Add support for the Relation API to the RelationalAI query transpiler #2827
Security Report
4 new vulnerabilities were introduced in this branch.
❌ New vulnerabilities:
CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
---|---|---|---|---|---|
CVE-2023-6481Path to dependency file: /legend-engine-xts-relationalStore/legend-engine-xt-relationalStore-dbExtension/legend-engine-xt-relationalStore-test-http-server/pom.xml Path to vulnerable library: /legend-engine-xts-relationalStore/legend-engine-xt-relationalStore-dbExtension/legend-engine-xt-relationalStore-test-http-server/pom.xml,/legend-engine-config/legend-engine-server/legend-engine-server-http-server/pom.xml,/legend-engine-core/legend-engine-core-testable/legend-engine-test-server-shared/pom.xml,/legend-engine-pure/legend-engine-pure-ide/legend-engine-pure-ide-light-http-server/pom.xml,/legend-engine-xts-relationalStore/legend-engine-xt-relationalStore-dbExtension/legend-engine-xt-relationalStore-spanner/legend-engine-xt-relationalStore-spanner-execution-tests/pom.xml,/legend-engine-config/legend-engine-server/legend-engine-server-support-core/pom.xml,/legend-engine-xts-sql/legend-engine-xt-sql-postgres-server/pom.xml Dependency Hierarchy: -> legend-shared-server-0.25.4.jar (Root Library) -> dropwizard-assets-1.3.29.jar -> dropwizard-core-1.3.29.jar -> dropwizard-logging-1.3.29.jar -> ❌ logback-core-1.2.3.jar (Vulnerable Library) |
High | 7.5 | logback-core-1.2.3.jar | Upgrade to version: ch.qos.logback:logback-core:1.2.13,1.3.14,1.4.14 | None |
CVE-2023-6378Path to dependency file: /legend-engine-config/legend-engine-server/legend-engine-server-http-server/pom.xml Path to vulnerable library: /legend-engine-config/legend-engine-server/legend-engine-server-http-server/pom.xml,/legend-engine-pure/legend-engine-pure-ide/legend-engine-pure-ide-light-http-server/pom.xml,/legend-engine-xts-sql/legend-engine-xt-sql-postgres-server/pom.xml,/legend-engine-xts-relationalStore/legend-engine-xt-relationalStore-dbExtension/legend-engine-xt-relationalStore-test-http-server/pom.xml,/legend-engine-xts-relationalStore/legend-engine-xt-relationalStore-dbExtension/legend-engine-xt-relationalStore-spanner/legend-engine-xt-relationalStore-spanner-execution-tests/pom.xml,/legend-engine-config/legend-engine-server/legend-engine-server-support-core/pom.xml,/legend-engine-core/legend-engine-core-testable/legend-engine-test-server-shared/pom.xml Dependency Hierarchy: -> ❌ logback-classic-1.2.3.jar (Vulnerable Library) |
High | 7.5 | logback-classic-1.2.3.jar | Upgrade to version: ch.qos.logback:logback-classic:1.3.12,1.4.12 | None |
CVE-2021-42550Path to dependency file: /legend-engine-config/legend-engine-server/legend-engine-server-http-server/pom.xml Path to vulnerable library: /legend-engine-config/legend-engine-server/legend-engine-server-http-server/pom.xml,/legend-engine-pure/legend-engine-pure-ide/legend-engine-pure-ide-light-http-server/pom.xml,/legend-engine-xts-sql/legend-engine-xt-sql-postgres-server/pom.xml,/legend-engine-xts-relationalStore/legend-engine-xt-relationalStore-dbExtension/legend-engine-xt-relationalStore-test-http-server/pom.xml,/legend-engine-xts-relationalStore/legend-engine-xt-relationalStore-dbExtension/legend-engine-xt-relationalStore-spanner/legend-engine-xt-relationalStore-spanner-execution-tests/pom.xml,/legend-engine-config/legend-engine-server/legend-engine-server-support-core/pom.xml,/legend-engine-core/legend-engine-core-testable/legend-engine-test-server-shared/pom.xml Dependency Hierarchy: -> ❌ logback-classic-1.2.3.jar (Vulnerable Library) |
Medium | 6.6 | logback-classic-1.2.3.jar | Upgrade to version: ch.qos.logback:logback-classic:1.2.9;ch.qos.logback:logback-core:1.2.9 | None |
CVE-2021-42550Path to dependency file: /legend-engine-xts-relationalStore/legend-engine-xt-relationalStore-dbExtension/legend-engine-xt-relationalStore-test-http-server/pom.xml Path to vulnerable library: /legend-engine-xts-relationalStore/legend-engine-xt-relationalStore-dbExtension/legend-engine-xt-relationalStore-test-http-server/pom.xml,/legend-engine-config/legend-engine-server/legend-engine-server-http-server/pom.xml,/legend-engine-core/legend-engine-core-testable/legend-engine-test-server-shared/pom.xml,/legend-engine-pure/legend-engine-pure-ide/legend-engine-pure-ide-light-http-server/pom.xml,/legend-engine-xts-relationalStore/legend-engine-xt-relationalStore-dbExtension/legend-engine-xt-relationalStore-spanner/legend-engine-xt-relationalStore-spanner-execution-tests/pom.xml,/legend-engine-config/legend-engine-server/legend-engine-server-support-core/pom.xml,/legend-engine-xts-sql/legend-engine-xt-sql-postgres-server/pom.xml Dependency Hierarchy: -> legend-shared-server-0.25.4.jar (Root Library) -> dropwizard-assets-1.3.29.jar -> dropwizard-core-1.3.29.jar -> dropwizard-logging-1.3.29.jar -> ❌ logback-core-1.2.3.jar (Vulnerable Library) |
Medium | 6.6 | logback-core-1.2.3.jar | Upgrade to version: ch.qos.logback:logback-classic:1.2.9;ch.qos.logback:logback-core:1.2.9 | None |
Base branch total remaining vulnerabilities: 73
Base branch commit: b2634f573dbdfcf68a53b5d3ff464fbc5edebd35
Total libraries scanned: 806
Scan token: df82ccb5caa640a8a463abd97b025e83