Update dependency com.google.protobuf:protobuf-java to v3.25.5 #356

Security Report

You have successfully remediated 8 vulnerabilities, but introduced 1 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE	Severity	CVSS Score	Vulnerable Library	Suggested Fix	Issue
CVE-2021-3918 Path to dependency file: /hadoop-yarn-project/hadoop-yarn/hadoop-yarn-ui/src/main/webapp/package.json Path to vulnerable library: /hadoop-yarn-project/hadoop-yarn/hadoop-yarn-ui/src/main/webapp/node_modules/json-schema/package.json Dependency Hierarchy: -> em-table-0.12.0.tgz (Root Library) -> phantomjs-prebuilt-2.1.13.tgz -> request-2.74.0.tgz -> http-signature-1.1.1.tgz -> jsprim-1.4.0.tgz -> ❌ json-schema-0.2.3.tgz (Vulnerable Library)	Critical	9.8	json-schema-0.2.3.tgz	Upgrade to version: json-schema - 0.4.0	#269

✔️ Remediated vulnerabilities:

CVE	Vulnerable Library
CVE-2021-22569	protobuf-java-3.7.1.jar
CVE-2022-3171	protobuf-java-3.7.1.jar
CVE-2022-3171	protobuf-java-3.6.1.jar
CVE-2022-3509	protobuf-java-3.7.1.jar
CVE-2024-7254	protobuf-java-3.7.1.jar
CVE-2024-7254	protobuf-java-3.6.1.jar
CVE-2022-3509	protobuf-java-3.6.1.jar
CVE-2021-22569	protobuf-java-3.6.1.jar

Base branch total remaining vulnerabilities: 247
Base branch commit: 6dcd8400219941dcbd7fb0f6b980cc2c6a2a6b0a

Total libraries scanned: 439

Scan token: b0671656283f4630aef8f04bbbc8bb8b

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency com.google.protobuf:protobuf-java to v3.25.5 #356

Update dependency com.google.protobuf:protobuf-java to v3.25.5 #356

Security Report

Re-running checks...

Update dependency com.google.protobuf:protobuf-java to v3.25.5 #356

Are you sure you want to change the base?

Update dependency com.google.protobuf:protobuf-java to v3.25.5

Update dependency com.google.protobuf:protobuf-java to v3.25.5 #356

Security Report

Re-running checks...