Skip to content

chore(deps): update github-actions (master) #231

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update github-actions (master) #231

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Feb 1, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/checkout action minor v4.2.2 -> v4.3.1
actions/download-artifact action minor v4.1.8 -> v4.3.0
actions/upload-artifact action minor v4.4.3 -> v4.6.2
amannn/action-semantic-pull-request action digest 0723387 -> e32d7e6
ghcr.io/miracum/ig-build-tools container minor v2.1.6 -> v2.2.24
github/codeql-action action minor v3.27.0 -> v3.31.4
helm/kind-action action minor v1.10.0 -> v1.13.0
madrapps/jacoco-report action patch v1.7.1 -> v1.7.2
miracum/.github action minor v1.12.7 -> v1.18.3
ossf/scorecard-action action patch v2.4.0 -> v2.4.3

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

actions/checkout (actions/checkout)

v4.3.1

Compare Source

What's Changed

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

Compare Source

What's Changed
New Contributors

Full Changelog: actions/checkout@v4...v4.3.0

actions/download-artifact (actions/download-artifact)

v4.3.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/download-artifact@v4.2.1...v4.3.0

v4.2.1

Compare Source

What's Changed

Full Changelog: actions/download-artifact@v4.2.0...v4.2.1

v4.2.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/download-artifact@v4.1.9...v4.2.0

v4.1.9

Compare Source

What's Changed

New Contributors

Full Changelog: actions/download-artifact@v4.1.8...v4.1.9

actions/upload-artifact (actions/upload-artifact)

v4.6.2

Compare Source

What's Changed

  • Update to use artifact 2.3.2 package & prepare for new upload-artifact release by @​salmanmkc in #​685

New Contributors

Full Changelog: actions/upload-artifact@v4...v4.6.2

v4.6.1

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4...v4.6.1

v4.6.0

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v4.4.3...v4.5.0

miracum/ig-build-tools (ghcr.io/miracum/ig-build-tools)

v2.2.24

Compare Source

Miscellaneous Chores
  • deps: update docker.io/library/eclipse-temurin:21-jre-noble docker digest to 67fc762 (#​241) (53a5483)

v2.2.23

Compare Source

Miscellaneous Chores

v2.2.22

Compare Source

Miscellaneous Chores

v2.2.21

Compare Source

Miscellaneous Chores

v2.2.20

Compare Source

Miscellaneous Chores

v2.2.19

Compare Source

Miscellaneous Chores
  • deps: update dependency hapifhir/org.hl7.fhir.core to v6.7.6 (#​236) (4453729)

v2.2.18

Compare Source

Miscellaneous Chores
  • deps: update docker.io/library/eclipse-temurin:21-jre-noble docker digest to 20e7f72 (#​235) (fb3a59d)

v2.2.17

Compare Source

Miscellaneous Chores
  • deps: update dependency hapifhir/org.hl7.fhir.core to v6.7.0 (#​233) (8fda766)

v2.2.16

Compare Source

Miscellaneous Chores

v2.2.15

Compare Source

Bug Fixes

v2.2.14

Compare Source

Bug Fixes

v2.2.13

Compare Source

Miscellaneous Chores

v2.2.12

Compare Source

Miscellaneous Chores

v2.2.11

Compare Source

Miscellaneous Chores

v2.2.10

Compare Source

Bug Fixes

v2.2.9

Compare Source

Miscellaneous Chores
  • deps: update docker.io/library/eclipse-temurin:21-jre-noble docker digest to 85ec8e4 (#​224) (99ce2ed)

v2.2.8

Compare Source

Miscellaneous Chores

v2.2.7

Compare Source

Miscellaneous Chores
  • deps: update dependency hapifhir/org.hl7.fhir.core to v6.5.22 (#​222) (1fa045d)

v2.2.6

Compare Source

Bug Fixes
Miscellaneous Chores
  • deps: update docker.io/library/eclipse-temurin:21-jre-noble docker digest to c06eb1d (#​219) (810923d)
  • deps: update github/codeql-action action to v3.28.18 (#​220) (bd997b2)

v2.2.5

Compare Source

Bug Fixes

v2.2.4

Compare Source

Miscellaneous Chores

v2.2.3

Compare Source

Miscellaneous Chores

v2.2.2

Compare Source

Miscellaneous Chores

v2.2.1

Compare Source

Miscellaneous Chores
  • deps: update dependency hapifhir/org.hl7.fhir.core to v6.5.19 (#​212) (9ac22f4)

v2.2.0

Compare Source

Features

v2.1.21

Compare Source

Miscellaneous Chores

v2.1.20

Compare Source

Bug Fixes

v2.1.19

Compare Source

Miscellaneous Chores

v2.1.18

Compare Source

Miscellaneous Chores
  • deps: update dependency hapifhir/org.hl7.fhir.core to v6.5.12 (#​207) (88cd12a)

v2.1.17

Compare Source

Miscellaneous Chores
  • deps: update dependency hapifhir/org.hl7.fhir.core to v6.5.9 (#​205) (cb0972e)
  • deps: update docker.io/library/eclipse-temurin:21-jre-noble docker digest to 3ef64ec (#​204) (f23be5e)
  • deps: update github/codeql-action action to v3.28.9 (#​206) (32b6a85)
CI/CD
  • renovate: try dedicated extractversion of fhir validator since the releases aren't v-prefixed (04609be)

