From 81d4888efdb951128ad62c12c731d849b40b4a88 Mon Sep 17 00:00:00 2001
From: bossenti <50115603+bossenti@users.noreply.github.com>
Date: Sun, 1 Dec 2024 00:43:29 +0000
Subject: [PATCH] monthly update of vulnerability report

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 VULNERABILITY.md | 149 +++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 144 insertions(+), 5 deletions(-)

diff --git a/VULNERABILITY.md b/VULNERABILITY.md
index 00255213a5..aaa8e067df 100644
--- a/VULNERABILITY.md
+++ b/VULNERABILITY.md
@@ -1,11 +1,150 @@
-<!--\n  ~ Licensed to the Apache Software Foundation (ASF) under one or more\n  ~ contributor license agreements.  See the NOTICE file distributed with\n  ~ this work for additional information regarding copyright ownership.\n  ~ The ASF licenses this file to You under the Apache License, Version 2.0\n  ~ (the "License"); you may not use this file except in compliance with\n  ~ the License.  You may obtain a copy of the License at\n  ~\n  ~    http://www.apache.org/licenses/LICENSE-2.0\n  ~\n  ~ Unless required by applicable law or agreed to in writing, software\n  ~ distributed under the License is distributed on an "AS IS" BASIS,\n  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  ~ See the License for the specific language governing permissions and\n  ~ limitations under the License.\n  ~\n  -->
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one or more
+  ~ contributor license agreements.  See the NOTICE file distributed with
+  ~ this work for additional information regarding copyright ownership.
+  ~ The ASF licenses this file to You under the Apache License, Version 2.0
+  ~ (the "License"); you may not use this file except in compliance with
+  ~ the License.  You may obtain a copy of the License at
+  ~
+  ~    http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  ~
+  -->
+Attempted to scan lockfile but failed: /repo/archetypes/streampipes-archetype-extensions-jvm/src/main/resources/archetype-resources/pom.xml
+Attempted to scan lockfile but failed: /repo/archetypes/streampipes-archetype-pe-processors-flink/src/main/resources/archetype-resources/pom.xml
+Attempted to scan lockfile but failed: /repo/archetypes/streampipes-archetype-pe-sinks-flink/src/main/resources/archetype-resources/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-client/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-client-api/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-connect-management/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-connect-shared/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-data-explorer/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-data-explorer-api/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-data-explorer-export/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-data-explorer-influx/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-data-explorer-iotdb/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-data-explorer-management/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-data-export/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-dataformat/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-connect-adapters/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-connect-adapters-iiot/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-connectors-influx/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-connectors-kafka/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-connectors-mqtt/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-connectors-nats/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-connectors-opcua/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-connectors-plc/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-connectors-pulsar/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-connectors-rocketmq/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-connectors-ros/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-connectors-tubemq/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-extensions-all-iiot/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-extensions-all-jvm/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-extensions-iiot-minimal/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-pipeline-elements-experimental-flink/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-pipeline-elements-shared/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-processors-change-detection-jvm/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-processors-enricher-jvm/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-processors-filters-jvm/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-processors-filters-siddhi/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-processors-geo-jvm/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-processors-image-processing-jvm/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-processors-text-mining-jvm/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-processors-transformation-jvm/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-sinks-brokers-jvm/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-sinks-databases-jvm/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-sinks-internal-jvm/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions/streampipes-sinks-notifications-jvm/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions-api/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-extensions-management/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-integration-tests/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-mail/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-maven-plugin/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-measurement-units/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-messaging/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-messaging-jms/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-messaging-kafka/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-messaging-mqtt/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-messaging-nats/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-messaging-pulsar/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-model/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-model-client/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-pipeline-management/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-platform-services/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-resource-management/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-rest/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-rest-core-base/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-rest-extensions/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-rest-shared/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-sdk/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-sdk-bundle/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-security-jwt/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-serializers-json/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-service-base/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-service-core/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-service-core-minimal/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-service-discovery/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-service-discovery-api/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-service-extensions/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-storage-api/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-storage-couchdb/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-storage-management/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-test-utils/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-test-utils-executors/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-user-management/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-wrapper/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-wrapper-distributed/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-wrapper-flink/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-wrapper-kafka-streams/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-wrapper-siddhi/pom.xml
+Attempted to scan lockfile but failed: /repo/streampipes-wrapper-standalone/pom.xml
+Filtered 1 local package/s from the scan.
 | OSV URL | CVSS | Ecosystem | Package | Version | Source |
 | --- | --- | --- | --- | --- | --- |
-| https://osv.dev/GHSA-6mjq-h674-j845 | 6.5 | Maven | io.netty:netty-handler | 4.1.72.Final | pom.xml |
-| https://osv.dev/GHSA-w596-4wvx-j9j6<br/>https://osv.dev/PYSEC-2022-42969 | 7.5 | PyPI | py | 1.11.0 | streampipes-client-python/poetry.lock |
-| https://osv.dev/GHSA-269g-pwp5-87pp | 4.4 | Maven | junit:junit (dev) | 4.8.2 | streampipes-maven-plugin/pom.xml |
-| https://osv.dev/GHSA-4943-9vgg-gr5r | 6.1 | npm | quill | 1.3.7 | ui/package-lock.json |
+| https://osv.dev/GO-2024-2687 |  | Go | stdlib | 1.21.6 | streampipes-client-e2e/go-client-e2e/go.mod |
+| https://osv.dev/GHSA-3xgq-45jj-v275 | 7.5 | npm | cross-spawn (dev) | 7.0.3 | streampipes-client-go/docs/package-lock.json |
+| https://osv.dev/GHSA-952p-6rrq-rcjv | 5.3 | npm | micromatch (dev) | 4.0.7 | streampipes-client-go/docs/package-lock.json |
+| https://osv.dev/PYSEC-2022-42969<br/>https://osv.dev/GHSA-w596-4wvx-j9j6 | 8.7 | PyPI | py | 1.11.0 | streampipes-client-python/poetry.lock |
+| https://osv.dev/GHSA-8hc4-vh64-cxmj |  | npm | axios (dev) | 1.6.7 | ui/package-lock.json |
+| https://osv.dev/GHSA-grv7-fg5c-xmjg | 7.5 | npm | braces | 3.0.2 | ui/package-lock.json |
+| https://osv.dev/GHSA-pxg6-pf52-xh8x |  | npm | cookie | 0.4.2 | ui/package-lock.json |
+| https://osv.dev/GHSA-pxg6-pf52-xh8x |  | npm | cookie (dev) | 0.6.0 | ui/package-lock.json |
+| https://osv.dev/GHSA-3xgq-45jj-v275 | 7.5 | npm | cross-spawn (dev) | 7.0.3 | ui/package-lock.json |
+| https://osv.dev/GHSA-gx9m-whjm-85jf | 10.0 | npm | dompurify | 3.0.9 | ui/package-lock.json |
+| https://osv.dev/GHSA-mmhx-hmjr-r674 | 8.3 | npm | dompurify | 3.0.9 | ui/package-lock.json |
+| https://osv.dev/GHSA-c7qv-q95q-8v27 | 7.5 | npm | http-proxy-middleware (dev) | 2.0.6 | ui/package-lock.json |
+| https://osv.dev/GHSA-m4gq-x24j-jpmf | 7.0 | npm | mermaid | 10.9.0 | ui/package-lock.json |
+| https://osv.dev/GHSA-952p-6rrq-rcjv | 5.3 | npm | micromatch | 4.0.5 | ui/package-lock.json |
+| https://osv.dev/GHSA-4943-9vgg-gr5r | 4.2 | npm | quill | 1.3.7 | ui/package-lock.json |
+| https://osv.dev/GHSA-gcx4-mw62-g8wm | 8.3 | npm | rollup (dev) | 4.13.0 | ui/package-lock.json |
+| https://osv.dev/GHSA-m6fv-jmcg-4jfg | 5.0 | npm | send | 0.16.2 | ui/package-lock.json |
+| https://osv.dev/GHSA-cm22-4g7w-348p | 5.0 | npm | serve-static | 1.13.2 | ui/package-lock.json |
 | https://osv.dev/GHSA-f5x3-32g6-xq36 | 6.5 | npm | tar (dev) | 6.2.0 | ui/package-lock.json |
 | https://osv.dev/GHSA-9qxr-qj54-h672 | 2.6 | npm | undici (dev) | 6.7.1 | ui/package-lock.json |
 | https://osv.dev/GHSA-m4v8-wqvr-p9f7 | 3.9 | npm | undici (dev) | 6.7.1 | ui/package-lock.json |
 | https://osv.dev/GHSA-8jhw-289h-jh2g | 5.9 | npm | vite (dev) | 5.1.5 | ui/package-lock.json |
+| https://osv.dev/GHSA-64vr-g452-qvp3 | 6.4 | npm | vite (dev) | 5.1.5 | ui/package-lock.json |
+| https://osv.dev/GHSA-9cwx-2883-4wfx | 6.9 | npm | vite (dev) | 5.1.5 | ui/package-lock.json |
+| https://osv.dev/GHSA-4vvj-4cpr-p986 | 6.4 | npm | webpack (dev) | 5.90.3 | ui/package-lock.json |
+| Uncalled vulnerabilities |  |  |  |  |  |
+| https://osv.dev/GO-2024-2598 |  | Go | stdlib | 1.21.6 | streampipes-client-e2e/go-client-e2e/go.mod |
+| https://osv.dev/GO-2024-2599 |  | Go | stdlib | 1.21.6 | streampipes-client-e2e/go-client-e2e/go.mod |
+| https://osv.dev/GO-2024-2600 |  | Go | stdlib | 1.21.6 | streampipes-client-e2e/go-client-e2e/go.mod |
+| https://osv.dev/GO-2024-2609 |  | Go | stdlib | 1.21.6 | streampipes-client-e2e/go-client-e2e/go.mod |
+| https://osv.dev/GO-2024-2610 |  | Go | stdlib | 1.21.6 | streampipes-client-e2e/go-client-e2e/go.mod |
+| https://osv.dev/GO-2024-2887 |  | Go | stdlib | 1.21.6 | streampipes-client-e2e/go-client-e2e/go.mod |
+| https://osv.dev/GO-2024-2888 |  | Go | stdlib | 1.21.6 | streampipes-client-e2e/go-client-e2e/go.mod |
+| https://osv.dev/GO-2024-2963 |  | Go | stdlib | 1.21.6 | streampipes-client-e2e/go-client-e2e/go.mod |
+| https://osv.dev/GO-2024-3105 |  | Go | stdlib | 1.21.6 | streampipes-client-e2e/go-client-e2e/go.mod |
+| https://osv.dev/GO-2024-3106 |  | Go | stdlib | 1.21.6 | streampipes-client-e2e/go-client-e2e/go.mod |
+| https://osv.dev/GO-2024-3107 |  | Go | stdlib | 1.21.6 | streampipes-client-e2e/go-client-e2e/go.mod |
+| https://osv.dev/GO-2024-3105 |  | Go | stdlib | 1.21 | streampipes-client-go/docs/go.mod |
+| https://osv.dev/GO-2024-3106 |  | Go | stdlib | 1.21 | streampipes-client-go/docs/go.mod |
+| https://osv.dev/GO-2024-3107 |  | Go | stdlib | 1.21 | streampipes-client-go/docs/go.mod |
+| https://osv.dev/GO-2024-3105 |  | Go | stdlib | 1.21 | streampipes-client-go/go.mod |
+| https://osv.dev/GO-2024-3106 |  | Go | stdlib | 1.21 | streampipes-client-go/go.mod |
+| https://osv.dev/GO-2024-3107 |  | Go | stdlib | 1.21 | streampipes-client-go/go.mod |