Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 12.2.2
Report Generated On: Wed, 13 May 2026 09:31:14 -0400
Dependencies Scanned: 8 (8 unique)
Vulnerable Dependencies: 0
Vulnerabilities Found: 0
Vulnerabilities Suppressed: 0
...
NVD API Last Checked: 2026-05-13T09:30:51-04
NVD API Last Modified: 2026-05-13T00:24:29Z

Summary

Summary of Vulnerable Dependencies (click to show all)

Dependency	Package	Evidence Count
checker-qual-4.1.0.jar	pkg:maven/org.checkerframework/checker-qual@4.1.0	44
error_prone_annotations-2.49.0.jar	pkg:maven/com.google.errorprone/error_prone_annotations@2.49.0	29
j2objc-annotations-3.1.jar	pkg:maven/com.google.j2objc/j2objc-annotations@3.1	33
jsr305-3.0.2.jar	pkg:maven/com.google.code.findbugs/jsr305@3.0.2	17
lombok-1.18.46.jar: mavenEcjBootstrapAgent.jar		7
lombok-1.18.46.jar	pkg:maven/org.projectlombok/lombok@1.18.46	36
modernizer-maven-annotations-3.3.0.jar	pkg:maven/org.gaul/modernizer-maven-annotations@3.3.0	19
spotbugs-annotations-4.9.8.jar	pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8	53

Dependencies (vulnerable)

checker-qual-4.1.0.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmerwrites to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: https://opensource.org/licenses/MIT

File Path: C:\Users\Jeremy\.m2\repository\org\checkerframework\checker-qual\4.1.0\checker-qual-4.1.0.jar
MD5: 915efc242a44466cf82281e2229aaeb9
SHA1: 127f572d0f7e9dfb205bc4667dc361056e536c88
SHA256:a7e08a5400f6e1d97818ed01a8624473fee90b0ded941a44d190f1210c081790
Referenced In Project/Scope: gradle:compile
pkg:maven/com.github.hazendaz.gradle/gradle@9.5.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	checker-qual	High
Vendor	jar	package name	checker	Highest
Vendor	jar	package name	checkerframework	Highest
Vendor	jar	package name	framework	Highest
Vendor	jar	package name	qual	Highest
Vendor	Manifest	bundle-symbolicname	checker-qual	Medium
Vendor	Manifest	implementation-url	https://checkerframework.org	Low
Vendor	pom	artifactid	checker-qual	Highest
Vendor	pom	artifactid	checker-qual	Low
Vendor	pom	developer email	mernst@cs.washington.edu	Low
Vendor	pom	developer email	smillst@cs.washington.edu	Low
Vendor	pom	developer id	mernst	Medium
Vendor	pom	developer id	smillst	Medium
Vendor	pom	developer name	Michael Ernst	Medium
Vendor	pom	developer name	Suzanne Millstein	Medium
Vendor	pom	developer org	University of Washington	Medium
Vendor	pom	developer org URL	https://www.cs.washington.edu/	Medium
Vendor	pom	groupid	org.checkerframework	Highest
Vendor	pom	name	Checker Qual	High
Vendor	pom	url	https://checkerframework.org/	Highest
Product	file	name	checker-qual	High
Product	jar	package name	checker	Highest
Product	jar	package name	checkerframework	Highest
Product	jar	package name	framework	Highest
Product	jar	package name	qual	Highest
Product	Manifest	Bundle-Name	checker-qual	Medium
Product	Manifest	bundle-symbolicname	checker-qual	Medium
Product	Manifest	implementation-url	https://checkerframework.org	Low
Product	pom	artifactid	checker-qual	Highest
Product	pom	developer email	mernst@cs.washington.edu	Low
Product	pom	developer email	smillst@cs.washington.edu	Low
Product	pom	developer id	mernst	Low
Product	pom	developer id	smillst	Low
Product	pom	developer name	Michael Ernst	Low
Product	pom	developer name	Suzanne Millstein	Low
Product	pom	developer org	University of Washington	Low
Product	pom	developer org URL	https://www.cs.washington.edu/	Low
Product	pom	groupid	org.checkerframework	Highest
Product	pom	name	Checker Qual	High
Product	pom	url	https://checkerframework.org/	Medium
Version	file	version	4.1.0	High
Version	Manifest	Bundle-Version	4.1.0	High
Version	Manifest	Implementation-Version	4.1.0	High
Version	pom	version	4.1.0	Highest

Identifiers

pkg:maven/org.checkerframework/checker-qual@4.1.0 (Confidence:High)

error_prone_annotations-2.49.0.jar

Description:

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\com\google\errorprone\error_prone_annotations\2.49.0\error_prone_annotations-2.49.0.jar
MD5: f15f20dc5df752e2c0f8e37f7cdd9b1d
SHA1: 8b42a2e3865f6e0576da3fad51dbb96732ff0f14
SHA256:3b1003e51b8ae56fdbd7c71073e81d1683b97e6c4dff5a9151164d59b769d13c
Referenced In Project/Scope: gradle:provided
pkg:maven/com.github.hazendaz.gradle/gradle@9.5.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	error_prone_annotations	High
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	errorprone	Highest
Vendor	jar	package name	google	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	https://errorprone.info/error_prone_annotations	Low
Vendor	Manifest	bundle-symbolicname	com.google.errorprone.annotations	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	error_prone_annotations	Highest
Vendor	pom	artifactid	error_prone_annotations	Low
Vendor	pom	groupid	com.google.errorprone	Highest
Vendor	pom	name	error-prone annotations	High
Vendor	pom	parent-artifactid	error_prone_parent	Low
Product	file	name	error_prone_annotations	High
Product	jar	package name	annotations	Highest
Product	jar	package name	errorprone	Highest
Product	jar	package name	google	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	https://errorprone.info/error_prone_annotations	Low
Product	Manifest	Bundle-Name	error-prone annotations	Medium
Product	Manifest	bundle-symbolicname	com.google.errorprone.annotations	Medium
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	error_prone_annotations	Highest
Product	pom	groupid	com.google.errorprone	Highest
Product	pom	name	error-prone annotations	High
Product	pom	parent-artifactid	error_prone_parent	Medium
Version	file	version	2.49.0	High
Version	Manifest	Bundle-Version	2.49.0	High
Version	pom	version	2.49.0	Highest

Identifiers

pkg:maven/com.google.errorprone/error_prone_annotations@2.49.0 (Confidence:High)

j2objc-annotations-3.1.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\com\google\j2objc\j2objc-annotations\3.1\j2objc-annotations-3.1.jar
MD5: abe8bd3abff622b9a8b15c3a737aa741
SHA1: a892ca9507839bbdb900d64310ac98256cab992f
SHA256:84d3a150518485f8140ea99b8a985656749629f6433c92b80c75b36aba3b099b
Referenced In Project/Scope: gradle:provided
pkg:maven/com.github.hazendaz.gradle/gradle@9.5.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	j2objc-annotations	High
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	google	Highest
Vendor	jar	package name	j2objc	Highest
Vendor	Manifest	build-jdk-spec	22	Low
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	j2objc-annotations	Highest
Vendor	pom	artifactid	j2objc-annotations	Low
Vendor	pom	developer email	tball@google.com	Low
Vendor	pom	developer id	tomball	Medium
Vendor	pom	developer name	Tom Ball	Medium
Vendor	pom	developer org	Google	Medium
Vendor	pom	developer org URL	https://www.google.com	Medium
Vendor	pom	groupid	com.google.j2objc	Highest
Vendor	pom	name	J2ObjC Annotations	High
Vendor	pom	url	google/j2objc/	Highest
Product	file	name	j2objc-annotations	High
Product	jar	package name	annotations	Highest
Product	jar	package name	google	Highest
Product	jar	package name	j2objc	Highest
Product	Manifest	build-jdk-spec	22	Low
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	j2objc-annotations	Highest
Product	pom	developer email	tball@google.com	Low
Product	pom	developer id	tomball	Low
Product	pom	developer name	Tom Ball	Low
Product	pom	developer org	Google	Low
Product	pom	developer org URL	https://www.google.com	Low
Product	pom	groupid	com.google.j2objc	Highest
Product	pom	name	J2ObjC Annotations	High
Product	pom	url	google/j2objc/	High
Version	file	version	3.1	High
Version	pom	version	3.1	Highest

Identifiers

pkg:maven/com.google.j2objc/j2objc-annotations@3.1 (Confidence:High)

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\com\google\code\findbugs\jsr305\3.0.2\jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: gradle:provided
pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jsr305	High
Vendor	Manifest	bundle-symbolicname	org.jsr-305	Medium
Vendor	pom	artifactid	jsr305	Highest
Vendor	pom	artifactid	jsr305	Low
Vendor	pom	groupid	com.google.code.findbugs	Highest
Vendor	pom	name	FindBugs-jsr305	High
Vendor	pom	url	http://findbugs.sourceforge.net/	Highest
Product	file	name	jsr305	High
Product	Manifest	Bundle-Name	FindBugs-jsr305	Medium
Product	Manifest	bundle-symbolicname	org.jsr-305	Medium
Product	pom	artifactid	jsr305	Highest
Product	pom	groupid	com.google.code.findbugs	Highest
Product	pom	name	FindBugs-jsr305	High
Product	pom	url	http://findbugs.sourceforge.net/	Medium
Version	file	version	3.0.2	High
Version	Manifest	Bundle-Version	3.0.2	High
Version	pom	version	3.0.2	Highest

Identifiers

pkg:maven/com.google.code.findbugs/jsr305@3.0.2 (Confidence:High)

lombok-1.18.46.jar: mavenEcjBootstrapAgent.jar

File Path: C:\Users\Jeremy\.m2\repository\org\projectlombok\lombok\1.18.46\lombok-1.18.46.jar\lombok\launch\mavenEcjBootstrapAgent.jar
MD5: 8b80305e4846088e139701372844e637
SHA1: 4b03ce7b33d535b42e4a84e106c3647760eb8769
SHA256:639da94437813649eac5af6d8154d736355f27199fc8aaeda85904fce947ee4f
Referenced In Project/Scope: gradle:provided

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	mavenEcjBootstrapAgent	High
Vendor	jar	package name	launch	Low
Vendor	jar	package name	lombok	Low
Vendor	Manifest	can-redefine-classes	true	Low
Product	file	name	mavenEcjBootstrapAgent	High
Product	jar	package name	launch	Low
Product	Manifest	can-redefine-classes	true	Low

Identifiers

None

lombok-1.18.46.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE

File Path: C:\Users\Jeremy\.m2\repository\org\projectlombok\lombok\1.18.46\lombok-1.18.46.jar
MD5: e02f419a66b86c594ffcafc862778723
SHA1: a5cfe99fdf320e84955ef653f2ce1bf789d11385
SHA256:01f7b1a015e33e2b62d5f5f37053306357ab1415fd181fcba7794f5d198c1126
Referenced In Project/Scope: gradle:provided
pkg:maven/com.github.hazendaz.gradle/gradle@9.5.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	lombok	High
Vendor	jar	package name	java	Highest
Vendor	jar	package name	lombok	Highest
Vendor	jar	package name	tostring	Highest
Vendor	Manifest	automatic-module-name	lombok	Medium
Vendor	Manifest	can-redefine-classes	true	Low
Vendor	pom	artifactid	lombok	Highest
Vendor	pom	artifactid	lombok	Low
Vendor	pom	developer email	reinier@projectlombok.org	Low
Vendor	pom	developer email	roel@projectlombok.org	Low
Vendor	pom	developer id	rspilker	Medium
Vendor	pom	developer id	rzwitserloot	Medium
Vendor	pom	developer name	Reinier Zwitserloot	Medium
Vendor	pom	developer name	Roel Spilker	Medium
Vendor	pom	groupid	org.projectlombok	Highest
Vendor	pom	name	Project Lombok	High
Vendor	pom	url	https://projectlombok.org	Highest
Product	file	name	lombok	High
Product	jar	package name	java	Highest
Product	jar	package name	lombok	Highest
Product	jar	package name	tostring	Highest
Product	Manifest	automatic-module-name	lombok	Medium
Product	Manifest	can-redefine-classes	true	Low
Product	pom	artifactid	lombok	Highest
Product	pom	developer email	reinier@projectlombok.org	Low
Product	pom	developer email	roel@projectlombok.org	Low
Product	pom	developer id	rspilker	Low
Product	pom	developer id	rzwitserloot	Low
Product	pom	developer name	Reinier Zwitserloot	Low
Product	pom	developer name	Roel Spilker	Low
Product	pom	groupid	org.projectlombok	Highest
Product	pom	name	Project Lombok	High
Product	pom	url	https://projectlombok.org	Medium
Version	file	version	1.18.46	High
Version	Manifest	lombok-version	1.18.46	Medium
Version	pom	version	1.18.46	Highest

Identifiers

pkg:maven/org.projectlombok/lombok@1.18.46 (Confidence:High)

modernizer-maven-annotations-3.3.0.jar

File Path: C:\Users\Jeremy\.m2\repository\org\gaul\modernizer-maven-annotations\3.3.0\modernizer-maven-annotations-3.3.0.jar
MD5: b145d6fcbfce8a5556c2d4859490be6b
SHA1: dbe5ac52c78408f6c86d2bc726f90ad6c4c5f09b
SHA256:a6a5b63dc2450922eb7c22e8cee674af0e847a4b2f06f0ff2de183dc8a27c138
Referenced In Project/Scope: gradle:provided
modernizer-maven-annotations-3.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.gradle/gradle@9.5.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	modernizer-maven-annotations	High
Vendor	jar	package name	gaul	Highest
Vendor	Manifest	build-jdk-spec	25	Low
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	modernizer-maven-annotations	Highest
Vendor	pom	artifactid	modernizer-maven-annotations	Low
Vendor	pom	groupid	org.gaul	Highest
Vendor	pom	name	Modernizer Maven Plugin annotations	High
Vendor	pom	parent-artifactid	modernizer-maven-parent	Low
Product	file	name	modernizer-maven-annotations	High
Product	jar	package name	gaul	Highest
Product	Manifest	build-jdk-spec	25	Low
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	modernizer-maven-annotations	Highest
Product	pom	groupid	org.gaul	Highest
Product	pom	name	Modernizer Maven Plugin annotations	High
Product	pom	parent-artifactid	modernizer-maven-parent	Medium
Version	file	version	3.3.0	High
Version	pom	version	3.3.0	Highest

Identifiers

pkg:maven/org.gaul/modernizer-maven-annotations@3.3.0 (Confidence:High)

spotbugs-annotations-4.9.8.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html

File Path: C:\Users\Jeremy\.m2\repository\com\github\spotbugs\spotbugs-annotations\4.9.8\spotbugs-annotations-4.9.8.jar
MD5: d4c2e7bd090be697ad409a4e75684a94
SHA1: ca4a2783a6123e67124fd7feb4caccd2e2ac9a73
SHA256:6f69d6fe9c55a54dcb30e87d8fa2d5f52246af50d7a3445246d9539ef221be1c
Referenced In Project/Scope: gradle:provided
pkg:maven/com.github.hazendaz.gradle/gradle@9.5.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spotbugs-annotations	High
Vendor	Manifest	automatic-module-name	com.github.spotbugs.annotations	Medium
Vendor	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.8	Low
Vendor	Manifest	bundle-symbolicname	spotbugs-annotations	Medium
Vendor	pom	artifactid	spotbugs-annotations	Highest
Vendor	pom	artifactid	spotbugs-annotations	Low
Vendor	pom	developer email	andreas.sewe@codetrails.com	Low
Vendor	pom	developer email	dbrosius@mebigfatguy.com	Low
Vendor	pom	developer email	loskutov@gmx.de	Low
Vendor	pom	developer email	skypencil@gmail.com	Low
Vendor	pom	developer id	henrik242	Medium
Vendor	pom	developer id	iloveeclipse	Medium
Vendor	pom	developer id	jsotuyod	Medium
Vendor	pom	developer id	KengoTODA	Medium
Vendor	pom	developer id	mebigfatguy	Medium
Vendor	pom	developer id	sewe	Medium
Vendor	pom	developer id	ThrawnCA	Medium
Vendor	pom	developer name	Andreas Sewe	Medium
Vendor	pom	developer name	Andrey Loskutov	Medium
Vendor	pom	developer name	Dave Brosius	Medium
Vendor	pom	developer name	Juan Martín Sotuyo Dodero	Medium
Vendor	pom	developer name	Kengo TODA	Medium
Vendor	pom	groupid	com.github.spotbugs	Highest
Vendor	pom	name	SpotBugs Annotations	High
Vendor	pom	url	https://spotbugs.github.io/	Highest
Product	file	name	spotbugs-annotations	High
Product	Manifest	automatic-module-name	com.github.spotbugs.annotations	Medium
Product	Manifest	Bundle-Name	spotbugs-annotations	Medium
Product	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.8	Low
Product	Manifest	bundle-symbolicname	spotbugs-annotations	Medium
Product	pom	artifactid	spotbugs-annotations	Highest
Product	pom	developer email	andreas.sewe@codetrails.com	Low
Product	pom	developer email	dbrosius@mebigfatguy.com	Low
Product	pom	developer email	loskutov@gmx.de	Low
Product	pom	developer email	skypencil@gmail.com	Low
Product	pom	developer id	henrik242	Low
Product	pom	developer id	iloveeclipse	Low
Product	pom	developer id	jsotuyod	Low
Product	pom	developer id	KengoTODA	Low
Product	pom	developer id	mebigfatguy	Low
Product	pom	developer id	sewe	Low
Product	pom	developer id	ThrawnCA	Low
Product	pom	developer name	Andreas Sewe	Low
Product	pom	developer name	Andrey Loskutov	Low
Product	pom	developer name	Dave Brosius	Low
Product	pom	developer name	Juan Martín Sotuyo Dodero	Low
Product	pom	developer name	Kengo TODA	Low
Product	pom	groupid	com.github.spotbugs	Highest
Product	pom	name	SpotBugs Annotations	High
Product	pom	url	https://spotbugs.github.io/	Medium
Version	file	version	4.9.8	High
Version	Manifest	Bundle-Version	4.9.8	High
Version	pom	version	4.9.8	Highest

Identifiers

pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8 (Confidence:High)

How to read the report | Suppressing false positives | Getting Help: github issues

Project: gradle

com.github.hazendaz.gradle:gradle:9.5.1

Summary

Dependencies (vulnerable)

checker-qual-4.1.0.jar

Evidence

Identifiers

error_prone_annotations-2.49.0.jar

Evidence

Identifiers

j2objc-annotations-3.1.jar

Evidence

Identifiers

jsr305-3.0.2.jar

Evidence

Identifiers

lombok-1.18.46.jar: mavenEcjBootstrapAgent.jar

Evidence

Identifiers

lombok-1.18.46.jar

Evidence

Identifiers

modernizer-maven-annotations-3.3.0.jar

Evidence

Identifiers

spotbugs-annotations-4.9.8.jar

Evidence

Identifiers