Vulnerabilities in sonarQube version 9.6.1.59531

We are using 9.6.1 version of SonarQube , we scanned our files in Veracode . In the report we got there was several vulnerabilities issues in many of the jar versions .
We found that even in the latest version of SonarQube these jars have older version which have vulnerabilities issues with severity of high and medium.

Could you please suggest how to resolve these vulnerabilities issues because we cannot directly update these from our end.

Below are the details :-
jar in current version
h2-2.1.212.jar
postgresql-42.4.0.jar
snakeyaml-1.30.jar
netty-codec-4.1.66.Final.jar
netty-codec-http-4.1.66.Final.jar
protobuf-java-3.21.0-rc-1.jar
netty-handler-4.1.66.Final.jar
jackson-dataformat-cbor-2.10.4.jar

jar version recommended
h2-2.1.214.jar
snakeyaml-1.33.jar
netty-codec-5.0.0.Alpha2.jar
netty-codec-http-5.0.0.Alpha2.jar
protobuf-java-4.0.0-rc-2.jar
netty-handler-5.0.0.Alpha2.jar
jackson-dataformat-cbor-2.14.0-rc2.jar

Hey there.

Vulnerabilities in dependencies rarely result in a tangible vulnerability in SonarQube (we continuously run our own software component analysis and analyze whether or not a real vulnerability exists, and upgrade dependencies more often that not just to kill the noise).

Offering no comment on whether or not a real vulnerability exists in any of these dependencies that effects SonarQube – there are many dependency updates coming in v9.7 (scheduled for early this week) which should silence most of these. I would suggest upgrading once SonarQube v9.7 is announced (probably today).