From 212a04ba7145e9ccb9f1d69209fedcb47e2fbeff Mon Sep 17 00:00:00 2001 From: Jack Spagnoli Date: Fri, 24 Apr 2026 13:34:26 +0000 Subject: [PATCH 1/5] force build From 44cc418b56effe1f9617ff21a7bd3c76c83c464b Mon Sep 17 00:00:00 2001 From: Jack Spagnoli Date: Fri, 24 Apr 2026 15:19:28 +0000 Subject: [PATCH 2/5] adds high vulnerability --- .grype.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.grype.yaml b/.grype.yaml index 131db9e..edef1a3 100644 --- a/.grype.yaml +++ b/.grype.yaml @@ -38,6 +38,7 @@ ignore: - vulnerability: CVE-2026-6100 - vulnerability: CVE-2026-4786 - vulnerability: GHSA-pc3f-x583-g7j2 + - vulnerability: CVE-2026-3298 # node_24 vulnerabilities - vulnerability: GHSA-c2c7-rcm5-vvqj - vulnerability: GHSA-7r86-cg39-jmmj From 426bab7122dd1df8b4ad0ff6858efb018210f965 Mon Sep 17 00:00:00 2001 From: Jack Spagnoli Date: Mon, 27 Apr 2026 08:25:47 +0000 Subject: [PATCH 3/5] grype --- .grype.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/.grype.yaml b/.grype.yaml index edef1a3..19fe647 100644 --- a/.grype.yaml +++ b/.grype.yaml @@ -56,6 +56,14 @@ ignore: - vulnerability: CVE-2025-68119 # eps-data-extract vulnerabilities - vulnerability: GHSA-6fmv-xxpf-w3cw + - vulnerability: CVE-2026-34282 + package: + name: openjdk + version: 17.0.18+8 + - vulnerability: CVE-2026-22016 + package: + name: openjdk + version: 17.0.18+8 # fhir-facade vulnerabilities - vulnerability: CVE-2022-26485 - vulnerability: CVE-2022-26486 @@ -71,6 +79,13 @@ ignore: - vulnerability: CVE-2025-53066 - vulnerability: CVE-2026-21945 - vulnerability: CVE-2026-21932 + package: + name: openjdk + version: 20.0.2+9-78 + - vulnerability: CVE-2026-22016 + package: + name: openjdk + version: 20.0.2+9-78 # node-24_python_3_14_java_24 vulnerabilities - vulnerability: GHSA-6fmv-xxpf-w3cw - vulnerability: CVE-2025-53066 @@ -78,3 +93,11 @@ ignore: - vulnerability: CVE-2026-21932 - vulnerability: CVE-2026-27143 - vulnerability: CVE-2026-27144 + - vulnerability: CVE-2026-34282 + package: + name: openjdk + version: 24.0.2+12 + - vulnerability: CVE-2026-22016 + package: + name: openjdk + version: 24.0.2+12 From 20a09368ac2775d1e8ba825d2d38d512200de871 Mon Sep 17 00:00:00 2001 From: Jack Spagnoli Date: Mon, 27 Apr 2026 09:18:50 +0000 Subject: [PATCH 4/5] grype --- .grype.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.grype.yaml b/.grype.yaml index 19fe647..ddcde27 100644 --- a/.grype.yaml +++ b/.grype.yaml @@ -39,6 +39,14 @@ ignore: - vulnerability: CVE-2026-4786 - vulnerability: GHSA-pc3f-x583-g7j2 - vulnerability: CVE-2026-3298 + - vulnerability: GHSA-q339-8rmv-2mhv + package: + name: erb + version: 4.0.3 + - vulnerability: GHSA-mh2q-q3fh-2475 + package: + name: go.opentelemetry.io/otel + version: v1.40.0 # node_24 vulnerabilities - vulnerability: GHSA-c2c7-rcm5-vvqj - vulnerability: GHSA-7r86-cg39-jmmj From f96e389352463d0e7b343b4c899346c205e6012c Mon Sep 17 00:00:00 2001 From: Jack Spagnoli Date: Mon, 27 Apr 2026 10:36:17 +0000 Subject: [PATCH 5/5] grype --- .grype.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.grype.yaml b/.grype.yaml index ddcde27..31ad0fb 100644 --- a/.grype.yaml +++ b/.grype.yaml @@ -62,6 +62,14 @@ ignore: - vulnerability: GHSA-2599-h6xx-hpxp # eps-storage-terraform vulnerabilities - vulnerability: CVE-2025-68119 + - vulnerability: GHSA-mh2q-q3fh-2475 + package: + name: go.opentelemetry.io/otel + version: v1.38.0 + - vulnerability: GHSA-mh2q-q3fh-2475 + package: + name: go.opentelemetry.io/otel + version: v1.39.0 # eps-data-extract vulnerabilities - vulnerability: GHSA-6fmv-xxpf-w3cw - vulnerability: CVE-2026-34282 @@ -94,6 +102,14 @@ ignore: package: name: openjdk version: 20.0.2+9-78 + - vulnerability: CVE-2026-34282 + package: + name: jdk + version: 20.0.2+9-78 + - vulnerability: CVE-2026-22016 + package: + name: jdk + version: 20.0.2+9-78 # node-24_python_3_14_java_24 vulnerabilities - vulnerability: GHSA-6fmv-xxpf-w3cw - vulnerability: CVE-2025-53066