Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

integration test spike #394

Closed
wants to merge 7 commits into from

Merge branch 'develop' into SDKS-2964

183a012
Select commit
Loading
Failed to load commit list.
Sign in for the full log view
Closed

integration test spike #394

Merge branch 'develop' into SDKS-2964
183a012
Select commit
Loading
Failed to load commit list.
GitHub Actions / Mend Scan Result succeeded Feb 29, 2024 in 0s

Mend Scan Result

success

Details

�[94mChecking for updates...
�[0m

Identified 605 dependencies

Detected 2 vulnerabilities (0 Critical, 0 High, 2 Medium, 0 Low)

+----------+-------------------------+----------------+----------------------------------------------------------------------------------------------------+
| SEVERITY | LIBRARY | ID | TOP FIX |
+----------+-------------------------+----------------+----------------------------------------------------------------------------------------------------+
| MEDIUM | bcprov-jdk15on-1.68.jar | CVE-2023-33201 | Upgrade to version org.bouncycastle:bcprov-ext-jdk18on:1.74, org.bouncycastle:bcprov-jdk18on:1.74, |
| | | | org.bouncycastle:bcprov-debug-jdk18on:1.74, org.bouncycastle:bcprov-ext-debug-jdk18on:1.74, |
| | | | org.bouncycastle:bcprov-ext-jdk15to18:1.74, org.bouncycastle:bcprov-jdk15to18:1.74, |
| | | | org.bouncycastle:bcprov-debug-jdk14:1.74, org.bouncycastle:bcprov-debug-jdk15to18:1.74, |
| | | | org.bouncycastle:bcprov-ext-debug-jdk14:1.74, org.bouncycastle:bcprov-ext-debug-jdk15to18:1.74, |
| | | | org.bouncycastle:bcprov-jdk14:1.74 |
+----------+-------------------------+----------------+----------------------------------------------------------------------------------------------------+
| MEDIUM | commons-io-2.6.jar | CVE-2021-29425 | Upgrade to version commons-io:commons-io:2.7 |
+----------+-------------------------+----------------+----------------------------------------------------------------------------------------------------+

Detected 3 Policy violations
+--------------------------------+-------------+-----------------------------+
| LIBRARY | POLICY TYPE | POLICY NAME |
+--------------------------------+-------------+-----------------------------+
| javax.annotation-api-1.3.2.pom | License | Black list (viral licenses) |
+--------------------------------+-------------+-----------------------------+
| play-services-auth-20.6.0.aar | License | Black list (viral licenses) |
+--------------------------------+-------------+-----------------------------+
| play-services-fido-20.0.1.aar | License | Black list (viral licenses) |
+--------------------------------+-------------+-----------------------------+

Paths at risk

P = policy violation
MSC = malicious vulnerability
CRITICAL/HIGH/MEDIUM/LOW = CVE severity

play-services-fido-20.0.1.aar [P]
play-services-auth-20.6.0.aar [P]
|-- play-services-fido-20.0.1.aar [P]
play-services-fido-20.0.1.aar [P]
mockwebserver-2.7.5.jar]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
commons-io-2.6.jar [1 MEDIUM]
forgerock-auth-4.3.1]
|-- play-services-auth-20.6.0.aar [P]
|-- play-services-fido-20.0.1.aar [P]
|-- commons-io-2.6.jar [1 MEDIUM]
|-- javax.annotation-api-1.3.2.pom [P]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
javax.annotation-api-1.3.2.pom [P]
bcprov-jdk15on-1.68.jar [1 MEDIUM]
robolectric-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
sandbox-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
utils-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
forgerock-authenticator-4.3.1]
|-- javax.annotation-api-1.3.2.pom [P]
javax.annotation-api-1.3.2.pom [P]
robolectric-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
sandbox-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
utils-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
mockwebserver-2.7.5.jar]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
commons-io-2.6.jar [1 MEDIUM]
forgerock-core-4.3.1]
|-- commons-io-2.6.jar [1 MEDIUM]
|-- javax.annotation-api-1.3.2.pom [P]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
javax.annotation-api-1.3.2.pom [P]
bcprov-jdk15on-1.68.jar [1 MEDIUM]
robolectric-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
sandbox-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
utils-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
play-services-fido-20.0.1.aar [P]
mockwebserver-2.7.5.jar]
|-- bcprov-jdk15on-1.68.jar [1 MEDIUM]
commons-io-2.6.jar [1 MEDIUM]
bcprov-jdk15on-1.68.jar [1 MEDIUM]
javax.annotation-api-1.3.2.pom [P]
robolectric-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
sandbox-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]
utils-4.9.2.pom]
|-- javax.annotation-api-1.3.2.pom [P]

Support token: 7ba9e91f196ec51bc6bf788f6b29719723ceda0f0731fb

Project forgerock-android-sdk was updated, for more information visit: https://saas.whitesourcesoftware.com/Wss/WSS.html#!project;token=2b34746a134847f78df7345265565b520982b63674434af781df3c3546cc39c1

View more details on GitHub Actions