sha256:dfea876744f635b5fea3ea53099410cfc5d17aeea7b62887310512d78094f6f3
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
│
= Healthcheck Instruction Missing
= Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
warning: There are COPY instructions that could be grouped
┌─ Dockerfile:20:1
│
20 │ COPY --from=build /home/gradle/project/dependencies/ ./
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
│
= Multiple RUN, ADD, COPY, Instructions Listed
= Multiple commands (RUN, COPY, ADD) should be grouped in order to reduce the number of layers.
warning: 24 warnings emitted
⚠️ GROOVY / npm-groovy-lint - 10 warnings
note: Class should be marked with one of @GrailsCompileStatic, @CompileStatic or @CompileDynamic
= Check that classes are explicitely annotated with either @GrailsCompileStatic, @CompileStatic or @CompileDynamic
note: The statement on line 13 in class None is at the incorrect indent level: Expected one of columns [5, 9, 13] but was 3
= Check indentation for class and method declarations, and initial statements.
note: The statement on line 14 in class None is at the incorrect indent level: Expected one of columns [9, 13, 17] but was 5
= Check indentation for class and method declarations, and initial statements.
note: The statement on line 19 in class None is at the incorrect indent level: Expected one of columns [5, 9, 13] but was 3
= Check indentation for class and method declarations, and initial statements.
note: The statement on line 20 in class None is at the incorrect indent level: Expected one of columns [9, 13, 17] but was 5
= Check indentation for class and method declarations, and initial statements.
note: The String 'software.amazon.awssdk:bom:2.31.16' can be wrapped in single quotes instead of double quotes
┌─ build.gradle:61:30
│
61 │ implementation platform("software.amazon.awssdk:bom:2.31.16")
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
│
= String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.
note: The String 'software.amazon.awssdk:s3' can be wrapped in single quotes instead of double quotes
┌─ build.gradle:62:21
│
62 │ implementation "software.amazon.awssdk:s3"
│ ^^^^^^^^^^^^^^^^^^^^^^^^^
│
= String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.
note: The statement on line 78 in class None is at the incorrect indent level: Depending on your chaining style, expected one of [5, 9, 13] or one of [10, 14, 18] columns, but was 3
= Check indentation for class and method declarations, and initial statements.
note: The String '0.8.13' can be wrapped in single quotes instead of double quotes
┌─ build.gradle:90:20
│
90 │ toolVersion = "0.8.13"
│ ^^^^^^
│
= String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.
note: Class should be marked with one of @GrailsCompileStatic, @CompileStatic or @CompileDynamic
= Check that classes are explicitely annotated with either @GrailsCompileStatic, @CompileStatic or @CompileDynamic
⚠️ JSON / prettier - 1 error
Checking formatting...
[warn] .renovaterc.json
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
⚠️ BASH / shfmt - 1 error
diff gradlew.orig gradlew
--- gradlew.orig
+++ gradlew
@@ -71,15 +71,15 @@
# Need this for daisy-chained symlinks.
while
- APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
- [ -h "$app_path" ]
+ APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
+ [ -h "$app_path" ]
do
- ls=$( ls -ld "$app_path" )
- link=${ls#*' -> '}
- case $link in #(
- /*) app_path=$link ;; #(
- *) app_path=$APP_HOME$link ;;
- esac
+ ls=$(ls -ld "$app_path")
+ link=${ls#*' -> '}
+ case $link in #(
+ /*) app_path=$link ;; #(
+ *) app_path=$APP_HOME$link ;;
+ esac
done
# This is normally unused
@@ -86,20 +86,20 @@
# shellcheck disable=SC2034
APP_BASE_NAME=${0##*/}
# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit
+APP_HOME=$(cd -P "${APP_HOME:-./}" >/dev/null && printf '%s\n' "$PWD") || exit
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD=maximum
-warn () {
- echo "$*"
-} >&2
-
-die () {
- echo
- echo "$*"
- echo
- exit 1
+warn() {
+ echo "$*"
+} >&2
+
+die() {
+ echo
+ echo "$*"
+ echo
+ exit 1
} >&2
# OS specific support (must be 'true' or 'false').
@@ -107,57 +107,56 @@
msys=false
darwin=false
nonstop=false
-case "$( uname )" in #(
- CYGWIN* ) cygwin=true ;; #(
- Darwin* ) darwin=true ;; #(
- MSYS* | MINGW* ) msys=true ;; #(
- NONSTOP* ) nonstop=true ;;
+case "$(uname)" in #(
+CYGWIN*) cygwin=true ;; #(
+Darwin*) darwin=true ;; #(
+MSYS* | MINGW*) msys=true ;; #(
+NONSTOP*) nonstop=true ;;
esac
-
-
# Determine the Java command to use to start the JVM.
-if [ -n "$JAVA_HOME" ] ; then
- if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
- # IBM's JDK on AIX uses strange locations for the executables
- JAVACMD=$JAVA_HOME/jre/sh/java
- else
- JAVACMD=$JAVA_HOME/bin/java
- fi
- if [ ! -x "$JAVACMD" ] ; then
- die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
-
-Please set the JAVA_HOME variable in your environment to match the
-location of your Java installation."
- fi
+if [ -n "$JAVA_HOME" ]; then
+ if [ -x "$JAVA_HOME/jre/sh/java" ]; then
+ # IBM's JDK on AIX uses strange locations for the executables
+ JAVACMD=$JAVA_HOME/jre/sh/java
+ else
+ JAVACMD=$JAVA_HOME/bin/java
+ fi
+ if [ ! -x "$JAVACMD" ]; then
+ die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+ fi
else
- JAVACMD=java
- if ! command -v java >/dev/null 2>&1
- then
- die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-
-Please set the JAVA_HOME variable in your environment to match the
-location of your Java installation."
- fi
+ JAVACMD=java
+ if ! command -v java >/dev/null 2>&1; then
+ die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+ fi
fi
# Increase the maximum file descriptors if we can.
-if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
- case $MAX_FD in #(
- max*)
- # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
- # shellcheck disable=SC2039,SC3045
- MAX_FD=$( ulimit -H -n ) ||
- warn "Could not query maximum file descriptor limit"
- esac
- case $MAX_FD in #(
- '' | soft) :;; #(
- *)
- # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
- # shellcheck disable=SC2039,SC3045
- ulimit -n "$MAX_FD" ||
- warn "Could not set maximum file descriptor limit to $MAX_FD"
- esac
+if ! "$cygwin" && ! "$darwin" && ! "$nonstop"; then
+ case $MAX_FD in #(
+ max*)
+ # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+ # shellcheck disable=SC2039,SC3045
+ MAX_FD=$(ulimit -H -n) ||
+ warn "Could not query maximum file descriptor limit"
+ ;;
+ esac
+ case $MAX_FD in #(
+ '' | soft) : ;; #(
+ *)
+ # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+ # shellcheck disable=SC2039,SC3045
+ ulimit -n "$MAX_FD" ||
+ warn "Could not set maximum file descriptor limit to $MAX_FD"
+ ;;
+ esac
fi
# Collect all arguments for the java command, stacking in reverse order:
@@ -169,35 +168,36 @@
# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
# For Cygwin or MSYS, switch paths to Windows format before running java
-if "$cygwin" || "$msys" ; then
- APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
-
- JAVACMD=$( cygpath --unix "$JAVACMD" )
-
- # Now convert the arguments - kludge to limit ourselves to /bin/sh
- for arg do
- if
- case $arg in #(
- -*) false ;; # don't mess with options #(
- /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
- [ -e "$t" ] ;; #(
- *) false ;;
- esac
- then
- arg=$( cygpath --path --ignore --mixed "$arg" )
- fi
- # Roll the args list around exactly as many times as the number of
- # args, so each arg winds up back in the position where it started, but
- # possibly modified.
- #
- # NB: a `for` loop captures its iteration list before it begins, so
- # changing the positional parameters here affects neither the number of
- # iterations, nor the values presented in `arg`.
- shift # remove old arg
- set -- "$@" "$arg" # push replacement arg
- done
-fi
-
+if "$cygwin" || "$msys"; then
+ APP_HOME=$(cygpath --path --mixed "$APP_HOME")
+
+ JAVACMD=$(cygpath --unix "$JAVACMD")
+
+ # Now convert the arguments - kludge to limit ourselves to /bin/sh
+ for arg; do
+ if
+ case $arg in #(
+ -*) false ;; # don't mess with options #(
+ /?*)
+ t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
+ [ -e "$t" ]
+ ;; #(
+ *) false ;;
+ esac
+ then
+ arg=$(cygpath --path --ignore --mixed "$arg")
+ fi
+ # Roll the args list around exactly as many times as the number of
+ # args, so each arg winds up back in the position where it started, but
+ # possibly modified.
+ #
+ # NB: a `for` loop captures its iteration list before it begins, so
+ # changing the positional parameters here affects neither the number of
+ # iterations, nor the values presented in `arg`.
+ shift # remove old arg
+ set -- "$@" "$arg" # push replacement arg
+ done
+fi
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
@@ -209,14 +209,13 @@
# treated as '${Hostname}' itself on the command line.
set -- \
- "-Dorg.gradle.appname=$APP_BASE_NAME" \
- -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
- "$@"
+ "-Dorg.gradle.appname=$APP_BASE_NAME" \
+ -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
+ "$@"
# Stop when "xargs" is not available.
-if ! command -v xargs >/dev/null 2>&1
-then
- die "xargs is not available"
+if ! command -v xargs >/dev/null 2>&1; then
+ die "xargs is not available"
fi
# Use "xargs" to parse quoted args.
@@ -239,10 +238,10 @@
#
eval "set -- $(
- printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
- xargs -n1 |
- sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
- tr '\n' ' '
- )" '"$@"'
+ printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
+
(Truncated to 8000 characters out of 8105)
See detailed reports in MegaLinter artifacts
Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)
- Documentation: Custom Flavors
- Command:
npx mega-linter-runner@9.0.1 --custom-flavor-setup --custom-flavor-linters PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_BANDIT,PYTHON_MYPY,PYTHON_RUFF,ACTION_ACTIONLINT,BASH_EXEC,BASH_SHELLCHECK,BASH_SHFMT,DOCKERFILE_HADOLINT,EDITORCONFIG_EDITORCONFIG_CHECKER,GROOVY_NPM_GROOVY_LINT,JAVA_CHECKSTYLE,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_KICS,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,XML_XMLLINT,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R
renovate
bot
force-pushed
the
renovate/pip-compile-refresh
branch
from
026e02a to
78522e7
Compare
Trivy image scan report
|
| Package | ID | Severity | Installed Version | Fixed Version |
|---|---|---|---|---|
io.netty:netty-codec |
CVE-2025-58057 | MEDIUM | 4.1.119.Final | 4.1.125.Final |
io.netty:netty-codec-http |
CVE-2025-58056 | LOW | 4.1.119.Final | 4.1.125.Final, 4.2.5.Final |
io.netty:netty-codec-http2 |
CVE-2025-55163 | HIGH | 4.1.119.Final | 4.2.4.Final, 4.1.124.Final |
org.apache.commons:commons-lang3 |
CVE-2025-48924 | MEDIUM | 3.17.0 | 3.18.0 |
org.apache.kafka:kafka-clients |
CVE-2025-27817 | MEDIUM | 3.8.1 | 3.9.1 |
org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-48988 | HIGH | 10.1.39 | 11.0.8, 10.1.42, 9.0.106 |
org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-48989 | HIGH | 10.1.39 | 11.0.10, 10.1.44, 9.0.108 |
org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-31650 | MEDIUM | 10.1.39 | 9.0.104, 10.1.40, 11.0.6 |
org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-49125 | MEDIUM | 10.1.39 | 11.0.8, 10.1.42, 9.0.106 |
org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-31651 | LOW | 10.1.39 | 9.0.104, 10.1.40, 11.0.6 |
org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-46701 | LOW | 10.1.39 | 9.0.105, 10.1.41, 11.0.7 |
org.springframework.boot:spring-boot |
CVE-2025-22235 | HIGH | 3.4.4 | 3.3.11, 3.4.5 |
org.springframework:spring-context |
CVE-2025-22233 | LOW | 6.2.5 | 6.2.7, 6.1.20 |
org.springframework:spring-core |
CVE-2025-41249 | HIGH | 6.2.5 | 6.2.11 |
org.springframework:spring-web |
CVE-2025-41234 | MEDIUM | 6.2.5 | 6.2.8, 6.1.21 |
org.springframework:spring-webmvc |
CVE-2025-41242 | MEDIUM | 6.2.5 | 6.2.10 |
No Misconfigurations found
chgl
approved these changes
Nov 19, 2025
Contributor
Author
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
🔧 This Pull Request updates lock files to use the latest dependency versions.
Configuration
📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.