v2.1.16

Compare Source

Miscellaneous Chores
  • deps: bumped validator jar version (0ef8775)

v2.1.15

Compare Source

Miscellaneous Chores

v2.1.14

Compare Source

Bug Fixes
  • fixed renovate comments and Firely.Terminal version problems (#​202) (f1ce932)

v2.1.13

Compare Source

Bug Fixes

v2.1.12

Compare Source

Miscellaneous Chores

v2.1.11

Compare Source

Miscellaneous Chores
  • deps: update docker.io/library/eclipse-temurin:21-jre-noble docker digest to 860f93f (#​198) (27516be)

v2.1.10

Compare Source

Bug Fixes

v2.1.9

Compare Source

Miscellaneous Chores

v2.1.8

Compare Source

Miscellaneous Chores

v2.1.7

Compare Source

Miscellaneous Chores
  • deps: update all non-major dependencies (8d9e829)
  • deps: update all non-major dependencies (8f475c6)
  • deps: update docker.io/library/eclipse-temurin:11-jre docker digest to 22639ff (18913e9)
  • deps: update docker.io/library/eclipse-temurin:11-jre docker digest to a271604 (994236f)
  • deps: update docker.io/library/eclipse-temurin:11-jre docker digest to cc5855a (338ac43)
  • deps: update github-actions (8ed9c79)
  • deps: update github-actions (5504b9f)
  • deps: update github-actions (6f502c3)
  • deps: updated node, java, fhir terminal and re-ordered Dockerfile (#​195) (4436296)
github/codeql-action (github/codeql-action)

v3.31.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.4 - 18 Nov 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.31.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.3 - 13 Nov 2025

  • CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
  • Update default CodeQL bundle version to 2.23.5. #​3288

See the full CHANGELOG.md for more information.

v3.31.2

Compare Source

v3.31.1

Compare Source

v3.31.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.0 - 24 Oct 2025
  • Bump minimum CodeQL bundle version to 2.17.6. #​3223
  • When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #​3222

See the full CHANGELOG.md for more information.

v3.30.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.9 - 17 Oct 2025
  • Update default CodeQL bundle version to 2.23.3. #​3205
  • Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #​3204

See the full CHANGELOG.md for more information.

v3.30.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.8 - 10 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.7 - 06 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.6 - 02 Oct 2025

  • Update default CodeQL bundle version to 2.23.2. #​3168

See the full CHANGELOG.md for more information.

v3.30.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.5 - 26 Sep 2025

  • We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #​3160

See the full CHANGELOG.md for more information.

v3.30.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.4 - 25 Sep 2025

  • We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #​3099 and #​3100
  • We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #​3107
  • You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #​3130
  • Update default CodeQL bundle version to 2.23.1. #​3118

See the full CHANGELOG.md for more information.

v3.30.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.3 - 10 Sep 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.2 - 09 Sep 2025

  • Fixed a bug which could cause language autodetection to fail. #​3084
  • Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #​3064

See the full CHANGELOG.md for more information.

v3.30.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.1 - 05 Sep 2025

  • Update default CodeQL bundle version to 2.23.0. #​3077

See the full CHANGELOG.md for more information.

v3.30.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.0 - 01 Sep 2025

  • Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #​3054

See the full CHANGELOG.md for more information.

v3.29.11

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.11 - 21 Aug 2025

  • Update default CodeQL bundle version to 2.22.4. #​3044

See the full CHANGELOG.md for more information.

v3.29.10

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.10 - 18 Aug 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.9 - 12 Aug 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.8 - 08 Aug 2025

  • Fix an issue where the Action would autodetect unsupported languages such as HTML. #​3015

See the full CHANGELOG.md for more information.

v3.29.7

Compare Source

This is a re-release of v3.29.5 to mitigate an issue that was discovered with v3.29.6.

v3.29.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.6 - 07 Aug 2025

  • The cleanup-level input to the analyze Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. #​2999
  • Update default CodeQL bundle version to 2.22.3. #​3000

See the full CHANGELOG.md for more information.

v3.29.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.5 - 29 Jul 2025

  • Update default CodeQL bundle version to 2.22.2. #​2986

See the full CHANGELOG.md for more information.

v3.29.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.4 - 23 Jul 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.3 - 21 Jul 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.2 - 30 Jun 2025

  • Experimental: When the quality-queries input for the init action is provided with an argument, separate .quality.sarif files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. #​2935

See the full CHANGELOG.md for more information.

v3.29.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.1 - 27 Jun 2025

  • Fix bug in PR analysis where user-provided include query filter fails to exclude non-included queries. #​2938
  • Update default CodeQL bundle version to 2.22.1. #​2950

See the full CHANGELOG.md for more information.

v3.29.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.0 - 11 Jun 2025

  • Update default CodeQL bundle version to 2.22.0. #​2925
  • Bump minimum CodeQL bundle version to 2.16.6. #​2912

See the full CHANGELOG.md for more information.

v3.28.21

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.21 - 28 July 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.20

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.20 - 21 July 2025

See the full CHANGELOG.md for more information.

v3.28.19

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.19 - 03 Jun 2025

  • The CodeQL Action no longer includes its own copy of the extractor for the actions language, which is currently in public preview.
    The actions extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the actions language and you have pinned
    your tools: property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable
    actions analysis.
  • Update default CodeQL bundle version to 2.21.4. #​2910

See the full CHANGELOG.md for more information.

v3.28.18

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.18 - 16 May 2025

  • Update default CodeQL bundle version to 2.21.3. #​2893
  • Skip validating SARIF produced by CodeQL for improved performance. #​2894
  • The number of threads and amount of RAM used by CodeQL can now be set via the CODEQL_THREADS and CODEQL_RAM runner environment variables. If set, these environment

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link

github-actions bot commented Feb 1, 2025
edited
Loading

MegaLinter analysis: Error

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 5 0 0 0.07s
✅ BASH bash-exec 5 0 0 0.02s
✅ BASH shellcheck 5 0 0 0.17s
⚠️ BASH shfmt 5 1 0 0.01s
✅ CSHARP csharpier 1 0 0 0.73s
✅ DOCKERFILE hadolint 1 0 0 0.09s
✅ EDITORCONFIG editorconfig-checker 128 0 0 0.65s
⚠️ GROOVY npm-groovy-lint 2 0 61 20.96s
⚠️ JAVA checkstyle 46 0 704 13.99s
✅ JSON jsonlint 18 0 0 0.28s
✅ JSON npm-package-json-lint yes no no 0.81s
⚠️ JSON prettier 18 1 0 0.75s
✅ JSON v8r 18 0 0 12.97s
✅ MARKDOWN markdownlint 8 0 0 1.03s
✅ REPOSITORY gitleaks yes no no 0.83s
✅ REPOSITORY git_diff yes no no 0.03s
✅ REPOSITORY grype yes no no 45.71s
⚠️ REPOSITORY kics yes no 7 13.96s
✅ REPOSITORY secretlint yes no no 2.37s
✅ REPOSITORY syft yes no no 3.14s
❌ REPOSITORY trivy yes 1 no 10.05s
✅ REPOSITORY trivy-sbom yes no no 0.22s
✅ REPOSITORY trufflehog yes no no 5.01s
✅ XML xmllint 13 0 0 3.32s
✅ YAML prettier 16 0 0 0.72s
✅ YAML v8r 16 0 0 9.37s
✅ YAML yamllint 16 0 0 0.73s

Detailed Issues

❌ REPOSITORY / trivy - 1 error 
error: Artifact: Dockerfile
Type: dockerfile
Vulnerability DS017
Severity: HIGH
Message: The instruction 'RUN <package-manager> update' should always be followed by '<package-manager> install' in the same RUN statement.
Link: [DS017](https://avd.aquasec.com/misconfig/ds017)
   ┌─ Dockerfile:20:1
   │  
20 │ ╭ RUN <<EOF
21 │ │ apt-get update
22 │ │ apt-get install -y --no-install-recommends libjemalloc-dev
23 │ │ apt-get clean
24 │ │ rm -rf /var/lib/apt/lists/*
25 │ │ EOF
   │ ╰^
   │  
   = 'RUN <package-manager> update' instruction alone
   = The instruction 'RUN <package-manager> update' should always be followed by '<package-manager> install' in the same RUN statement.

error: 1 errors emitted
⚠️ JAVA / checkstyle - 704 warnings 
warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Abbreviation in name 'stellungOP' must contain no more than '1' consecutive capital letters.

warning: Missing a Javadoc comment.

warning: Abbreviation in name 'tnmTCs' must contain no more than '1' consecutive capital letters.

warning: Abbreviation in name 'tnmNCs' must contain no more than '1' consecutive capital letters.

warning: Abbreviation in name 'tnmMCs' must contain no more than '1' consecutive capital letters.

warning: Abbreviation in name 'tnmYSymbolCs' must contain no more than '1' consecutive capital letters.

warning: Abbreviation in name 'tnmRSymbolCs' must contain no more than '1' consecutive capital letters.

warning: Abbreviation in name 'tnmMSymbolCs' must contain no more than '1' consecutive capital letters.

warning: Abbreviation in name 'fMLokalisationCS' must contain no more than '1' consecutive capital letters.

warning: Member name 'fMLokalisationCS' must match pattern '^[a-z][a-z0-9][a-zA-Z0-9]*$'.

warning: Abbreviation in name 'lokalBeurtResidualCS' must contain no more than '1' consecutive capital letters.

warning: Abbreviation in name 'gesamtBeurtResidualCS' must contain no more than '1' consecutive capital letters.

warning: Abbreviation in name 'systStellungOP' must contain no more than '1' consecutive capital letters.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Abbreviation in name 'FMLokalisationVsLookup' must contain no more than '1' consecutive capital letters.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Abbreviation in name 'OPIntentionVsLookup' must contain no more than '1' consecutive capital letters.

warning: Missing a Javadoc comment.

warning: Abbreviation in name 'OPKomplikationVsLookup' must contain no more than '1' consecutive capital letters.

warning: Line is longer than 100 characters (found 105).

warning: Line is longer than 100 characters (found 112).

warning: Missing a Javadoc comment.

warning: Abbreviation in name 'SYSTTherapieartCSLookup' must contain no more than '1' consecutive capital letters.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Parameter name 'AdtCode' must match pattern '^[a-z]([a-z0-9][a-zA-Z0-9]*)?$'.

warning: Parameter name 'AdtCode' must match pattern '^[a-z]([a-z0-9][a-zA-Z0-9]*)?$'.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Line is longer than 100 characters (found 104).

warning: Line is longer than 100 characters (found 179).

warning: Line is longer than 100 characters (found 128).

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Using the '.*' form of import should be avoided - org.hl7.fhir.r4.model.*.

warning: Using the '.*' form of import should be avoided - org.miracum.streams.ume.obdstofhir.lookup.*.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Line is longer than 100 characters (found 109).

warning: Abbreviation in name 'bodySiteADTCoding' must contain no more than '1' consecutive capital letters.

warning: Abbreviation in name 'bodySiteSNOMEDCoding' must contain no more than '1' consecutive capital letters.

warning: Using the '.*' form of import should be avoided - org.hl7.fhir.r4.model.*.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Using the '.*' form of import should be avoided - org.miracum.streams.ume.obdstofhir.model.*.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Local variable name 'cTnmMap' must match pattern '^[a-z]([a-z0-9][a-zA-Z0-9]*)?$'.

warning: Local variable name 'pTnmMap' must match pattern '^[a-z]([a-z0-9][a-zA-Z0-9]*)?$'.

warning: Local variable name 'cTnm' must match pattern '^[a-z]([a-z0-9][a-zA-Z0-9]*)?$'.

warning: Local variable name 'pTnm' must match pattern '^[a-z]([a-z0-9][a-zA-Z0-9]*)?$'.

warning: Missing a Javadoc comment.

warning: Parameter name 'cTnmList' must match pattern '^[a-z]([a-z0-9][a-zA-Z0-9]*)?$'.

warning: Parameter name 'pTnmList' must match pattern '^[a-z]([a-z0-9][a-zA-Z0-9]*)?$'.

warning: Local variable name 'cTnm' must match pattern '^[a-z]([a-z0-9][a-zA-Z0-9]*)?$'.

warning: Local variable name 'pTnm' must match pattern '^[a-z]([a-z0-9][a-zA-Z0-9]*)?$'.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Distance between variable 'fernMetaDateString' declaration and its first usage is 8, but allowed 3.  Consider making that variable final if you still need to store its value in advance (before method calls that might have side effects on the original value).

warning: Distance between variable 'fernMetaLokal' declaration and its first usage is 10, but allowed 3.  Consider making that variable final if you still need to store its value in advance (before method calls that might have side effects on the original value).

warning: Missing a Javadoc comment.

warning: Abbreviation in name 'createCTnmObservation' must contain no more than '1' consecutive capital letters.

warning: Parameter name 'cTnm' must match pattern '^[a-z]([a-z0-9][a-zA-Z0-9]*)?$'.

warning: Local variable name 'cTnmCpuPraefixT' must match pattern '^[a-z]([a-z0-9][a-zA-Z0-9]*)?$'.

warning: Local variable name 'cTnmCpuPraefixN' must match pattern '^[a-z]([a-z0-9][a-zA-Z0-9]*)?$'.

warning: Local variable name 'cTnmCpuPraefixM' must match pattern '^[a-z]([a-z0-9][a-zA-Z0-9]*)?$'.

warning: Local variable name 'cTnmT' must match pattern '^[a-z]([a-z0-9][a-zA-Z0-9]*)?$'.

warning: Local variable name 'cTnmN' must match pattern '^[a-z]([a-z0-9][a-zA-Z0-9]*)?$'.

warning: Local variable name 'cTnmM' must match pattern '^[a-z]([a-z0-9][a-zA-Z0-9]*)?$'.

warning: Distance between variable 'cTnmYSymbol' declaration and its first usage is 4, but allowed 3.  Consider making that variable final if you still need to store its value in advance (before method calls that might have side effects on the original value).

warning: Abbreviation in name 'cTnmYSymbol' must contain no more than '1' consecutive capital letters.

warning: Local variable name 'cTnmYSymbol' must match pattern '^[

(Truncated to 6666 characters out of 60509)
⚠️ REPOSITORY / kics - 7 warnings 
warning: Healthcheck is not defined.
   ┌─ deploy/compose.yaml:71:1
   │
71 │   akhq:
   │ ^^^^^^^
   │
   = Healthcheck Not Set
   = Check containers periodically to see if they are running properly.

warning: Healthcheck is not defined.
   ┌─ deploy/compose.yaml:19:1
   │
19 │   kafka:
   │ ^^^^^^^^
   │
   = Healthcheck Not Set
   = Check containers periodically to see if they are running properly.

warning: Healthcheck is not defined.
   ┌─ deploy/compose.yaml:44:1
   │
44 │   kafka-connect:
   │ ^^^^^^^^^^^^^^^^
   │
   = Healthcheck Not Set
   = Check containers periodically to see if they are running properly.

warning: Healthcheck is not defined.
  ┌─ deploy/compose.yaml:3:1
  │
3 │   oracle:
  │ ^^^^^^^^^
  │
  = Healthcheck Not Set
  = Check containers periodically to see if they are running properly.

warning: The 'Dockerfile' contains the 'chown' flag
  ┌─ Dockerfile:5:1
  │
5 │ COPY --chown=gradle:gradle . .
  │ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  │
  = Chown Flag Exists
  = It is considered a best practice for every executable in a container to be owned by the root user even if it is executed by a non-root user, only execution permissions are required on the file, not ownership

warning: Dockerfile doesn't contain instruction 'HEALTHCHECK'
   ┌─ Dockerfile:27:1
   │
27 │ FROM gcr.io/distroless/java21-debian12:nonroot@sha256:2985410a80560b788c15694d9dba8da051db5087f6e2a7cff64358650fdd91f5
   │ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   │
   = Healthcheck Instruction Missing
   = Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working

warning: There are COPY instructions that could be grouped
   ┌─ Dockerfile:33:1
   │
33 │ COPY --from=build /home/gradle/project/dependencies/ ./
   │ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   │
   = Multiple RUN, ADD, COPY, Instructions Listed
   = Multiple commands (RUN, COPY, ADD) should be grouped in order to reduce the number of layers.

warning: 7 warnings emitted
⚠️ GROOVY / npm-groovy-lint - 61 warnings 
note: Class should be marked with one of @GrailsCompileStatic, @CompileStatic or @CompileDynamic
 = Check that classes are explicitely annotated with either @GrailsCompileStatic, @CompileStatic or @CompileDynamic

note: The statement on line 2 in class None is at the incorrect indent level: Expected one of columns [5, 9, 13] but was 2
 = Check indentation for class and method declarations, and initial statements.

note: The tab character is not allowed in source files
  ┌─ build.gradle:2:1
  │
2 │     id 'org.springframework.boot' version '3.3.5'
  │ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  │
  = Checks that all source files do not contain the tab character

note: The statement on line 3 in class None is at the incorrect indent level: Expected one of columns [5, 9, 13] but was 2
 = Check indentation for class and method declarations, and initial statements.

note: The statement on line 4 in class None is at the incorrect indent level: Expected one of columns [5, 9, 13] but was 2
 = Check indentation for class and method declarations, and initial statements.

note: The statement on line 5 in class None is at the incorrect indent level: Expected one of columns [5, 9, 13] but was 2
 = Check indentation for class and method declarations, and initial statements.

note: The statement on line 6 in class None is at the incorrect indent level: Expected one of columns [5, 9, 13] but was 2
 = Check indentation for class and method declarations, and initial statements.

note: The statement on line 7 in class None is at the incorrect indent level: Expected one of columns [5, 9, 13] but was 2
 = Check indentation for class and method declarations, and initial statements.

note: The String 'io.freefair.lombok' can be wrapped in single quotes instead of double quotes
  ┌─ build.gradle:7:6
  │
7 │     id "io.freefair.lombok" version "8.11"
  │         ^^^^^^^^^^^^^^^^^^
  │
  = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The String '8.11' can be wrapped in single quotes instead of double quotes
  ┌─ build.gradle:7:35
  │
7 │     id "io.freefair.lombok" version "8.11"
  │                                      ^^^^
  │
  = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The statement on line 16 in class None is at the incorrect indent level: Expected one of columns [5, 9, 13] but was 2
 = Check indentation for class and method declarations, and initial statements.

note: The statement on line 17 in class None is at the incorrect indent level: Expected one of columns [9, 13, 17] but was 3
 = Check indentation for class and method declarations, and initial statements.

note: The statement on line 22 in class None is at the incorrect indent level: Expected one of columns [5, 9, 13] but was 2
 = Check indentation for class and method declarations, and initial statements.

note: The statement on line 26 in class None is at the incorrect indent level: Expected one of columns [5, 9, 13] but was 2
 = Check indentation for class and method declarations, and initial statements.

note: The String '2023.0.3' can be wrapped in single quotes instead of double quotes
   ┌─ build.gradle:26:29
   │
26 │     set('springCloudVersion', "2023.0.3")
   │                                ^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The statement on line 27 in class None is at the incorrect indent level: Expected one of columns [5, 9, 13] but was 2
 = Check indentation for class and method declarations, and initial statements.

note: The String '7.4.5' can be wrapped in single quotes instead of double quotes
   ┌─ build.gradle:27:22
   │
27 │     set('hapiVersion', "7.4.5")
   │                         ^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The statement on line 31 in class None is at the incorrect indent level: Expected one of columns [5, 9, 13] but was 2
 = Check indentation for class and method declarations, and initial statements.

note: The statement on line 32 in class None is at the incorrect indent level: Expected one of columns [5, 9, 13] but was 2
 = Check indentation for class and method declarations, and initial statements.

