Dependency Scan Vulnerabilities - Snyk

Below are the list of vulnerabilities reported by dependency scan. 

**Summary** 

Tested 195 dependencies for known issues, found _127 issues, 479 vulnerable paths._
![image](https://user-images.githubusercontent.com/5404943/109805962-195ecf00-7c4a-11eb-9bc5-e19ba655c91f.png)

**Issues to fix by upgrading:**

- [ ] Upgrade ch.qos.logback:logback-classic@1.1.7 to ch.qos.logback:logback-classic@1.2.0 to fix
- [ ] Upgrade com.flipkart.zjsonpatch:zjsonpatch@0.2.1 to com.flipkart.zjsonpatch:zjsonpatch@0.4.10 to fix
- [ ] Upgrade com.github.tomakehurst:wiremock@2.3.1 to com.github.tomakehurst:wiremock@2.26.0 to fix
- [ ] Upgrade com.google.guava:guava@27.0.1-jre to com.google.guava:guava@30.0-jre to fix
- [ ] Upgrade com.squareup.retrofit2:converter-moshi@2.1.0 to com.squareup.retrofit2:converter-moshi@2.5.0 to fix
- [ ] Upgrade com.thoughtworks.xstream:xstream@1.3.1 to com.thoughtworks.xstream:xstream@1.4.15 to fix
- [ ] Upgrade io.grpc:grpc-core@1.18.0 to io.grpc:grpc-core@1.31.0 to fix
- [ ] Upgrade io.grpc:grpc-netty@1.18.0 to io.grpc:grpc-netty@1.29.0 to fix
- [ ] Upgrade io.grpc:grpc-okhttp@1.18.0 to io.grpc:grpc-okhttp@1.28.0 to fix
- [ ] Upgrade io.jaegertracing:jaeger-thrift@1.0.0 to io.jaegertracing:jaeger-thrift@1.1.0 to fix
- [ ] Upgrade junit:junit@4.12 to junit:junit@4.13.1 to fix
- [ ] Upgrade kr.motd.maven:os-maven-plugin@1.2.3.Final to kr.motd.maven:os-maven-plugin@1.6.0 to fix
- [ ] Upgrade org.apache.httpcomponents:httpclient@4.5.6 to org.apache.httpcomponents:httpclient@4.5.13 to fix
- [ ] Upgrade org.apache.maven:maven-plugin-api@3.2.1 to org.apache.maven:maven-plugin-api@3.5.0 to fix
- [ ] Upgrade org.eclipse.jetty:jetty-servlet@9.2.13.v20150730 to org.eclipse.jetty:jetty-servlet@9.3.24.v20180605 to fix
- [ ] Upgrade org.eclipse.jetty:jetty-servlets@9.2.13.v20150730 to org.eclipse.jetty:jetty-servlets@9.3.24.v20180605 to fix
- [ ] Upgrade org.eclipse.jetty:jetty-webapp@9.2.13.v20150730 to org.eclipse.jetty:jetty-webapp@9.4.33.v20201020 to fix
- [ ] Upgrade org.elasticsearch:elasticsearch@6.3.1 to org.elasticsearch:elasticsearch@6.8.14 to fix
- [ ] Upgrade org.elasticsearch:elasticsearch-x-content@6.3.1 to org.elasticsearch:elasticsearch-x-content@7.7.0 to fix
- [ ] Upgrade org.influxdb:influxdb-java@2.5 to org.influxdb:influxdb-java@2.15 to fix
- [ ] Upgrade org.mock-server:mockserver-core@3.10.5 to org.mock-server:mockserver-core@5.11.2 to fix
- [ ] Upgrade org.mock-server:mockserver-netty@3.10.5 to org.mock-server:mockserver-netty@5.11.2 to fix
- [ ] Upgrade org.postgresql:postgresql@9.4.1212 to org.postgresql:postgresql@42.2.13 to fix

A full list of issues is attached in the report below. 
Reports attached. 
[scan report.zip](https://github.com/odpf/firehose/files/6075900/scan.report.zip)

If there is an exact replica of this repo on source.golabs.io then I can help raising an MR to fix all of these dependencies also. That will help you review the same. 
For some reason I am not able to in gitlab.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Dependency Scan Vulnerabilities - Snyk #8

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Dependency Scan Vulnerabilities - Snyk #8

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions