Giter Site home page Giter Site logo

cheshire-cat-api-client-java's Introduction

cheshire-cat-api-client-java

Cheshire Cat AI - Java client

This project consists of 3 modules:

Current version

Current library version is align to 1.5.2 version of Cheshire Cat API.

CheshireCat

For more informations about the Cat, you can go here https://github.com/cheshire-cat-ai

cheshire-cat-api-client-java's People

Contributors

matteobaccan avatar renovate[bot] avatar mend-bolt-for-github[bot] avatar

Stargazers

Francesco Bianco (yafb) avatar avatar Alfredo Serafini avatar Massimiliano Aroffo avatar

Watchers

avatar avatar

Forkers

bbossola

cheshire-cat-api-client-java's Issues

logging-interceptor-4.10.0.jar: 1 vulnerabilities (highest severity is: 7.5) - autoclosed

Vulnerable Library - logging-interceptor-4.10.0.jar

Path to vulnerable library: /home/wss-scanner/.ivy2/cache/com.squareup.okio/okio-jvm/jars/okio-jvm-3.0.0.jar

Found in HEAD commit: 93cd621efcdaea2c2184b8ccec2169ded4d6d9ec

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (logging-interceptor version) Remediation Possible**
CVE-2023-3635 High 7.5 okio-jvm-3.0.0.jar Transitive 4.12.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-3635

Vulnerable Library - okio-jvm-3.0.0.jar

A modern I/O API for Java

Path to vulnerable library: /home/wss-scanner/.ivy2/cache/com.squareup.okio/okio-jvm/jars/okio-jvm-3.0.0.jar

Dependency Hierarchy:

  • logging-interceptor-4.10.0.jar (Root Library)
    • okhttp-4.10.0.jar
      • okio-jvm-3.0.0.jar (Vulnerable Library)

Found in HEAD commit: 93cd621efcdaea2c2184b8ccec2169ded4d6d9ec

Found in base branch: main

Vulnerability Details

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.

Publish Date: 2023-07-12

URL: CVE-2023-3635

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-3635

Release Date: 2023-07-12

Fix Resolution (com.squareup.okio:okio-jvm): 3.4.0

Direct dependency fix Resolution (com.squareup.okhttp3:logging-interceptor): 4.12.0

Step up your Open Source Security Game with Mend here

cheshire-cat-java-client-0.0.5.jar: 1 vulnerabilities (highest severity is: 7.5) - autoclosed

Vulnerable Library - cheshire-cat-java-client-0.0.5.jar

Path to dependency file: /cheshire-cat-java-client-test/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/squareup/okio/okio-jvm/3.2.0/okio-jvm-3.2.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio-jvm/3.2.0/okio-jvm-3.2.0.jar

Found in HEAD commit: 93cd621efcdaea2c2184b8ccec2169ded4d6d9ec

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (cheshire-cat-java-client version) Remediation Possible**
CVE-2023-3635 High 7.5 okio-jvm-3.2.0.jar Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-3635

Vulnerable Library - okio-jvm-3.2.0.jar

A modern I/O API for Java

Path to dependency file: /cheshire-cat-java-client/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/squareup/okio/okio-jvm/3.2.0/okio-jvm-3.2.0.jar,/home/wss-scanner/.m2/repository/com/squareup/okio/okio-jvm/3.2.0/okio-jvm-3.2.0.jar

Dependency Hierarchy:

  • cheshire-cat-java-client-0.0.5.jar (Root Library)
    • okhttp-4.11.0.jar
      • okio-3.2.0.jar
        • okio-jvm-3.2.0.jar (Vulnerable Library)

Found in HEAD commit: 93cd621efcdaea2c2184b8ccec2169ded4d6d9ec

Found in base branch: main

Vulnerability Details

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.

Publish Date: 2023-07-12

URL: CVE-2023-3635

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-3635

Release Date: 2023-07-12

Fix Resolution: com.squareup.okio:okio-jvm:3.4.0

Step up your Open Source Security Game with Mend here

okhttp-4.11.0.jar: 1 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - okhttp-4.11.0.jar

Path to dependency file: /cheshire-cat-java-client-test/pom.xml

Path to vulnerable library: /cheshire-cat-java-client-test/pom.xml,/cheshire-cat-java-client/pom.xml

Found in HEAD commit: 9d72715c91d406a60c64c93f2dd44d8ba5afce5c

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (okhttp version) Remediation Possible**
CVE-2023-3635 High 7.5 okio-jvm-3.2.0.jar Transitive 4.12.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-3635

Vulnerable Library - okio-jvm-3.2.0.jar

A modern I/O API for Java

Path to dependency file: /cheshire-cat-java-client-test/pom.xml

Path to vulnerable library: /cheshire-cat-java-client-test/pom.xml,/cheshire-cat-java-client/pom.xml

Dependency Hierarchy:

  • okhttp-4.11.0.jar (Root Library)
    • okio-3.2.0.jar
      • okio-jvm-3.2.0.jar (Vulnerable Library)

Found in HEAD commit: 9d72715c91d406a60c64c93f2dd44d8ba5afce5c

Found in base branch: main

Vulnerability Details

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.

Publish Date: 2023-07-12

URL: CVE-2023-3635

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-3635

Release Date: 2023-07-12

Fix Resolution (com.squareup.okio:okio-jvm): 3.4.0

Direct dependency fix Resolution (com.squareup.okhttp3:okhttp): 4.12.0

Step up your Open Source Security Game with Mend here

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Repository problems

These problems occurred while renovating this repository. View logs.

  • WARN: Package lookup failures

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

  • Update dependency org.apache.maven.plugins:maven-source-plugin to v3.3.1
  • Update dependency org.slf4j:slf4j-api to v2.0.13
  • Update dependency scala to v2.11.12
  • Update dependency com.google.code.gson:gson to v2.10.1
  • Update dependency com.novocode:junit-interface to v0.11
  • Update dependency org.apache.commons:commons-lang3 to v3.14.0
  • Update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.13.0
  • Update dependency org.apache.maven.plugins:maven-jar-plugin to v3.4.1
  • Update dependency scala to v2.13.14
  • Update junit5 monorepo (org.junit.jupiter:junit-jupiter-api, org.junit.platform:junit-platform-runner, org.junit.jupiter:junit-jupiter-engine)
  • Update okhttp monorepo to v4.12.0 (com.squareup.okhttp3:logging-interceptor, com.squareup.okhttp3:okhttp)
  • Update dependency jakarta.annotation:jakarta.annotation-api to v3
  • Update dependency org.mockito:mockito-core to v5
  • 🔐 Create all rate-limited PRs at once 🔐

Warning

Renovate failed to look up the following dependencies: Failed to look up maven package it.baccan:cheshire-cat-java-client.

Files affected: cheshire-cat-java-client-test/pom.xml

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

github-actions
cheshire-cat-java-client/.github/workflows/maven.yml
  • actions/checkout v4
  • actions/setup-java v4
gradle
cheshire-cat-java-client/gradle.properties
cheshire-cat-java-client/settings.gradle
cheshire-cat-java-client/build.gradle
  • com.android.tools.build:gradle 2.3.+
  • com.github.dcendents:android-maven-gradle-plugin 2.1
  • com.diffplug.spotless:spotless-plugin-gradle 6.11.0
  • io.swagger:swagger-annotations 1.6.8
  • com.google.code.findbugs:jsr305 3.0.2
  • com.squareup.okhttp3:okhttp 4.12.0
  • com.squareup.okhttp3:logging-interceptor 4.12.0
  • com.google.code.gson:gson 2.9.1
  • io.gsonfire:gson-fire 1.9.0
  • javax.ws.rs:jsr311-api 1.1.1
  • javax.ws.rs:javax.ws.rs-api 2.1.1
  • org.openapitools:jackson-databind-nullable 0.2.6
  • org.apache.commons:commons-lang3 3.12.0
  • jakarta.annotation:jakarta.annotation-api 1.3.5
  • org.junit.jupiter:junit-jupiter-api 5.9.1
  • org.mockito:mockito-core 3.12.4
  • org.junit.jupiter:junit-jupiter-engine 5.9.1
gradle-wrapper
cheshire-cat-java-client/gradle/wrapper/gradle-wrapper.properties
  • gradle 7.2
maven
cheshire-cat-java-client-generator/pom.xml
  • org.openapitools:openapi-generator-maven-plugin 7.5.0
cheshire-cat-java-client-test/pom.xml
  • org.projectlombok:lombok 1.18.32
  • org.slf4j:slf4j-api 2.0.12
  • ch.qos.logback:logback-core 1.5.3
  • ch.qos.logback:logback-classic 1.5.3
  • it.baccan:cheshire-cat-java-client 1.5.2
  • org.apache.maven.plugins:maven-compiler-plugin 3.13.0
cheshire-cat-java-client/pom.xml
  • org.apache.maven.plugins:maven-compiler-plugin 3.8.1
  • org.apache.maven.plugins:maven-enforcer-plugin 3.4.1
  • org.apache.maven.plugins:maven-surefire-plugin 2.22.2
  • org.junit.jupiter:junit-jupiter-engine 5.10.0
  • org.apache.maven.plugins:maven-dependency-plugin 3.6.1
  • org.apache.maven.plugins:maven-jar-plugin 3.3.0
  • org.codehaus.mojo:build-helper-maven-plugin 3.5.0
  • org.apache.maven.plugins:maven-javadoc-plugin 3.6.3
  • org.apache.maven.plugins:maven-source-plugin 3.3.0
  • com.diffplug.spotless:spotless-maven-plugin 2.43.0
  • org.apache.maven.plugins:maven-gpg-plugin 3.2.1
  • com.google.code.findbugs:jsr305 3.0.2
  • com.squareup.okhttp3:okhttp 4.11.0
  • com.squareup.okhttp3:logging-interceptor 4.11.0
  • com.google.code.gson:gson 2.10.1
  • io.gsonfire:gson-fire 1.9.0
  • org.apache.commons:commons-lang3 3.14.0
  • jakarta.annotation:jakarta.annotation-api 1.3.5
  • org.openapitools:jackson-databind-nullable 0.2.6
  • javax.ws.rs:jsr311-api 1.1.1
  • javax.ws.rs:javax.ws.rs-api 2.1.1
  • org.junit.jupiter:junit-jupiter-engine 5.10.0
  • org.junit.platform:junit-platform-runner 1.10.0
pom.xml
  • org.apache.maven.plugins:maven-compiler-plugin 3.13.0
sbt
cheshire-cat-java-client/build.sbt
  • scala 2.11.4
  • io.swagger:swagger-annotations 1.6.5
  • com.squareup.okhttp3:okhttp 4.12.0
  • com.squareup.okhttp3:logging-interceptor 4.12.0
  • com.google.code.gson:gson 2.9.1
  • org.apache.commons:commons-lang3 3.12.0
  • javax.ws.rs:jsr311-api 1.1.1
  • javax.ws.rs:javax.ws.rs-api 2.1.1
  • org.openapitools:jackson-databind-nullable 0.2.6
  • io.gsonfire:gson-fire 1.9.0
  • jakarta.annotation:jakarta.annotation-api 1.3.5
  • com.google.code.findbugs:jsr305 3.0.2
  • jakarta.annotation:jakarta.annotation-api 1.3.5
  • org.junit.jupiter:junit-jupiter-api 5.9.1
  • com.novocode:junit-interface 0.10
  • org.mockito:mockito-core 3.12.4
  • Check this box to trigger a request for Renovate to run again on this repository

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.