• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

grobidOrg / grobid / 28218474081
39%

Build:
DEFAULT BRANCH: master
Ran 26 Jun 2026 05:21AM UTC
Jobs 1
Files 325
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

26 Jun 2026 05:07AM UTC coverage: 38.625% (+0.003%) from 38.622%
28218474081

push

github

web-flow
Update dependencies (Trivvy new critical issues and unused) (#1469)

- JLine telnet DoS (GHSA-47qp-hqvx-6r3f, GHSA-2r2c-cx56-8933): progressbar
transitively pulled the org.jline:jline uber-jar, which bundles the
vulnerable remote-telnet server. GROBID never runs a telnet server and
progressbar only uses the terminal API, so the uber-jar is excluded and
only jline-terminal is kept, removing the vulnerable module.

- jackson-databind < 2.21.4 (in the 2.21.x line) is affected by
CVE-2026-54513: BasicPolymorphicTypeValidator.allowIfSubTypeIsArray()
allowlists array types without validating their component type, so a
non-allowlisted EvilType[] can bypass an otherwise restrictive PTV.

- GROBID does not use the vulnerable polymorphic-typing API, so this is a
precautionary bump that also clears the Trivy alert. All four pinned
jackson modules (core, databind, afterburner, dataformat-yaml) are moved
2.21.3 -> 2.21.4 together to stay aligned.

- Drop unused dependencies (mockk, commons-dbutils, jackson-afterburner,
javax.activation, stringmetric_2.10) and demote jsonic to runtimeOnly
since it is only needed by the langdetect localLib at runtime, not on
grobid-core's compile API.

- Replace deprecated COARS filter with modern and compatible plumbing

---------

Signed-off-by: Luca Foppiano <luca@foppiano.org>

8670 of 24962 branches covered (34.73%)

Branch coverage included in aggregate %.

18456 of 45267 relevant lines covered (40.77%)

1.65 hits per line

Coverage Regressions

Lines Coverage ∆ File
11
57.14
0.89% org/grobid/service/main/GrobidServiceApplication.java
Jobs
ID Job ID Ran Files Coverage
1 28218474081.1 26 Jun 2026 05:21AM UTC 325
38.63
GitHub Action Run
Source Files on build 28218474081
  • Tree
  • List 325
  • Changed 1
  • Source Changed 0
  • Coverage Changed 1
Coverage ∆ File Lines Relevant Covered Missed Hits/Line Branch Hits Branch Misses
  • Back to Repo
  • Github Actions Build #28218474081
  • 65312299 on github
  • Prev Build on master (#28201449161)
  • Next Build on master (#28229525583)
  • Delete
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc