Qodana-Cloud-Scan

⬆️(deps): Update dependency com.soebes.itf.jupiter.extension:… #512

Triggered via push December 28, 2023 03:21

renovate[bot]

pushed 3b5c1ab

main

Status Success

Total duration 2m 10s

Artifacts –

qodana-cloud.yml

on: push

qodana

2m 2s

Annotations

1 error, 27 warnings, and 2 notices

Vulnerable declared dependency: maven_plugin/pom.xml#L67

Provides transitive vulnerable dependency maven:org.codehaus.plexus:plexus-archiver:2.2 * [CVE-2018-1002200](https://devhub.checkmarx.com/cve-details/CVE-2018-1002200/?utm_source=jetbrains&utm_medium=referral&utm_campaign=idea) 5.5 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability * [CVE-2023-37460](https://devhub.checkmarx.com/cve-details/CVE-2023-37460?utm_source=jetbrains&utm_medium=referral&utm_campaign=idea&utm_term=maven) 9.8 UNIX Symbolic Link (Symlink) Following vulnerability Results powered by [Checkmarx](https://checkmarx.com)(c)

Catch block may ignore exception: maven_plugin/src/main/java/org/apache/maven/shared/dependency/graph/internal/SpyingDependencyNodeUtils.java#L24

Empty `catch` block

Field may be 'final': maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/graph/DependencyNode.java#L23

Field `checksumAlgorithm` may be 'final'

Field may be 'final': maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/graph/DependencyNode.java#L22

Field `version` may be 'final'

Field may be 'final': maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/graph/DependencyNode.java#L21

Field `artifactId` may be 'final'

Field may be 'final': maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/graph/DependencyNode.java#L35

Field `children` may be 'final'

Field may be 'final': maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/graph/DependencyNode.java#L20

Field `groupId` may be 'final'

Field may be 'final': maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/graph/DependencyNode.java#L24

Field `checksum` may be 'final'

Use of Optional.ofNullable with null or not-null argument: maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/graph/DependencyGraph.java#L96

'Optional.ofNullable()' with non-null argument should be replaced with 'Optional.of()'

Stream API call chain can be simplified: maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/LockFileFacade.java#L50

''stream().forEach()'' can be replaced with 'forEach()'' (may change semantics)

'StringBuilder' can be replaced with 'String': maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/ValidateChecksumMojo.java#L54

`StringBuilder sb` can be replaced with 'String'

String concatenation as argument to 'StringBuilder.append()' call: maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/ValidateChecksumMojo.java#L57

String concatenation as argument to `StringBuilder.append()` call

String concatenation as argument to 'StringBuilder.append()' call: maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/ValidateChecksumMojo.java#L61

String concatenation as argument to `StringBuilder.append()` call

Unstable API Usage: maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/graph/DependencyGraph.java#L75

'com.google.common.graph.Graph' is marked unstable with @beta

Unstable API Usage: maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/graph/DependencyGraph.java#L93

'successors(N)' is declared in unstable interface 'com.google.common.graph.Graph' marked with @beta

Unstable API Usage: maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/LockFileFacade.java#L142

'directed()' is declared in unstable class 'com.google.common.graph.GraphBuilder' marked with @beta

Unstable API Usage: maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/LockFileFacade.java#L44

'com.google.common.graph.MutableGraph' is marked unstable with @beta

Unstable API Usage: maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/graph/DependencyGraph.java#L59

'nodes()' is declared in unstable interface 'com.google.common.graph.Graph' marked with @beta

Unstable API Usage: maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/LockFileFacade.java#L142

'build()' is declared in unstable class 'com.google.common.graph.GraphBuilder' marked with @beta

Unstable API Usage: maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/LockFileFacade.java#L142

'com.google.common.graph.GraphBuilder' is marked unstable with @beta

Unstable API Usage: maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/LockFileFacade.java#L50

'putEdge(N, N)' is declared in unstable interface 'com.google.common.graph.MutableGraph' marked with @beta

Unstable API Usage: maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/LockFileFacade.java#L137

'com.google.common.graph.MutableGraph' is marked unstable with @beta

Unstable API Usage: maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/LockFileFacade.java#L137

'directed()' is declared in unstable class 'com.google.common.graph.GraphBuilder' marked with @beta

Unstable API Usage: maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/graph/DependencyGraph.java#L56

'com.google.common.graph.MutableGraph' is marked unstable with @beta

Unstable API Usage: maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/LockFileFacade.java#L39

'com.google.common.graph.MutableGraph' is marked unstable with @beta

Unstable API Usage: maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/LockFileFacade.java#L137

'com.google.common.graph.GraphBuilder' is marked unstable with @beta

Unstable API Usage: maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/graph/DependencyGraph.java#L60

'predecessors(N)' is declared in unstable interface 'com.google.common.graph.Graph' marked with @beta

Unstable API Usage: maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/LockFileFacade.java#L137

'build()' is declared in unstable class 'com.google.common.graph.GraphBuilder' marked with @beta

@NotNull/@Nullable problems: maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/graph/DependencyNode.java#L27

The generated code will use '@org.jetbrains.annotations.Nullable' instead of '@javax.annotation.Nullable'

Vulnerable declared dependency: maven_plugin/pom.xml#L67

Provides transitive vulnerable dependency maven:commons-io:commons-io:2.2 * [CVE-2021-29425](https://devhub.checkmarx.com/cve-details/CVE-2021-29425/?utm_source=jetbrains&utm_medium=referral&utm_campaign=idea) 4.8 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability Results powered by [Checkmarx](https://checkmarx.com)(c)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

⬆️(deps): Update dependency com.soebes.itf.jupiter.extension:… #512

Summary