Giter Site home page Giter Site logo

admlvntv / weatherapicomlibrary Goto Github PK

View Code? Open in Web Editor NEW
1.0 1.0 2.0 460 KB

A simple library made for using weatherapi.com

License: Apache License 2.0

Java 100.00%
java lib library weather weather-api weather-data weather-information weather-library weatherapi

weatherapicomlibrary's Introduction

Hi πŸ‘‹, I'm Adam

An amateur and learning programmer from the United States

Connect with me:

adamcraftmaster

Languages and Tools:

git java kotlin linux

weatherapicomlibrary's People

Contributors

admlvntv avatar deepsourcebot avatar renovate-bot avatar

Stargazers

avatar

Watchers

avatar

Forkers

vishwaas-s khuship-wmt

weatherapicomlibrary's Issues

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

  • Update actions/checkout action to v4
  • Update actions/setup-java action to v4
  • Update dependency com.google.guava:guava to v32
  • Update github/super-linter action to v5
  • πŸ” Create all rate-limited PRs at once πŸ”

Edited/Blocked

These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

github-actions
.github/workflows/ci.yml
  • actions/checkout v3.0.0
  • actions/setup-java v3
  • actions/cache v3
  • gradle/gradle-build-action v2
  • actions/upload-artifact v3.0.0
  • actions/checkout v3
  • actions/setup-java v3
  • actions/cache v3
  • actions/cache v3
.github/workflows/codeql-analysis.yml
  • actions/checkout v3
  • github/codeql-action v1
  • github/codeql-action v1
  • github/codeql-action v1
.github/workflows/gradle-wrapper-validation.yml
  • actions/checkout v3
  • gradle/wrapper-validation-action v1
.github/workflows/linter.yml
  • actions/checkout v3
  • github/super-linter v4
gradle
settings.gradle
WeatherAPIcomLib/build.gradle
  • org.sonarqube 3.3
  • org.junit.jupiter:junit-jupiter 5.8.2
  • org.apache.commons:commons-math3 3.6.1
  • com.fasterxml.jackson.core:jackson-core 2.13.2
  • com.fasterxml.jackson.core:jackson-databind 2.13.2
  • javax.annotation:javax.annotation-api 1.3.2
  • com.google.guava:guava 31.1-jre
gradle-wrapper
gradle/wrapper/gradle-wrapper.properties
  • gradle 7.4.1
  • Check this box to trigger a request for Renovate to run again on this repository

CVE-2022-42004 (Medium) detected in jackson-databind-2.13.2.jar

CVE-2022-42004 - Medium Severity Vulnerability

Vulnerable Library - jackson-databind-2.13.2.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /WeatherAPIcomLib/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.2/926e48c451166a291f1ce6c6276d9abbefa7c00f/jackson-databind-2.13.2.jar,/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.2/926e48c451166a291f1ce6c6276d9abbefa7c00f/jackson-databind-2.13.2.jar

Dependency Hierarchy:

  • ❌ jackson-databind-2.13.2.jar (Vulnerable Library)

Found in base branch: main

Vulnerability Details

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

Publish Date: 2022-10-02

URL: CVE-2022-42004

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-10-02

Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.13.4

Step up your Open Source Security Game with Mend here

CVE-2020-36518 (High) detected in jackson-databind-2.13.2.jar

CVE-2020-36518 - High Severity Vulnerability

Vulnerable Library - jackson-databind-2.13.2.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /WeatherAPIcomLib/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.2/926e48c451166a291f1ce6c6276d9abbefa7c00f/jackson-databind-2.13.2.jar,/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.2/926e48c451166a291f1ce6c6276d9abbefa7c00f/jackson-databind-2.13.2.jar

Dependency Hierarchy:

  • ❌ jackson-databind-2.13.2.jar (Vulnerable Library)

Found in base branch: main

Vulnerability Details

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
Mend Note: After conducting further research, Mend has determined that all versions of com.fasterxml.jackson.core:jackson-databind up to version 2.13.2 are vulnerable to CVE-2020-36518.

Publish Date: 2022-03-11

URL: CVE-2020-36518

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-03-11

Fix Resolution: 2.13.2.1

Step up your Open Source Security Game with Mend here

JSON received internally in an unoptimized way

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
The library currently every time a method is called, downloads the JSON and uses up the limited amount of API usage.

Describe the solution you'd like
A clear and concise description of what you want to happen.
A potential solution is to download the JSON once every time a library’s object is initialized and save it for future usage without having to redownload over and over.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
We could also have it only redownload the JSON if a certain amount of time has passed since it was downloaded.

Additional context
Add any other context or screenshots about the feature request here.
chart

CVE-2022-42003 (Medium) detected in jackson-databind-2.13.2.jar

CVE-2022-42003 - Medium Severity Vulnerability

Vulnerable Library - jackson-databind-2.13.2.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /WeatherAPIcomLib/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.2/926e48c451166a291f1ce6c6276d9abbefa7c00f/jackson-databind-2.13.2.jar,/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.2/926e48c451166a291f1ce6c6276d9abbefa7c00f/jackson-databind-2.13.2.jar

Dependency Hierarchy:

  • ❌ jackson-databind-2.13.2.jar (Vulnerable Library)

Found in base branch: main

Vulnerability Details

In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.

Publish Date: 2022-10-02

URL: CVE-2022-42003

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.