note: The statement on line 33 in class None is at the incorrect indent level: Expected one of columns [5, 9, 13] but was 2
 = Check indentation for class and method declarations, and initial statements.

note: The statement on line 34 in class None is at the incorrect indent level: Expected one of columns [5, 9, 13] but was 2
 = Check indentation for class and method declarations, and initial statements.

note: The String 'org.springframework.boot:spring-boot-starter-actuator' can be wrapped in single quotes instead of double quotes
   ┌─ build.gradle:34:18
   │
34 │     implementation "org.springframework.boot:spring-boot-starter-actuator"
   │                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The statement on line 35 in class None is at the incorrect indent level: Expected one of columns [5, 9, 13] but was 2
 = Check indentation for class and method declarations, and initial statements.

note: The String 'org.springframework.boot:spring-boot-starter-web' can be wrapped in single quotes instead of double quotes
   ┌─ build.gradle:35:18
   │
35 │     implementation "org.springframework.boot:spring-boot-starter-web"
   │                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The statement on line 36 in class None is at the incorrect indent level: Expected one of columns [5, 9, 13] but was 2
 = Check indentation for class and method declarations, and initial statements.

note: The statement on line 37 in class None is at the incorrect indent level: Expected one of columns [5, 9, 13] but was 2
 = Check indentation for class and method declarations, 

(Truncated to 6666 characters out of 16062)
⚠️ JSON / prettier - 1 error 
Checking formatting...
[warn] renovate.json
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
⚠️ BASH / shfmt - 1 error 
diff gradlew.orig gradlew
--- gradlew.orig
+++ gradlew
@@ -71,15 +71,15 @@
 
 # Need this for daisy-chained symlinks.
 while
-    APP_HOME=${app_path%"${app_path##*/}"}  # leaves a trailing /; empty if no leading path
-    [ -h "$app_path" ]
+	APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
+	[ -h "$app_path" ]
 do
-    ls=$( ls -ld "$app_path" )
-    link=${ls#*' -> '}
-    case $link in             #(
-      /*)   app_path=$link ;; #(
-      *)    app_path=$APP_HOME$link ;;
-    esac
+	ls=$(ls -ld "$app_path")
+	link=${ls#*' -> '}
+	case $link in         #(
+	/*) app_path=$link ;; #(
+	*) app_path=$APP_HOME$link ;;
+	esac
 done
 
 # This is normally unused
@@ -86,21 +86,21 @@
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
-' "$PWD" ) || exit
+APP_HOME=$(cd -P "${APP_HOME:-./}" >/dev/null && printf '%s
+' "$PWD") || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
 
-warn () {
-    echo "$*"
-} >&2
-
-die () {
-    echo
-    echo "$*"
-    echo
-    exit 1
+warn() {
+	echo "$*"
+} >&2
+
+die() {
+	echo
+	echo "$*"
+	echo
+	exit 1
 } >&2
 
 # OS specific support (must be 'true' or 'false').
@@ -108,58 +108,58 @@
 msys=false
 darwin=false
 nonstop=false
-case "$( uname )" in                #(
-  CYGWIN* )         cygwin=true  ;; #(
-  Darwin* )         darwin=true  ;; #(
-  MSYS* | MINGW* )  msys=true    ;; #(
-  NONSTOP* )        nonstop=true ;;
+case "$(uname)" in           #(
+CYGWIN*) cygwin=true ;;      #(
+Darwin*) darwin=true ;;      #(
+MSYS* | MINGW*) msys=true ;; #(
+NONSTOP*) nonstop=true ;;
 esac
 
 CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
 
-
 # Determine the Java command to use to start the JVM.
-if [ -n "$JAVA_HOME" ] ; then
-    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
-        # IBM's JDK on AIX uses strange locations for the executables
-        JAVACMD=$JAVA_HOME/jre/sh/java
-    else
-        JAVACMD=$JAVA_HOME/bin/java
-    fi
-    if [ ! -x "$JAVACMD" ] ; then
-        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
-
-Please set the JAVA_HOME variable in your environment to match the
-location of your Java installation."
-    fi
+if [ -n "$JAVA_HOME" ]; then
+	if [ -x "$JAVA_HOME/jre/sh/java" ]; then
+		# IBM's JDK on AIX uses strange locations for the executables
+		JAVACMD=$JAVA_HOME/jre/sh/java
+	else
+		JAVACMD=$JAVA_HOME/bin/java
+	fi
+	if [ ! -x "$JAVACMD" ]; then
+		die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+	fi
 else
-    JAVACMD=java
-    if ! command -v java >/dev/null 2>&1
-    then
-        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-
-Please set the JAVA_HOME variable in your environment to match the
-location of your Java installation."
-    fi
+	JAVACMD=java
+	if ! command -v java >/dev/null 2>&1; then
+		die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+	fi
 fi
 
 # Increase the maximum file descriptors if we can.
-if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
-    case $MAX_FD in #(
-      max*)
-        # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC2039,SC3045
-        MAX_FD=$( ulimit -H -n ) ||
-            warn "Could not query maximum file descriptor limit"
-    esac
-    case $MAX_FD in  #(
-      '' | soft) :;; #(
-      *)
-        # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC2039,SC3045
-        ulimit -n "$MAX_FD" ||
-            warn "Could not set maximum file descriptor limit to $MAX_FD"
-    esac
+if ! "$cygwin" && ! "$darwin" && ! "$nonstop"; then
+	case $MAX_FD in #(
+	max*)
+		# In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+		# shellcheck disable=SC2039,SC3045
+		MAX_FD=$(ulimit -H -n) ||
+			warn "Could not query maximum file descriptor limit"
+		;;
+	esac
+	case $MAX_FD in #(
+	'' | soft) : ;; #(
+	*)
+		# In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+		# shellcheck disable=SC2039,SC3045
+		ulimit -n "$MAX_FD" ||
+			warn "Could not set maximum file descriptor limit to $MAX_FD"
+		;;
+	esac
 fi
 
 # Collect all arguments for the java command, stacking in reverse order:
@@ -171,36 +171,37 @@
 #   * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
 
 # For Cygwin or MSYS, switch paths to Windows format before running java
-if "$cygwin" || "$msys" ; then
-    APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
-    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
-
-    JAVACMD=$( cygpath --unix "$JAVACMD" )
-
-    # Now convert the arguments - kludge to limit ourselves to /bin/sh
-    for arg do
-        if
-            case $arg in                                #(
-              -*)   false ;;                            # don't mess with options #(
-              /?*)  t=${arg#/} t=/${t%%/*}              # looks like a POSIX filepath
-                    [ -e "$t" ] ;;                      #(
-              *)    false ;;
-            esac
-        then
-            arg=$( cygpath --path --ignore --mixed "$arg" )
-        fi
-        # Roll the args list around exactly as many times as the number of
-        # args, so each arg winds up back in the position where it started, but
-        # possibly modified.
-        #
-        # NB: a `for` loop captures its iteration list before it begins, so
-        # changing the positional parameters here affects neither the number of
-        # iterations, nor the values presented in `arg`.
-        shift                   # remove old arg
-        set -- "$@" "$arg"      # push replacement arg
-    done
-fi
-
+if "$cygwin" || "$msys"; then
+	APP_HOME=$(cygpath --path --mixed "$APP_HOME")
+	CLASSPATH=$(cygpath --path --mixed "$CLASSPATH")
+
+	JAVACMD=$(cygpath --unix "$JAVACMD")
+
+	# Now convert the arguments - kludge to limit ourselves to /bin/sh
+	for arg; do
+		if
+			case $arg in #(
+			-*) false ;; # don't mess with options #(
+			/?*)
+				t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
+				[ -e "$t" ]
+				;; #(
+			*) false ;;
+			esac
+		then
+			arg=$(cygpath --path --i

(Truncated to 6666 characters out of 8302)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

  • Documentation: Custom Flavors
  • Command: npx [email protected] --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,BASH_EXEC,BASH_SHELLCHECK,BASH_SHFMT,CSHARP_CSHARPIER,DOCKERFILE_HADOLINT,EDITORCONFIG_EDITORCONFIG_CHECKER,GROOVY_NPM_GROOVY_LINT,JAVA_CHECKSTYLE,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_KICS,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,XML_XMLLINT,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

MegaLinter is graciously provided by OX Security

@github-actions
Copy link

github-actions bot commented Feb 1, 2025
edited
Loading

Code Coverage Report

Overall Project 88.5% 🍏

There is no coverage information present for the Files changed

@renovate renovate bot force-pushed the renovate/master-github-actions branch from 8b120e9 to 6647d9b Compare February 7, 2025 12:50
@renovate renovate bot force-pushed the renovate/master-github-actions branch 3 times, most recently from b9cd97b to 7a77ced Compare February 21, 2025 22:11
@renovate renovate bot force-pushed the renovate/master-github-actions branch 4 times, most recently from 0bae9a1 to c796db8 Compare March 2, 2025 14:50
@renovate renovate bot force-pushed the renovate/master-github-actions branch 4 times, most recently from 1276a06 to 779b884 Compare March 9, 2025 20:54
@renovate renovate bot force-pushed the renovate/master-github-actions branch 7 times, most recently from 784ac95 to 25c109e Compare March 24, 2025 16:55
@renovate renovate bot force-pushed the renovate/master-github-actions branch 4 times, most recently from 8479461 to 2daad47 Compare April 5, 2025 13:27
@renovate renovate bot force-pushed the renovate/master-github-actions branch 3 times, most recently from d9a9c9e to 55553a2 Compare April 7, 2025 22:30
@renovate renovate bot force-pushed the renovate/master-github-actions branch 2 times, most recently from 66eaf4c to e53d032 Compare April 22, 2025 03:27
@renovate renovate bot force-pushed the renovate/master-github-actions branch 6 times, most recently from d0afa95 to 28ce8bc Compare October 22, 2025 18:26
@renovate renovate bot force-pushed the renovate/master-github-actions branch 4 times, most recently from 7410907 to 0b5e40d Compare October 31, 2025 01:10
@renovate renovate bot force-pushed the renovate/master-github-actions branch 6 times, most recently from 50a40a9 to 8beb795 Compare November 7, 2025 00:57
@renovate renovate bot force-pushed the renovate/master-github-actions branch 8 times, most recently from a526f65 to 4539458 Compare November 17, 2025 23:37
@renovate renovate bot force-pushed the renovate/master-github-actions branch 3 times, most recently from 2009b35 to 9564f98 Compare November 19, 2025 16:33
@renovate renovate bot force-pushed the renovate/master-github-actions branch from 9564f98 to 771a5ef Compare November 19, 2025 19:23
@github-actions
Copy link

github-actions bot commented Nov 19, 2025

Trivy image scan report

ghcr.io/bzkf/obds-to-fhir:pr-231 (debian 12.7)

9 known vulnerabilities found (LOW: 2 CRITICAL: 0 HIGH: 4 MEDIUM: 3)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
libc6 CVE-2025-4802 HIGH 2.36-9+deb12u8 2.36-9+deb12u11
libc6 CVE-2025-0395 MEDIUM 2.36-9+deb12u8 2.36-9+deb12u10
libc6 CVE-2025-8058 MEDIUM 2.36-9+deb12u8 2.36-9+deb12u13
libexpat1 CVE-2023-52425 HIGH 2.5.0-1+deb12u1 2.5.0-1+deb12u2
libexpat1 CVE-2024-8176 HIGH 2.5.0-1+deb12u1 2.5.0-1+deb12u2
libexpat1 CVE-2024-50602 MEDIUM 2.5.0-1+deb12u1 2.5.0-1+deb12u2
libfreetype6 CVE-2025-27363 HIGH 2.12.1+dfsg-5+deb12u3 2.12.1+dfsg-5+deb12u4
libgcc-s1 CVE-2023-4039 LOW 12.2.0-14 12.2.0-14+deb12u1
libstdc++6 CVE-2023-4039 LOW 12.2.0-14 12.2.0-14+deb12u1

No Misconfigurations found

Java

28 known vulnerabilities found (CRITICAL: 1 HIGH: 12 MEDIUM: 9 LOW: 6)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
ca.uhn.hapi.fhir:org.hl7.fhir.r4 CVE-2024-51132 HIGH 6.3.23 6.4.0
ca.uhn.hapi.fhir:org.hl7.fhir.r4 CVE-2024-52007 HIGH 6.3.23 6.4.0
ca.uhn.hapi.fhir:org.hl7.fhir.utilities CVE-2024-51132 HIGH 6.3.23 6.4.0
ca.uhn.hapi.fhir:org.hl7.fhir.utilities CVE-2024-52007 HIGH 6.3.23 6.4.0
ch.qos.logback:logback-core CVE-2024-12798 MEDIUM 1.5.11 1.5.13, 1.3.15
ch.qos.logback:logback-core CVE-2025-11226 MEDIUM 1.5.11 1.5.19, 1.3.16
ch.qos.logback:logback-core CVE-2024-12801 LOW 1.5.11 1.5.13, 1.3.15
commons-io:commons-io CVE-2024-47554 HIGH 2.11.0 2.14.0
org.apache.commons:commons-lang3 CVE-2025-48924 MEDIUM 3.14.0 3.18.0
org.apache.kafka:kafka-clients CVE-2025-27817 MEDIUM 3.7.1 3.9.1
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-24813 CRITICAL 10.1.31 11.0.3, 10.1.35, 9.0.99
org.apache.tomcat.embed:tomcat-embed-core CVE-2024-50379 HIGH 10.1.31 11.0.2, 10.1.34, 9.0.98
org.apache.tomcat.embed:tomcat-embed-core CVE-2024-56337 HIGH 10.1.31 11.0.2, 10.1.34, 9.0.98
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-48988 HIGH 10.1.31 11.0.8, 10.1.42, 9.0.106
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-48989 HIGH 10.1.31 11.0.10, 10.1.44, 9.0.108
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-55752 HIGH 10.1.31 11.0.11, 10.1.45, 9.0.109
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-31650 MEDIUM 10.1.31 9.0.104, 10.1.40, 11.0.6
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-49124 MEDIUM 10.1.31 11.0.8, 10.1.42, 9.0.106
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-49125 MEDIUM 10.1.31 11.0.8, 10.1.42, 9.0.106
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-31651 LOW 10.1.31 9.0.104, 10.1.40, 11.0.6
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-46701 LOW 10.1.31 9.0.105, 10.1.41, 11.0.7
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-55754 LOW 10.1.31 11.0.11, 10.1.45, 9.0.109
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-61795 LOW 10.1.31 11.0.12, 10.1.47, 9.0.110
org.springframework.boot:spring-boot CVE-2025-22235 HIGH 3.3.5 3.3.11, 3.4.5
org.springframework:spring-context CVE-2025-22233 LOW 6.1.14 6.2.7, 6.1.20
org.springframework:spring-core CVE-2025-41249 HIGH 6.1.14 6.2.11
org.springframework:spring-web CVE-2025-41234 MEDIUM 6.1.14 6.2.8, 6.1.21
org.springframework:spring-webmvc CVE-2025-41242 MEDIUM 6.1.14 6.2.10

No Misconfigurations found

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant