[Backport] [2.x] Bump org.owasp.dependencycheck from 11.1.1 to 12.0.0 (#1381) #1388
Mend for GitHub.com / WhiteSource Security Check
failed
Jan 13, 2025 in 5m 9s
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2024-7254Path to dependency file: /java-client/build.gradle.kts Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.22.3/fdee98b8f6abab73f146a4edb4c09e56f8278d03/protobuf-java-3.22.3.jar Dependency Hierarchy: -> framework-2.12.0.jar (Root Library) -> opensearch-2.12.0.jar -> ❌ protobuf-java-3.22.3.jar (Vulnerable Library) |
 High |
7.5 | protobuf-java-3.22.3.jar | Upgrade to version: com.google.protobuf:protobuf-javalite - 3.25.5,4.28.2,4.27.5;com.google.protobuf:protobuf-java - 4.27.5,3.25.5,4.28.2 | None |
Base branch total remaining vulnerabilities: 0
Base branch commit: 335a75cebb3f1de00b8ad41804af11d2938d1bf0
Total libraries scanned: 235
Scan token: 0b5ae87137804c369e983df4b184a871
Loading