Dependency Scan Vulnerabilities - Snyk

[sanjogpandasp]

Below are the list of vulnerabilities reported by dependency scan.

Summary

Tested 195 dependencies for known issues, found 127 issues, 479 vulnerable paths.

Issues to fix by upgrading:

• Upgrade ch.qos.logback:logback-classic@1.1.7 to ch.qos.logback:logback-classic@1.2.0 to fix
• Upgrade com.flipkart.zjsonpatch:zjsonpatch@0.2.1 to com.flipkart.zjsonpatch:zjsonpatch@0.4.10 to fix
• Upgrade com.github.tomakehurst:wiremock@2.3.1 to com.github.tomakehurst:wiremock@2.26.0 to fix
• Upgrade com.google.guava:guava@27.0.1-jre to com.google.guava:guava@30.0-jre to fix
• Upgrade com.squareup.retrofit2:converter-moshi@2.1.0 to com.squareup.retrofit2:converter-moshi@2.5.0 to fix
• Upgrade com.thoughtworks.xstream:xstream@1.3.1 to com.thoughtworks.xstream:xstream@1.4.15 to fix
• Upgrade io.grpc:grpc-core@1.18.0 to io.grpc:grpc-core@1.31.0 to fix
• Upgrade io.grpc:grpc-netty@1.18.0 to io.grpc:grpc-netty@1.29.0 to fix
• Upgrade io.grpc:grpc-okhttp@1.18.0 to io.grpc:grpc-okhttp@1.28.0 to fix
• Upgrade io.jaegertracing:jaeger-thrift@1.0.0 to io.jaegertracing:jaeger-thrift@1.1.0 to fix
• Upgrade junit:junit@4.12 to junit:junit@4.13.1 to fix
• Upgrade kr.motd.maven:os-maven-plugin@1.2.3.Final to kr.motd.maven:os-maven-plugin@1.6.0 to fix
• Upgrade org.apache.httpcomponents:httpclient@4.5.6 to org.apache.httpcomponents:httpclient@4.5.13 to fix
• Upgrade org.apache.maven:maven-plugin-api@3.2.1 to org.apache.maven:maven-plugin-api@3.5.0 to fix
• Upgrade org.eclipse.jetty:jetty-servlet@9.2.13.v20150730 to org.eclipse.jetty:jetty-servlet@9.3.24.v20180605 to fix
• Upgrade org.eclipse.jetty:jetty-servlets@9.2.13.v20150730 to org.eclipse.jetty:jetty-servlets@9.3.24.v20180605 to fix
• Upgrade org.eclipse.jetty:jetty-webapp@9.2.13.v20150730 to org.eclipse.jetty:jetty-webapp@9.4.33.v20201020 to fix
• Upgrade org.elasticsearch:elasticsearch@6.3.1 to org.elasticsearch:elasticsearch@6.8.14 to fix
• Upgrade org.elasticsearch:elasticsearch-x-content@6.3.1 to org.elasticsearch:elasticsearch-x-content@7.7.0 to fix
• Upgrade org.influxdb:influxdb-java@2.5 to org.influxdb:influxdb-java@2.15 to fix
• Upgrade org.mock-server:mockserver-core@3.10.5 to org.mock-server:mockserver-core@5.11.2 to fix
• Upgrade org.mock-server:mockserver-netty@3.10.5 to org.mock-server:mockserver-netty@5.11.2 to fix
• Upgrade org.postgresql:postgresql@9.4.1212 to org.postgresql:postgresql@42.2.13 to fix

A full list of issues is attached in the report below.
Reports attached.
scan report.zip

If there is an exact replica of this repo on source.golabs.io then I can help raising an MR to fix all of these dependencies also. That will help you review the same.
For some reason I am not able to in gitlab.